[PATCH 3/5] git-cvsserver: take care of empty passwords

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 3/5] git-cvsserver: take care of empty passwords
       [not found] <3594077658746039911@unknownmsgid>
@ 2010-07-06 17:37 ` Áshin László
  2010-07-06 18:05   ` Ævar Arnfjörð Bjarmason
  0 siblings, 1 reply; 3+ messages in thread
From: Áshin László @ 2010-07-06 17:37 UTC (permalink / raw)
  To: git
  Cc: Ævar Arnfjörð Bjarmason, Junio C Hamano,
	László ÁSHIN

Do not try to descramble them.
---
 git-cvsserver.perl |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 10dcc65..e842d77 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -241,11 +241,15 @@ if ($state->{method} eq 'pserver') {
            exit 1;
        }

+        if (length($password) > 0) {
+            $password = descramble($password);
+        }
+
        my $auth_ok;
        open my $passwd, "<", $authdb or die $!;
        while (<$passwd>) {
            if (m{^\Q$user\E:(.*)}) {
-                if (crypt($user, descramble($password)) eq $1) {
+                if (crypt($user, $password) eq $1) {
                    $auth_ok = 1;
                }
            };
--
1.7.0.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 3/5] git-cvsserver: take care of empty passwords
  2010-07-06 17:37 ` [PATCH 3/5] git-cvsserver: take care of empty passwords Áshin László
@ 2010-07-06 18:05   ` Ævar Arnfjörð Bjarmason
  2010-07-06 18:21     ` Áshin László
  0 siblings, 1 reply; 3+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2010-07-06 18:05 UTC (permalink / raw)
  To: Áshin László
  Cc: git, Junio C Hamano, László ÁSHIN

On Tue, Jul 6, 2010 at 17:37, Áshin László <ashinlaszlo@gmail.com> wrote:
> Do not try to descramble them.

This commit message isn't very revealing. What does this do exactly?
Is the behavior with empty passwords changed now? Does git-cvsserver
no longer support empty passwords? Is the on-disk format in the authdb
just different? (I.e. "" instead of "A" or something). Or something
else?

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 3/5] git-cvsserver: take care of empty passwords
  2010-07-06 18:05   ` Ævar Arnfjörð Bjarmason
@ 2010-07-06 18:21     ` Áshin László
  0 siblings, 0 replies; 3+ messages in thread
From: Áshin László @ 2010-07-06 18:21 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason
  Cc: git, Junio C Hamano, László ÁSHIN

descramble() dies if it is called with empty string as an argument.
This patch only fixes this.

The test case written to check empty passwords only checks the case
when the user is not in the authdb, so the old code doesn't even call
descramble().

On Tue, Jul 6, 2010 at 20:05, Ævar Arnfjörð Bjarmason <avarab@gmail.com> wrote:
> On Tue, Jul 6, 2010 at 17:37, Áshin László <ashinlaszlo@gmail.com> wrote:
>> Do not try to descramble them.
>
> This commit message isn't very revealing. What does this do exactly?
> Is the behavior with empty passwords changed now? Does git-cvsserver
> no longer support empty passwords? Is the on-disk format in the authdb
> just different? (I.e. "" instead of "A" or something). Or something
> else?
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-07-06 18:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <3594077658746039911@unknownmsgid>
2010-07-06 17:37 ` [PATCH 3/5] git-cvsserver: take care of empty passwords Áshin László
2010-07-06 18:05   ` Ævar Arnfjörð Bjarmason
2010-07-06 18:21     ` Áshin László

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).