Re: [PATCH] Add PAM support

2001-10-22 Thread Steve McIntyre 

[ Debian BTS CC:ed - I sent the patch there too ]

On Fri, Oct 19, 2001 at 05:37:39PM -0400, [EMAIL PROTECTED] wrote:

Steve McIntyre wrote:

 The patch here adds PAM support to CVS, so it now works for us in an
 all-PAM (LDAP) environment:

Did I miss something?  It appears you've added some includes and two new
functions, but no calls to these functions.

Oops. Sorry - I clearly cut the patch short somehow. I've attached the
full patch below.

Also, though we can probably dispense with the test cases, the
HAVE_PAM should be tied into the configure script and this deserves
comments in the news file.

Obviously, yes. I've never played with autoconf and friends, so I
thought it best left alone.

-- 
Steve McIntyre, Allstor Software [EMAIL PROTECTED]
Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/


--- cvs-1.11.1p1.orig/src/Makefile.in
+++ cvs-1.11.1p1/src/Makefile.in
@@ -180,7 +180,7 @@
 cvs_LDADD = \
../diff/libdiff.a \
../lib/libcvs.a \
-   ../zlib/libz.a \
+   -lz -ldl -lpam \
version.o
 
 cvs_EXTRA_DIST = version.c
--- cvs-1.11.1p1.orig/src/server.c
+++ cvs-1.11.1p1/src/server.c
@@ -16,6 +16,13 @@
 #include getline.h
 #include buffer.h
 
+#define HAVE_PAM
+
+#ifdef HAVE_PAM
+#include security/pam_misc.h
+#include security/pam_appl.h
+#endif
+
 #if defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT)
 # ifdef HAVE_GSSAPI
 /* This stuff isn't included solely with SERVER_SUPPORT since some of these
@@ -5526,6 +5536,106 @@
 return retval;
 }
 
+#ifdef HAVE_PAM
+/* The callback function that the pam modules will use to talk to
+   us. Modelled closely on the misc_conv module of Linux-PAM. This
+   blatantly subverts one of the principles of PAM - PAM is meant to
+   handle all the password work. Bu this does the job and means I can
+   transition to LDAP right now. */
+int cvs_conv(int num_msg, const struct pam_message **msgm,
+struct pam_response **response, void *appdata_ptr)
+{
+int count=0;
+struct pam_response *reply;
+
+if (num_msg = 0)
+   return PAM_CONV_ERR;
+
+reply = (struct pam_response *) calloc(num_msg,
+  sizeof(struct pam_response));
+if (reply == NULL)
+   return PAM_CONV_ERR;
+
+for (count=0; count  num_msg; ++count) 
+{
+   char *string=NULL;
+
+   switch (msgm[count]-msg_style) 
+   {
+   case PAM_PROMPT_ECHO_OFF:
+   case PAM_PROMPT_ECHO_ON:
+   string = (char *)appdata_ptr;
+   break;
+   default:
+   break;
+   }
+
+   if (string) /* must add to reply array */
+   {   
+   /* add string to list of responses */
+   reply[count].resp_retcode = 0;
+   reply[count].resp = string;
+   string = NULL;
+   }
+}
+
+*response = reply;
+reply = NULL;
+
+return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+cvs_conv,
+NULL
+};
+
+/* Modelled very closely on the example code in The Linux-PAM
+   Application Developers' Guide by Andrew G. Morgan. */
+static int
+check_pam_password (username, password, repository, host_user_ptr)
+ char *username, *password, *repository, **host_user_ptr;
+{
+pam_handle_t *pamh=NULL;
+int retval;
+int rc = 0;
+
+conv.appdata_ptr = password;
+
+retval = pam_start(cvs, username, conv, pamh);
+
+if (retval == PAM_SUCCESS)
+   retval = pam_authenticate(pamh, 0);/* is user really user? */
+
+if (retval == PAM_SUCCESS)
+   retval = pam_acct_mgmt(pamh, 0);   /* permitted access? */
+
+/* This is where we have been authorized or not. */
+
+switch(retval)
+{
+   case PAM_SUCCESS:
+   *host_user_ptr = xstrdup(username);
+   rc = 1;
+   break;
+   case PAM_AUTH_ERR:
+   *host_user_ptr = NULL;
+   rc = 2;
+   break;
+   default:
+   *host_user_ptr = NULL;
+   rc = 0;
+   break;
+}
+
+if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close PAM */
+   pamh = NULL;
+   fprintf(stderr, failed to release authenticator\n);
+}
+
+return rc;   /* indicate success */
+}
+#endif /* HAVE_PAM */
 
