[PATCH] git-cvsserver: pserver-auth-script

["László ÁSHIN" <laszlo.ashin@neti.hu>]

Hi,

The following patch makes git-cvsserver capable of authenticating users through an external executable script using pserver method.
The script can be specified in the gitcvs section of the config file:
[gitcvs]
	enabled = 1
	authscript = /some/where/script.sh

The script, itself will get username and password on its standard input, so it can look like something like this:

#!/bin/sh
read username
read password

wbinfo -a "$username%$password"

--
Only a return value of zero means a successful authentication.

Please comment and keep me on cc.

-- 
Regards,
László Áshin

diff -ruN a/git-cvsserver b/git-cvsserver
--- a/git-cvsserver	2010-07-01 15:31:18.000000000 +0200
+++ b/git-cvsserver	2010-07-01 15:35:41.000000000 +0200
@@ -200,35 +200,54 @@
         # Fall through to LOVE
     } else {
         # Trying to authenticate a user
-        if (not exists $cfg->{gitcvs}->{authdb}) {
-            print "E the repo config file needs a [gitcvs] section with an 'authdb' parameter set to the filename of the authentication database\n";
-            print "I HATE YOU\n";
-            exit 1;
-        }
-
-        my $authdb = $cfg->{gitcvs}->{authdb};
-
-        unless (-e $authdb) {
-            print "E The authentication database specified in [gitcvs.authdb] does not exist\n";
-            print "I HATE YOU\n";
-            exit 1;
-        }
-
-        my $auth_ok;
-        open my $passwd, "<", $authdb or die $!;
-        while (<$passwd>) {
-            if (m{^\Q$user\E:(.*)}) {
-                if (crypt($user, descramble($password)) eq $1) {
-                    $auth_ok = 1;
-                }
-            };
-        }
-        close $passwd;
+        if (exists $cfg->{gitcvs}->{authscript}) {
+            my $authscript = $cfg->{gitcvs}->{authscript};
+            unless (-x $authscript) {
+                print "E The authentication script specified in [gitcvs.authscript] cannot be executed\n";
+                print "I HATE YOU\n";
+                exit 1;
+            }
+
+            open SCRIPTIN, '|' . $authscript or die $!;
+            print SCRIPTIN $user . "\n";
+            print SCRIPTIN descramble($password) . "\n";
+            close SCRIPTIN;
+            if ($? != 0) {
+                print "E External script authentication failed.\n";
+                print "I HATE YOU\n";
+                exit 1;
+            }
+        } else {
+            if (not exists $cfg->{gitcvs}->{authdb}) {
+                print "E the repo config file needs a [gitcvs] section with an 'authdb' parameter set to the filename of the authentication database\n";
+                print "I HATE YOU\n";
+                exit 1;
+            }
+
+            my $authdb = $cfg->{gitcvs}->{authdb};
+
+            unless (-e $authdb) {
+                print "E The authentication database specified in [gitcvs.authdb] does not exist\n";
+                print "I HATE YOU\n";
+                exit 1;
+            }
+
+            my $auth_ok;
+            open my $passwd, "<", $authdb or die $!;
+            while (<$passwd>) {
+                if (m{^\Q$user\E:(.*)}) {
+                    if (crypt($user, descramble($password)) eq $1) {
+                        $auth_ok = 1;
+                    }
+                };
+            }
+            close $passwd;
 
-        unless ($auth_ok) {
-            print "I HATE YOU\n";
-            exit 1;
-        }
+            unless ($auth_ok) {
+                print "I HATE YOU\n";
+                exit 1;
+            }
+	}
 
         # Fall through to LOVE
     }