[PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Dirk Hörner]

Instead of a cleartext password, the CVS pserver expects a scrambled one
in the authentication request. With this patch it is possible to import
CVS repositories only accessible via pserver and user/password.

Signed-off-by: Dirk Hoerner <dirker@gmail.com>
---
  git-cvsimport.perl |   39 ++++++++++++++++++++++++++++++++++++++-
  1 files changed, 38 insertions(+), 1 deletions(-)

diff --git a/git-cvsimport.perl b/git-cvsimport.perl
index e439202..593832d 100755
--- a/git-cvsimport.perl
+++ b/git-cvsimport.perl
@@ -252,7 +252,8 @@ sub conn {
  				}
  			};
  		}
-		$pass="A" unless $pass;
+
+		$pass = $self->_scramble($pass);

  		my ($s, $rep);
  		if ($proxyhost) {
@@ -484,6 +485,42 @@ sub _fetchfile {
  	return $res;
  }

+sub _scramble {
+	my ($self, $pass) = @_;
+	my $scrambled = "A";
+
+	return $scrambled unless $pass;
+
+	my $pass_len = length($pass);
+	my @pass_arr = split("", $pass);
+	my $i;
+
+	# from cvs/src/scramble.c
+	my @shifts = (
+		  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
+		 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+		114,120, 53, 79, 96,109, 72,108, 70, 64, 76, 67,116, 74, 68, 87,
+		111, 52, 75,119, 49, 34, 82, 81, 95, 65,112, 86,118,110,122,105,
+		 41, 57, 83, 43, 46,102, 40, 89, 38,103, 45, 50, 42,123, 91, 35,
+		125, 55, 54, 66,124,126, 59, 47, 92, 71,115, 78, 88,107,106, 56,
+		 36,121,117,104,101,100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
+		 58,113, 32, 90, 44, 98, 60, 51, 33, 97, 62, 77, 84, 80, 85,223,
+		225,216,187,166,229,189,222,188,141,249,148,200,184,136,248,190,
+		199,170,181,204,138,232,218,183,255,234,220,247,213,203,226,193,
+		174,172,228,252,217,201,131,230,197,211,145,238,161,179,160,212,
+		207,221,254,173,202,146,224,151,140,196,205,130,135,133,143,246,
+		192,159,244,239,185,168,215,144,139,165,180,157,147,186,214,176,
+		227,231,219,169,175,156,206,198,129,164,150,210,154,177,134,127,
+		182,128,158,208,162,132,167,209,149,241,153,251,237,236,171,195,
+		243,233,253,240,194,250,191,155,142,137,245,235,163,242,178,152
+	);
+
+	for ($i = 0; $i < $pass_len; $i++) {
+		$scrambled .= pack("C", $shifts[ord($pass_arr[$i])]);
+	}
+
+	return $scrambled;
+}

  package main;

-- 
1.6.0.4.837.gae258

Re: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Johannes Schindelin]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 332 bytes --]

Hi,

On Fri, 28 Nov 2008, Dirk Hörner wrote:

> Instead of a cleartext password, the CVS pserver expects a scrambled one 
> in the authentication request. With this patch it is possible to import 
> CVS repositories only accessible via pserver and user/password.

The patch looks obvious enough; care to add a testcase?

Ciao,
Dscho

Re: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Nanako Shiraishi]

Quoting Dirk Hörner:

> Instead of a cleartext password, the CVS pserver expects a scrambled one
> in the authentication request. With this patch it is possible to import
> CVS repositories only accessible via pserver and user/password.
> 
> Signed-off-by: Dirk Hoerner <dirker@gmail.com>

Junio, may I ask what happened to this patch?

-- 
Nanako Shiraishi
http://ivory.ap.teacup.com/nanako3/

Re: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Junio C Hamano]

Nanako Shiraishi <nanako3@lavabit.com> writes:

> Quoting Dirk Hörner:
>
>> Instead of a cleartext password, the CVS pserver expects a scrambled one
>> in the authentication request. With this patch it is possible to import
>> CVS repositories only accessible via pserver and user/password.
>> 
>> Signed-off-by: Dirk Hoerner <dirker@gmail.com>
>
> Junio, may I ask what happened to this patch?