 /* Return a hosting username if password matches, else NULL. */
 static char *
@@ -5552,6 +5662,24 @@
 /* host_user already set by reference, so just return. */
 goto handle_return;
 }
+
+#ifdef HAVE_PAM
+else if(rc == 0  system_auth)
+{
+   rc = check_pam_password (username, password, repository,
+host_user);
+   if (rc == 2)
+   return NULL;
+   
+   /* else */
+   
+   if (rc == 1)
+   {
+   /* host_user already set by reference, so just return. */
+   goto handle_return;
+   }
+}
+#else /* HAVE_PAM */
 else if (rc == 0  system_auth)
 {
/* No cvs password

Re: bug / enhancement regarding cvs log

2001-10-22 Thread Larry Jones 

Navin Daryanani writes:
 
 Sorry I don't mean to bug anybody - but I just checked out a version of ccvs
 and tried to build it from sources and wanted to checkout the feature I
 needed. I don't seem to get the right results. I mean when I do a log of a
 range of revisions I still get a log of a ver old file which was not
 modified in that revision range.

Could you post an example?

-Larry Jones

It works on the same principle as electroshock therapy. -- Calvin

___
Bug-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-cvs

Re: link error

2001-10-22 Thread Derek R. Price 

song wang wrote:

 hi,

 I just download the latest version CVS 1.11.1p1 for windows NT and try to
 build the package through the following
 name -f cvsnt.mak

 but I fet the following error message and don;t have any idea what is
 happening.

 No configuration specified.  Defaulting to cvsnt - Win32 Debug.
 NMAKE : warning U4004: too many rules for target '.\WinDebug/1'
 NMAKE : warning U4004: too many rules for target '.\WinDebug/2'
 link.exe @C:\DOCUME~1\swang.DT\LOCALS~1\Temp\nma01364.
 main.obj : error LNK2001: unresolved external symbol _annotate
 .\WinDebug/cvs.exe : fatal error LNK1120: 1 unresolved externals
 NMAKE : fatal error U1077: 'link.exe' : return code '0x460'
 Stop.

Yeah - that's fixed in the dev version.  Use the most recent make file
instead - version 1.42.

http://ccvs.cvshome.org/source/browse/ccvs/cvsnt.mak

Derek

--
Derek Price  CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED] CollabNet ( http://collab.net )
--
Rick:  How long was it we had, honey?
Elsa:  I didn't count the days.
Rick:  Well I did, every one of them.  Mostly I remember the last one.  The wow
   finish.  The guy standing on the station platform in the rain with a
   comical look on his face because his insides had been kicked out.

- Humphrey Bogart  Ingrid Bergman, _Casablanca_




___
Bug-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-cvs

Enhancement requests

2001-10-22 Thread Riley Williams 

Hi all.

There are two enhancements I would like to see, both connected with 
the stuff it ignores on import and update:

 1. cvs already ignores *.Z archives, so can it also be set to ignore
*.bz2 and *.gz archives as well.

 2. Can CVS be 'trained' to differentiate between directories and
files for the various ignore entries? One obvious way to me would
be to say that if the entry in the list of files to ignore ends 
with a / then that refers to a directory to be ignored, and any
entry not ending with this character refers to a file. This would
mean that to ignore something as both, it would need to be entered 
twice, once in each format.

I will add that on looking at ignore.c I get the impression that
something along these lines has already been a\dded, but just 
doesn't work.

Comments anybody?

Best wishes from Riley.


