Patch actually attached this time.
Cheers,
Derek
Derek Price wrote:
>I've implemented this as an option to server & pserver. Installing as a
>global option would have create problems in multiroot mode anyhow.
>
>Preliminary patch against 1.11.x attached. The final version will go
>into feature - I'm not advocating putting this in stable, but this is
>what I have now and I thought I would request a review. This patch also
>finally disables the sourcing of the ~/.cvsrc file for the server
>commands as an added protection against a user setting the path to the
>config file.
>
>2005-05-17 Derek Price <[EMAIL PROTECTED]>
>
> * configure.in: Add --enable-config-override.
> * main.c (main): Don't source .cvsrc in server mode. Remove
>obsolete comment.
> * parseinfo.c (ConfigPath): New global.
> (parse_config): Open ConfigPath when provided.
> * server.c (server): Parse -c option.
> * sanity.sh (server_usage): New static global.
> (sever): Add tests of ConfigPath and .cvsrc.
>
>
>I've been thinking about this more, and I'm starting to feel that as an
>option to server/pserver/etc, this really isn't so insecure. In
>general, an admin will be able to and probably does restrict the
>arguments to the server & pserver commands, and a user with shell access
>to the server could run a hacked CVS against a repo or even alter a repo
>directly anyhow, so the argument about security is mostly moot.
>
>The only exception would be where the admin only used a setuid CVS
>executable to restrict repo access to a specific CVS executable. I'm
>not sure how common this is however, as it also disables the ability to
>use UNIX uids & gids for finer control over read & write access.
>
>Regards,
>
>Derek
>
>
Index: configure.in
===================================================================
RCS file: /cvs/ccvs/configure.in,v
retrieving revision 1.176.2.60
diff -u -p -r1.176.2.60 configure.in
--- configure.in 18 Apr 2005 17:46:13 -0000 1.176.2.60
+++ configure.in 17 May 2005 16:06:53 -0000
@@ -965,9 +965,32 @@ dnl end --enable-rootcommit
dnl
+dnl
+dnl begin --enable-config-override
+dnl
+
+AC_ARG_ENABLE(
+ [config-override],
+ AC_HELP_STRING(
+ [--enable-config-override],
+ [Cause the CVS server commands to allow the config file to be specified
+ on the command line. (enabled by default)]), ,
+ [enable_config_override=yes])
+
+if test x"$enable_config_override" = xyes; then
+ AC_DEFINE(ALLOW_CONFIG_OVERRIDE, 1,
+ [Define this to allow the path to CVS's config file to be set on the
+ command line.])
+fi
+
+dnl
+dnl end --enable-config-override
+dnl
+
+
dnl
-dnl end --enable-*
+dnl end --enables
dnl
Index: src/main.c
===================================================================
RCS file: /cvs/ccvs/src/main.c,v
retrieving revision 1.172.4.14
diff -u -p -r1.172.4.14 main.c
--- src/main.c 9 Mar 2005 19:47:15 -0000 1.172.4.14
+++ src/main.c 17 May 2005 16:06:53 -0000
@@ -478,6 +478,17 @@ main (argc, argv)
use_cvsrc = 0;
}
+#ifdef SERVER_SUPPORT
+ /* Don't try and read a .cvsrc file if we are a server. */
+ if (optind < argc
+ && (!strcmp (argv[optind], "pserver")
+# ifdef HAVE_KERBEROS
+ || !strcmp (argv[optind], "kserver")
+# endif /* HAVE_KERBEROS */
+ || !strcmp (argv[optind], "server")))
+ use_cvsrc = 0;
+#endif /* SERVER_SUPPORT */
+
/*
* Scan cvsrc file for global options.
*/
@@ -693,10 +704,7 @@ distribution kit for a complete list of
if (strcmp (cvs_cmd_name, "pserver") == 0)
{
/* The reason that --allow-root is not a command option
- is mainly the comment in server() about how argc,argv
- might be from .cvsrc. I'm not sure about that, and
- I'm not sure it is only true of command options, but
- it seems easier to make it a global option. */
+ is mainly that it seems easier to make it a global option. */
/* Gets username and password from client, authenticates, then
switches to run as that user and sends an ACK back to the
Index: src/parseinfo.c
===================================================================
RCS file: /cvs/ccvs/src/parseinfo.c,v
retrieving revision 1.37.4.8
diff -u -p -r1.37.4.8 parseinfo.c
--- src/parseinfo.c 16 Mar 2005 22:00:44 -0000 1.37.4.8
+++ src/parseinfo.c 17 May 2005 16:06:53 -0000
@@ -17,6 +17,9 @@
#include "history.h"
extern char *logHistory;
+#ifdef ALLOW_CONFIG_OVERRIDE
+char *ConfigPath;
