Long topic, but had to fit it all in :-). So that's what this
does. It's not thoroughly tested, but it seems to work atleast for
something.
Basically it changes the routines accessing cvsadmindir/passwd so that
if user has password "*SYS*", the password given by the user is
compared against the system password instead of the cvs-passwd-file.
This works even if the global SystemAuth would be 'no', thus allowing
the limiting of the allowed users and still using the system password
file - also allows grouping them to 'project users', but this I didn't
try, I'd imagine it works too. (Ie. I hope I didn't break it.)
--
_____________________________________________________________________
/ __// /__ ____ __ Erkki Sepp�l�\ \
/ /_ / // // /\ \/ //ircnet Inside Informatics ry\ /
/_/ /_/ \___/ /_/\_\@inside.org http://www.inside.org/~flux/
--- cvs-1.11.1p1/src/server.c Tue Jul 17 19:52:17 2001
+++ cvs-1.11.1p1-flux/src/server.c Tue Jul 17 19:52:27 2001
@@ -5374,9 +5377,10 @@
�
/*
- * 0 means no entry found for this user.
+ * 0 means no entry found for this user - check with system
* 1 means entry found and password matches (or found password is empty)
* 2 means entry found, but password does not match.
+ * 3 means entry found, but password tagged specially - check with system!
*
* If 1, host_user_ptr will be set to point at the system
* username (i.e., the "real" identity, which may or may not be the
@@ -5498,19 +5502,28 @@
if (host_user_tmp == NULL)
host_user_tmp = username;
- /* Verify blank passwords directly, otherwise use crypt(). */
- if ((found_password == NULL)
- || ((strcmp (found_password, crypt (password, found_password))
- == 0)))
- {
+ /* If a specially tagged password, use system authentication */
+ if (found_password && strcmp(found_password, "*SYS*") == 0) {
/* Give host_user_ptr permanent storage. */
*host_user_ptr = xstrdup (host_user_tmp);
- retval = 1;
- }
- else
- {
- *host_user_ptr = NULL;
- retval = 2;
+
+ retval = 3;
+ }
+ else
+ {
+ /* Verify blank passwords directly, otherwise use crypt(). */
+ if (found_password == NULL ||
+ strcmp (found_password, crypt (password, found_password)) == 0)
+ {
+ /* Give host_user_ptr permanent storage. */
+ *host_user_ptr = xstrdup (host_user_tmp);
+ retval = 1;
+ }
+ else
+ {
+ *host_user_ptr = NULL;
+ retval = 2;
+ }
}
}
else /* Didn't find this user, so deny access. */
@@ -5552,7 +5565,7 @@
/* host_user already set by reference, so just return. */
goto handle_return;
}
- else if (rc == 0 && system_auth)
+ else if ((rc == 0 && system_auth) || rc == 3)
{
/* No cvs password found, so try /etc/passwd. */
@@ -5593,10 +5606,24 @@
if (*found_passwd)
{
- /* user exists and has a password */
- host_user = ((! strcmp (found_passwd,
- crypt (password, found_passwd)))
- ? xstrdup (username) : NULL);
+ /* if user has a valid password */
+ if (strcmp(found_passwd, crypt(password, found_passwd)) == 0) {
+ if (rc == 0)
+ {
+ /* if not found in cvs passwd-file, return users name */
+ host_user = xstrdup(username);
+ }
+ else
+ {
+ /* if cvs passwd-file might've contained the name,
+ return it instead */
+ host_user = host_user ? host_user : xstrdup(username);
+ }
+ }
+ else
+ {
+ host_user = NULL;
+ }
goto handle_return;
}
else if (password && *password)