___
Bug-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-cvs

RE: bug / enhancement regarding cvs log

2001-10-22 Thread Navin Daryanani 

Hi

Thanks for bearing with me here. Here is the explanaton.




current status of the repository module : WSA/iCare - everything commited
and in sync and the latest version tagged with iCare060

modified Application.java - say for e.g., added a line break at the
beginning of the file

cvs commit Application.java and gave a log : cvs testing

cvs rtag dev2310 WSA/iCare 

when you do a cvs log -rdev2310 -wnavin  you get the foll. output. (For
brevity I have kept the log of the first 3-4 files only.)
Notice that I had modified only Application.java in the revision tag
dev2310
and I got many more files which weren't even modified in this tag - and I
get the same output
even if I do cvs log -riCare060::. What I really wanted was to have an
option to have a log
of files modified in this tag only. Currently, as a workaround I do a
cvs rdiff -s -r iCare060 dev2310 WSA/iCare which gives me a list of files
modified after
iCare060 and till dev2310 in this case the output comes as File
WSA/iCare/Application.java
changed from revision 1.61 to 1.62 - i then pipe this output to a perl
program which builds
the list of files (in a string separated by spaces) which were listed
here. This list
is then passed to the log command. For me, this is not a very clean
solution because if I want
complete flexibility I have to pass 2 separate set of tags - one to the
rdiff command which
prints the summary of files which have changed and the other set to the
log command. I hope
I have not been too ambiguous in explaining things here. I use this
functionality to build my
Changelog for each person working on the repository. Thanks. -navin.




=
RCS file: /mnt/cvsroot/WSA/iCare/Application.java,v
Working file: Application.java
head: 1.62
branch:
locks: strict
access list:
symbolic names:
dev2310: 1.62
iCare060: 1.61
iCare059: 1.60
iCare058: 1.60
dev0910: 1.60
iCare057A: 1.60
iCare057: 1.60
iCare056: 1.60
iCare055: 1.60
iCare054: 1.59
iCare053: 1.58
iCare052A: 1.58
BRANCH_ICARE052: 1.58.0.2
iCare052: 1.58
iCare051A: 1.58
iCare051: 1.58
iCare050A: 1.58
iCare050: 1.58
iCare049: 1.56
iCare048: 1.54
iCare047: 1.54
iCare046: 1.48
iCare045: 1.48
iCare044: 1.48
iCare043: 1.46
iCare042: 1.46
iCare041: 1.46
iCare040: 1.44
iCare039: 1.44
iCare038: 1.44
iCare037: 1.44
iCare036: 1.43
iCare035: 1.42
iCare34preFrank: 1.41
iCare033: 1.35
iCare032: 1.34
iCare031: 1.31
dev2108: 1.30
iCare030: 1.29
iCare029: 1.27
iCare028: 1.25
iCare027: 1.24
iCare026: 1.21
dev0208: 1.21
dev0108: 1.21
iCare025: 1.21
iCare024: 1.21
version023: 1.20
iCare022: 1.19
iCare021: 1.19
dev1407: 1.12
dev1107: 1.7
dev0507: 1.5
iCare018: 1.5
dev-0626: 1.5
dev1: 1.4
v017: 1.1.1.1
wsa: 1.1.1
keyword substitution: kv
total revisions: 63;selected revisions: 1
description:

revision 1.62
date: 2001/10/23 00:27:43;  author: navin;  state: Exp;  lines: +1 -0
cvs testing

=

RCS file: /mnt/cvsroot/WSA/iCare/CustomDBDelegate.java,v
Working file: CustomDBDelegate.java
head: 1.2
branch:
locks: strict
access list:
symbolic names:
dev2310: 1.2
iCare060: 1.2
iCare059: 1.2
iCare058: 1.2
dev0910: 1.2
iCare057A: 1.2
iCare057: 1.2
iCare056: 1.2
iCare055: 1.2
iCare054: 1.2
iCare053: 1.2
iCare052A: 1.2
BRANCH_ICARE052: 1.2.0.2
iCare052: 1.2
iCare051A: 1.1
iCare051: 1.1
iCare050A: 1.1
iCare050: 1.1
iCare049: 1.1
iCare048: 1.1
iCare047: 1.1
iCare046: 1.1
iCare045: 1.1
iCare044: 1.1
iCare043: 1.1
iCare042: 1.1
iCare041: 1.1
iCare040: 1.1
iCare039: 1.1
iCare038: 1.1
iCare037: 1.1
iCare036: 1.1
iCare035: 1.1
iCare34preFrank: 1.1
iCare033: 1.1
iCare032: 1.1
iCare031: 1.1
dev2108: 1.1
keyword substitution: kv
total revisions: 2; selected revisions: 1
description:

revision 1.2
date: 2001/09/21 01:00:00;  author: navin;  state: Exp;  lines: +10 -8
was trying to implement DatabaseDelegate

=

RCS file: