From: Sam Vilain <sam@vilain.net>
To: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Cc: John Peacock <john.peacock@havurah-software.org>,
Rafael Garcia-Suarez <rgarciasuarez@gmail.com>,
Perl 5 Porters <perl5-porters@perl.org>,
Martin.Langhoff@gmail.com, Junio C Hamano <junkio@cox.net>,
git@vger.kernel.org
Subject: Re: Switching to Git
Date: Fri, 07 Mar 2008 11:08:23 +1300 [thread overview]
Message-ID: <47D06B57.4090607@vilain.net> (raw)
In-Reply-To: <51dd1af80803061300y1a2abcf2n9b9d3184e4ed42b2@mail.gmail.com>
Ævar Arnfjörð Bjarmason wrote:
> Yes see [1] it works but the list members wanted some tool to manage
> passwords too which I didn't pursue since it worked for me in its
> present form.
>
> 1. http://lists-archives.org/git/640574-authentication-support-for-pserver.html
Cool, well done. Having re-read that thread, I think Martin Langhoff's
response
http://lists-archives.org/git/641074-authentication-support-for-pserver.html
is the most pertinent. I didn't see any requests for an actual tool to
be written, just that the password file be separate to the git config
file, and/or use crypt() to store its contents. Perhaps point them at
"htpasswd" if they want a tool :)
This patch is untested and sits on top of the previous patch by Ævar.
Pullable from git://git.catalyst.net.nz/git.git#cvsserver-auth
Subject: [PATCH] git-cvsserver: use a password file cvsserver pserver
If a git repository is shared via HTTP, the config file is typically
visible. Use an external file instead.
---
Documentation/git-cvsserver.txt | 21 ++++++++++++++++-----
git-cvsserver.perl | 27 ++++++++++++++-------------
2 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt
index 98183d4..c642f12 100644
--- a/Documentation/git-cvsserver.txt
+++ b/Documentation/git-cvsserver.txt
@@ -97,16 +97,27 @@ looks like
------
Only anonymous access is provided by pserve by default. To commit you
-will have to create pserver accounts, simply add a [gitcvs.users]
-section to the repositories you want to access, for example:
+will have to create pserver accounts, simply add a gitcvs.authdb
+setting in the config file of the repositories you want the cvsserver
+to allow writes to, for example:
------
- [gitcvs.users]
- someuser = somepassword
- otheruser = otherpassword
+ [gitcvs]
+ authdb = /etc/cvsserver/passwd
------
+The format of these files is username followed by the crypted password,
+for example:
+
+------
+ myuser:$1Oyx5r9mdGZ2
+ myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./
+------
+You can use the 'htpasswd' facility that comes with Apache to make these
+files, but Apache's MD5 crypt method differs from the one used by most C
+library's crypt() function, so don't use the -m option.
+
Then provide your password via the pserver method, for example:
------
cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name>
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 9bc2ff5..e54cbcd 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -156,24 +156,25 @@ if ($state->{method} eq 'pserver') {
unless ($user eq 'anonymous') {
# Trying to authenticate a user
- if (not exists $cfg->{gitcvs}->{users}) {
- print "E the repo config file needs a [gitcvs.users] section with user/password key-value pairs\n";
+ if (not exists $cfg->{gitcvs}->{authdb}) {
+ print "E the repo config file needs a [gitcvs.authdb] section with a filename\n";
print "I HATE YOU\n";
exit 1;
- } elsif (exists $cfg->{gitcvs}->{users} and not exists $cfg->{gitcvs}->{users}->{$user}) {
- #print "E the repo config file has a [gitcvs.users] section but the user $user is not defined in it\n";
+ }
+ my $auth_ok;
+ open PASSWD, "<$cfg->{gitcvs}->{authdb}" or die $!;
+ while(<PASSWD>) {
+ if (m{^\Q$user\E:(.*)}) {
+ if (crypt($user, $1) eq $1) {
+ $auth_ok = 1;
+ }
+ };
+ }
+ unless ($auth_ok) {
print "I HATE YOU\n";
exit 1;
- } else {
- my $descrambled_password = descramble($password);
- my $cleartext_password = $cfg->{gitcvs}->{users}->{$user};
- if ($descrambled_password ne $cleartext_password) {
- #print "E The password supplied for user $user was incorrect\n";
- print "I HATE YOU\n";
- exit 1;
- }
- # else fall through to LOVE
}
+ # else fall through to LOVE
}
# For checking whether the user is anonymous on commit
--
1.5.3.5
next parent reply other threads:[~2008-03-06 22:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b77c1dce0803060447m12cf2ed9v2dbe17ed59e6073@mail.gmail.com>
[not found] ` <47D01A57.60701@havurah-software.org>
[not found] ` <51dd1af80803060858t5cb3d54ek3ee420ea313625ec@mail.gmail.com>
[not found] ` <47D05229.2070900@vilain.net>
[not found] ` <51dd1af80803061300y1a2abcf2n9b9d3184e4ed42b2@mail.gmail.com>
2008-03-06 22:08 ` Sam Vilain [this message]
2008-03-07 0:45 ` Switching to Git Ævar Arnfjörð Bjarmason
2008-03-07 12:39 ` Ævar Arnfjörð Bjarmason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47D06B57.4090607@vilain.net \
--to=sam@vilain.net \
--cc=Martin.Langhoff@gmail.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=john.peacock@havurah-software.org \
--cc=junkio@cox.net \
--cc=perl5-porters@perl.org \
--cc=rgarciasuarez@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).