From: Sam Vilain <sam@vilain.net>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Cc: John Peacock <john.peacock@havurah-software.org>,
Rafael Garcia-Suarez <rgarciasuarez@gmail.com>,
Perl 5 Porters <perl5-porters@perl.org>,
Martin.Langhoff@gmail.com, Junio C Hamano <junkio@cox.net>,
git@vger.kernel.org
Subject: Re: Switching to Git
Date: Fri, 07 Mar 2008 11:08:23 +1300 [thread overview]
Message-ID: <47D06B57.4090607@vilain.net> (raw)
In-Reply-To: <51dd1af80803061300y1a2abcf2n9b9d3184e4ed42b2@mail.gmail.com>
Ævar Arnfjörð Bjarmason wrote:
> Yes see [1] it works but the list members wanted some tool to manage
> passwords too which I didn't pursue since it worked for me in its
> present form.
>
> 1. http://lists-archives.org/git/640574-authentication-support-for-pserver.html
Cool, well done. Having re-read that thread, I think Martin Langhoff's
response
http://lists-archives.org/git/641074-authentication-support-for-pserver.html
is the most pertinent. I didn't see any requests for an actual tool to
be written, just that the password file be separate to the git config
file, and/or use crypt() to store its contents. Perhaps point them at
"htpasswd" if they want a tool :)
This patch is untested and sits on top of the previous patch by Ævar.
Pullable from git://git.catalyst.net.nz/git.git#cvsserver-auth
Subject: [PATCH] git-cvsserver: use a password file cvsserver pserver
If a git repository is shared via HTTP, the config file is typically
visible. Use an external file instead.
---
Documentation/git-cvsserver.txt | 21 ++++++++++++++++-----
git-cvsserver.perl | 27 ++++++++++++++-------------
2 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt
index 98183d4..c642f12 100644
--- a/Documentation/git-cvsserver.txt
+++ b/Documentation/git-cvsserver.txt
@@ -97,16 +97,27 @@ looks like
------
Only anonymous access is provided by pserve by default. To commit you
-will have to create pserver accounts, simply add a [gitcvs.users]
-section to the repositories you want to access, for example:
+will have to create pserver accounts, simply add a gitcvs.authdb
+setting in the config file of the repositories you want the cvsserver
+to allow writes to, for example:
------
- [gitcvs.users]
- someuser = somepassword
- otheruser = otherpassword
+ [gitcvs]
+ authdb = /etc/cvsserver/passwd
------
+The format of these files is username followed by the crypted password,
+for example:
+
+------
+ myuser:$1Oyx5r9mdGZ2
+ myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./
+------
+You can use the 'htpasswd' facility that comes with Apache to make these
+files, but Apache's MD5 crypt method differs from the one used by most C
+library's crypt() function, so don't use the -m option.
+
Then provide your password via the pserver method, for example:
------
cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name>
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 9bc2ff5..e54cbcd 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -156,24 +156,25 @@ if ($state->{method} eq 'pserver') {
unless ($user eq 'anonymous') {
# Trying to authenticate a user
- if (not exists $cfg->{gitcvs}->{users}) {
- print "E the repo config file needs a [gitcvs.users] section with user/password key-value pairs\n";
+ if (not exists $cfg->{gitcvs}->{authdb}) {
+ print "E the repo config file needs a [gitcvs.authdb] section with a filename\n";
print "I HATE YOU\n";
exit 1;
- } elsif (exists $cfg->{gitcvs}->{users} and not exists $cfg->{gitcvs}->{users}->{$user}) {
- #print "E the repo config file has a [gitcvs.users] section but the user $user is not defined in it\n";
+ }
+ my $auth_ok;
+ open PASSWD, "<$cfg->{gitcvs}->{authdb}" or die $!;
+ while(<PASSWD>) {
+ if (m{^\Q$user\E:(.*)}) {
+ if (crypt($user, $1) eq $1) {
+ $auth_ok = 1;
+ }
+ };
+ }
+ unless ($auth_ok) {
print "I HATE YOU\n";
exit 1;
- } else {
- my $descrambled_password = descramble($password);
- my $cleartext_password = $cfg->{gitcvs}->{users}->{$user};
- if ($descrambled_password ne $cleartext_password) {
- #print "E The password supplied for user $user was incorrect\n";
- print "I HATE YOU\n";
- exit 1;
- }
- # else fall through to LOVE
}
+ # else fall through to LOVE
}
# For checking whether the user is anonymous on commit
--
1.5.3.5
next parent reply other threads:[~2008-03-06 22:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b77c1dce0803060447m12cf2ed9v2dbe17ed59e6073@mail.gmail.com>
[not found] ` <47D01A57.60701@havurah-software.org>
[not found] ` <51dd1af80803060858t5cb3d54ek3ee420ea313625ec@mail.gmail.com>
[not found] ` <47D05229.2070900@vilain.net>
[not found] ` <51dd1af80803061300y1a2abcf2n9b9d3184e4ed42b2@mail.gmail.com>
2008-03-06 22:08 ` Sam Vilain [this message]
2008-03-07 0:45 ` Switching to Git Ævar Arnfjörð Bjarmason
2008-03-07 12:39 ` Ævar Arnfjörð Bjarmason
2006-04-11 23:28 Switching to GIT David Woodhouse
2006-04-18 2:14 ` David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47D06B57.4090607@vilain.net \
--to=sam@vilain.net \
--cc=Martin.Langhoff@gmail.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=john.peacock@havurah-software.org \
--cc=junkio@cox.net \
--cc=perl5-porters@perl.org \
--cc=rgarciasuarez@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.