+#endif
/*
* Parse the INFOFILE file for the specified REPOSITORY. Invoke CALLPROC for
@@ -252,22 +255,24 @@ parse_config (cvsroot)
return 0;
parsed = 1;
- infopath = xmalloc (strlen (cvsroot)
- + sizeof (CVSROOTADM_CONFIG)
- + sizeof (CVSROOTADM)
- + 10);
- if (infopath == NULL)
+#ifdef ALLOW_CONFIG_OVERRIDE
+ if (ConfigPath)
+ infopath = ConfigPath;
+ else
+#endif
{
- error (0, 0, "out of memory; cannot allocate infopath");
- goto error_return;
+ infopath = xmalloc (strlen (cvsroot)
+ + sizeof (CVSROOTADM_CONFIG)
+ + sizeof (CVSROOTADM)
+ + 10);
+
+ strcpy (infopath, cvsroot);
+ strcat (infopath, "/");
+ strcat (infopath, CVSROOTADM);
+ strcat (infopath, "/");
+ strcat (infopath, CVSROOTADM_CONFIG);
}
- strcpy (infopath, cvsroot);
- strcat (infopath, "/");
- strcat (infopath, CVSROOTADM);
- strcat (infopath, "/");
- strcat (infopath, CVSROOTADM_CONFIG);
-
fp_info = CVS_FOPEN (infopath, "r");
if (fp_info == NULL)
{
@@ -446,7 +451,7 @@ warning: this CVS does not support Prese
set_defaults_and_return:
if (!logHistory)
logHistory = xstrdup (ALL_HISTORY_REC_TYPES);
- free (infopath);
+ if (infopath != ConfigPath) free (infopath);
if (line != NULL)
free (line);
return 0;
@@ -454,7 +459,7 @@ set_defaults_and_return:
error_return:
if (!logHistory)
logHistory = xstrdup (ALL_HISTORY_REC_TYPES);
- if (infopath != NULL)
+ if (infopath && infopath != ConfigPath)
free (infopath);
if (line != NULL)
free (line);
Index: src/sanity.sh
===================================================================
RCS file: /cvs/ccvs/src/sanity.sh,v
retrieving revision 1.752.2.170
diff -u -p -r1.752.2.170 sanity.sh
--- src/sanity.sh 2 May 2005 17:06:56 -0000 1.752.2.170
+++ src/sanity.sh 17 May 2005 16:06:58 -0000
@@ -28609,6 +28609,36 @@ Entry /CC/CC/CC
noop
EOF
+ # Check that the config file may be set from the command line.
+ # But first verify the default config produces no error messages.
+ dotest server-19 "$testcvs server" \
+"ok" <<EOF
+Root $TESTDIR/crerepos
+Directory .
+$TESTDIR/crerepos
+noop
+EOF
+ echo THIS-CONFIG-OPTION-IS-BAD=XXX >$TESTDIR/newconfig
+ dotest server-20 "$testcvs server -c $TESTDIR/newconfig" \
+"E $PROG server: $TESTDIR/newconfig: unrecognized keyword
'THIS-CONFIG-OPTION-IS-BAD'
+ok" <<EOF
+Root $TESTDIR/crerepos
+Directory .
+$TESTDIR/crerepos
+noop
+EOF
+
+ # Now make sure that the config file can't be set via the user's
+ # .cvsrc.
+ echo server -c $TESTDIR/newconfig >$HOME/.cvsrc
+ dotest server-21 "$testcvs server" \
+"ok" <<EOF
+Root $TESTDIR/crerepos
+Directory .
+$TESTDIR/crerepos
+noop
+EOF
+
if $keep; then
echo Keeping ${TESTDIR} and exiting due to --keep
exit 0
@@ -28616,6 +28646,7 @@ EOF
rm -rf ${TESTDIR}/crerepos
rm gzipped.dat session.dat
+ rm $TESTDIR/newconfig $HOME/.cvsrc
fi # skip the whole thing for local
;;
Index: src/server.c
===================================================================
RCS file: /cvs/ccvs/src/server.c,v
retrieving revision 1.284.2.39
diff -u -p -r1.284.2.39 server.c
--- src/server.c 16 Mar 2005 19:05:02 -0000 1.284.2.39
+++ src/server.c 17 May 2005 16:06:59 -0000
@@ -5050,24 +5050,50 @@ server_cleanup (sig)
int server_active = 0;
+static const char *const server_usage[] =
+{
+ "Usage: %s %s [-c config-file]\n",
+ "\t-c config-file\tPath to an alternative CVS config file.\n",
+ "Normally invoked by a cvs client on a remote machine.\n",
+ NULL
+};
+
+
+
+#ifdef ALLOW_CONFIG_OVERRIDE
+/* From parseinfo.c. */
+extern char *ConfigPath;
+#endif
+
int
server (argc, argv)
int argc;
char **argv;
{
char *error_prog_name; /* Used in error messages */
+ char c;
if (argc == -1)
+ usage (server_usage);
+
+ optind = 0;
+ while ((c = getopt (argc, argv, "+c:")) != -1)
{
- static const char *const msg[] =
+ switch (c)
{
- "Usage: %s %s\n",
- " Normally invoked by a cvs client on a remote machine.\n",
- NULL
- };
- usage (msg);
+#ifdef ALLOW_CONFIG_OVERRIDE
+ case 'c':
+ if (ConfigPath)
+ free (ConfigPath);
+ ConfigPath = xstrdup (optarg);
+ break;
+#endif
+ case '?':
+ default:
+ usage (server_usage);
+ break;
+ }
}
- /* Ignore argc and argv. They might be from .cvsrc. */
buf_to_net = fd_buffer_initialize (STDOUT_FILENO, 0,
outbuf_memory_error);
_______________________________________________
Bug-cvs mailing list
Bug-cvs@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-cvs