I do not use cvs emulation myself, nor pserver access, and I actually have
been waiting for people who do use pserver access to report breakages and
people pointing this patch out.

Re: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Johannes Schindelin]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 822 bytes --]

Hi,

On Sat, 11 Apr 2009, Junio C Hamano wrote:

> Nanako Shiraishi <nanako3@lavabit.com> writes:
> 
> > Quoting Dirk Hörner:
> >
> >> Instead of a cleartext password, the CVS pserver expects a scrambled one
> >> in the authentication request. With this patch it is possible to import
> >> CVS repositories only accessible via pserver and user/password.
> >> 
> >> Signed-off-by: Dirk Hoerner <dirker@gmail.com>
> >
> > Junio, may I ask what happened to this patch?
> 
> I do not use cvs emulation myself, nor pserver access, and I actually have
> been waiting for people who do use pserver access to report breakages and
> people pointing this patch out.

I really think it would be good if this patch was amended with a simple 
and quick test. Using the stdin/stdout server method, it should not be 
hard.

Ciao,
Dscho

Re: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Dirk Hörner]

[-- Attachment #1: Type: text/plain, Size: 1179 bytes --]

Hi all,

sorry for the long delay, but I finally sat down, hacked two testcases
and amended the patch after rebasing to the most recent HEAD. Find it
attached to this mail.

Ciao,
Dirk

On Thu, Aug 13, 2009 at 6:43 PM, Johannes Schindelin
<Johannes.Schindelin@gmx.de> wrote:
>
> Hi,
>
> On Sat, 11 Apr 2009, Junio C Hamano wrote:
>
> > Nanako Shiraishi <nanako3@lavabit.com> writes:
> >
> > > Quoting Dirk Hörner:
> > >
> > >> Instead of a cleartext password, the CVS pserver expects a scrambled one
> > >> in the authentication request. With this patch it is possible to import
> > >> CVS repositories only accessible via pserver and user/password.
> > >>
> > >> Signed-off-by: Dirk Hoerner <dirker@gmail.com>
> > >
> > > Junio, may I ask what happened to this patch?
> >
> > I do not use cvs emulation myself, nor pserver access, and I actually have
> > been waiting for people who do use pserver access to report breakages and
> > people pointing this patch out.
>
> I really think it would be good if this patch was amended with a simple
> and quick test. Using the stdin/stdout server method, it should not be
> hard.
>
> Ciao,
> Dscho

[-- Attachment #2: 0001-git-cvsimport-add-support-for-cvs-pserver-password-s.patch --]
[-- Type: application/octet-stream, Size: 3611 bytes --]

From 2f3deea40def04286f0483bd33a5756ac233838a Mon Sep 17 00:00:00 2001
From: Dirk Hoerner <dirker@gmail.com>
Date: Fri, 28 Nov 2008 19:11:38 +0200
Subject: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

Instead of a cleartext password, the CVS pserver expects a scrambled one
in the authentication request. With this patch it is possible to import
CVS repositories only accessible via pserver and user/password.

Signed-off-by: Dirk Hoerner <dirker@gmail.com>
---
 git-cvsimport.perl   |   39 ++++++++++++++++++++++++++++++++++++++-
 t/t9600-cvsimport.sh |   41 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+), 1 deletions(-)

diff --git a/git-cvsimport.perl b/git-cvsimport.perl
index e439202..593832d 100755
--- a/git-cvsimport.perl
+++ b/git-cvsimport.perl
@@ -252,7 +252,8 @@ sub conn {
 				}
 			};
 		}
-		$pass="A" unless $pass;
+
+		$pass = $self->_scramble($pass);
 
 		my ($s, $rep);
 		if ($proxyhost) {
@@ -484,6 +485,42 @@ sub _fetchfile {
 	return $res;
 }
 
+sub _scramble {
+	my ($self, $pass) = @_;
+	my $scrambled = "A";
+
+	return $scrambled unless $pass;
+
+	my $pass_len = length($pass);
+	my @pass_arr = split("", $pass);
+	my $i;
+
+	# from cvs/src/scramble.c
+	my @shifts = (
+		  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
+		 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
+		114,120, 53, 79, 96,109, 72,108, 70, 64, 76, 67,116, 74, 68, 87,
+		111, 52, 75,119, 49, 34, 82, 81, 95, 65,112, 86,118,110,122,105,
+		 41, 57, 83, 43, 46,102, 40, 89, 38,103, 45, 50, 42,123, 91, 35,
+		125, 55, 54, 66,124,126, 59, 47, 92, 71,115, 78, 88,107,106, 56,
+		 36,121,117,104,101,100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48,
+		 58,113, 32, 90, 44, 98, 60, 51, 33, 97, 62, 77, 84, 80, 85,223,
+		225,216,187,166,229,189,222,188,141,249,148,200,184,136,248,190,
+		199,170,181,204,138,232,218,183,255,234,220,247,213,203,226,193,
+		174,172,228,252,217,201,131,230,197,211,145,238,161,179,160,212,
+		207,221,254,173,202,146,224,151,140,196,205,130,135,133,143,246,
+		192,159,244,239,185,168,215,144,139,165,180,157,147,186,214,176,
+		227,231,219,169,175,156,206,198,129,164,150,210,154,177,134,127,
+		182,128,158,208,162,132,167,209,149,241,153,251,237,236,171,195,
+		243,233,253,240,194,250,191,155,142,137,245,235,163,242,178,152
+	);
+
+	for ($i = 0; $i < $pass_len; $i++) {
+		$scrambled .= pack("C", $shifts[ord($pass_arr[$i])]);
+	}
+
+	return $scrambled;
+}
 
 package main;
 
diff --git a/t/t9600-cvsimport.sh b/t/t9600-cvsimport.sh
index 363345f..57c0eac 100755
--- a/t/t9600-cvsimport.sh
+++ b/t/t9600-cvsimport.sh
@@ -128,4 +128,45 @@ test_expect_success 'import from a CVS working tree' '
 
 test_expect_success 'test entire HEAD' 'test_cmp_branch_tree master'
 
+if ! type nc >/dev/null 2>&1
+then
+	say 'skipping cvsimport pserver test, nc not found'
+	test_done
+	exit
+fi
+
+cat << EOF >expected
+BEGIN AUTH REQUEST
+/cvs
+me
+AyuhedEIc?^]'%=0:q Z,b<3!a>
+END AUTH REQUEST
+EOF
+
+test_expect_success 'connect to pserver with password' '
+
+	echo "I HATE YOU" | nc -l 2401 >actual &
+	test_must_fail git cvsimport -d \
+		:pserver:me:abcdefghijklmnopqrstuvwxyz@localhost:/cvs foo \
+		>/dev/null 2>&1 &&
+	test_cmp expected actual
+'
+
+cat << EOF >expected
+BEGIN AUTH REQUEST
+/cvs
+anonymous
+A
+END AUTH REQUEST
+EOF
+
+test_expect_success 'connect to pserver without password' '
+
+	echo "I HATE YOU" | nc -l 2401 >actual &
+	test_must_fail git cvsimport -d \
+		:pserver:anonymous@localhost:/cvs foo \
+		>/dev/null 2>&1 &&
+	test_cmp expected actual
+'
+
 test_done
-- 
1.6.4

Re: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Sverre Rabbelier]

Heya,

2009/8/13 Dirk Hörner <dirker@gmail.com>:
> sorry for the long delay, but I finally sat down, hacked two testcases
> and amended the patch after rebasing to the most recent HEAD. Find it
> attached to this mail.

I think we'd rather find it inlined, as per SubmittingPatches ;).

-- 
Cheers,

Sverre Rabbelier

Re: [PATCH] git-cvsimport: add support for cvs pserver password scrambling.

[Dirk Hörner]

Hi Sverre,

thanks for the heads up, I will resend it in a minute.

Ciao,
Dirk

2009/8/13 Sverre Rabbelier <srabbelier@gmail.com>:
> Heya,
>
> 2009/8/13 Dirk Hörner <dirker@gmail.com>:
>> sorry for the long delay, but I finally sat down, hacked two testcases
>> and amended the patch after rebasing to the most recent HEAD. Find it
>> attached to this mail.
>
> I think we'd rather find it inlined, as per SubmittingPatches ;).
>
> --
> Cheers,
>
> Sverre Rabbelier
>