Re: [PATCH] Add PAM support
[ Debian BTS CC:ed - I sent the patch there too ] On Fri, Oct 19, 2001 at 05:37:39PM -0400, [EMAIL PROTECTED] wrote: Steve McIntyre wrote: The patch here adds PAM support to CVS, so it now works for us in an all-PAM (LDAP) environment: Did I miss something? It appears you've added some includes and two new functions, but no calls to these functions. Oops. Sorry - I clearly cut the patch short somehow. I've attached the full patch below. Also, though we can probably dispense with the test cases, the HAVE_PAM should be tied into the configure script and this deserves comments in the news file. Obviously, yes. I've never played with autoconf and friends, so I thought it best left alone. -- Steve McIntyre, Allstor Software [EMAIL PROTECTED] Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/ --- cvs-1.11.1p1.orig/src/Makefile.in +++ cvs-1.11.1p1/src/Makefile.in @@ -180,7 +180,7 @@ cvs_LDADD = \ ../diff/libdiff.a \ ../lib/libcvs.a \ - ../zlib/libz.a \ + -lz -ldl -lpam \ version.o cvs_EXTRA_DIST = version.c --- cvs-1.11.1p1.orig/src/server.c +++ cvs-1.11.1p1/src/server.c @@ -16,6 +16,13 @@ #include getline.h #include buffer.h +#define HAVE_PAM + +#ifdef HAVE_PAM +#include security/pam_misc.h +#include security/pam_appl.h +#endif + #if defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT) # ifdef HAVE_GSSAPI /* This stuff isn't included solely with SERVER_SUPPORT since some of these @@ -5526,6 +5536,106 @@ return retval; } +#ifdef HAVE_PAM +/* The callback function that the pam modules will use to talk to + us. Modelled closely on the misc_conv module of Linux-PAM. This + blatantly subverts one of the principles of PAM - PAM is meant to + handle all the password work. Bu this does the job and means I can + transition to LDAP right now. */ +int cvs_conv(int num_msg, const struct pam_message **msgm, +struct pam_response **response, void *appdata_ptr) +{ +int count=0; +struct pam_response *reply; + +if (num_msg = 0) + return PAM_CONV_ERR; + +reply = (struct pam_response *) calloc(num_msg, + sizeof(struct pam_response)); +if (reply == NULL) + return PAM_CONV_ERR; + +for (count=0; count num_msg; ++count) +{ + char *string=NULL; + + switch (msgm[count]-msg_style) + { + case PAM_PROMPT_ECHO_OFF: + case PAM_PROMPT_ECHO_ON: + string = (char *)appdata_ptr; + break; + default: + break; + } + + if (string) /* must add to reply array */ + { + /* add string to list of responses */ + reply[count].resp_retcode = 0; + reply[count].resp = string; + string = NULL; + } +} + +*response = reply; +reply = NULL; + +return PAM_SUCCESS; +} + +static struct pam_conv conv = { +cvs_conv, +NULL +}; + +/* Modelled very closely on the example code in The Linux-PAM + Application Developers' Guide by Andrew G. Morgan. */ +static int +check_pam_password (username, password, repository, host_user_ptr) + char *username, *password, *repository, **host_user_ptr; +{ +pam_handle_t *pamh=NULL; +int retval; +int rc = 0; + +conv.appdata_ptr = password; + +retval = pam_start(cvs, username, conv, pamh); + +if (retval == PAM_SUCCESS) + retval = pam_authenticate(pamh, 0);/* is user really user? */ + +if (retval == PAM_SUCCESS) + retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ + +/* This is where we have been authorized or not. */ + +switch(retval) +{ + case PAM_SUCCESS: + *host_user_ptr = xstrdup(username); + rc = 1; + break; + case PAM_AUTH_ERR: + *host_user_ptr = NULL; + rc = 2; + break; + default: + *host_user_ptr = NULL; + rc = 0; + break; +} + +if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close PAM */ + pamh = NULL; + fprintf(stderr, failed to release authenticator\n); +} + +return rc; /* indicate success */ +} +#endif /* HAVE_PAM */ /* Return a hosting username if password matches, else NULL. */ static char * @@ -5552,6 +5662,24 @@ /* host_user already set by reference, so just return. */ goto handle_return; } + +#ifdef HAVE_PAM +else if(rc == 0 system_auth) +{ + rc = check_pam_password (username, password, repository, +host_user); + if (rc == 2) + return NULL; + + /* else */ + + if (rc == 1) + { + /* host_user already set by reference, so just return. */ + goto handle_return; + } +} +#else /* HAVE_PAM */ else if (rc == 0 system_auth) { /* No cvs password
Re: bug / enhancement regarding cvs log
Navin Daryanani writes: Sorry I don't mean to bug anybody - but I just checked out a version of ccvs and tried to build it from sources and wanted to checkout the feature I needed. I don't seem to get the right results. I mean when I do a log of a range of revisions I still get a log of a ver old file which was not modified in that revision range. Could you post an example? -Larry Jones It works on the same principle as electroshock therapy. -- Calvin ___ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
Re: link error
song wang wrote: hi, I just download the latest version CVS 1.11.1p1 for windows NT and try to build the package through the following name -f cvsnt.mak but I fet the following error message and don;t have any idea what is happening. No configuration specified. Defaulting to cvsnt - Win32 Debug. NMAKE : warning U4004: too many rules for target '.\WinDebug/1' NMAKE : warning U4004: too many rules for target '.\WinDebug/2' link.exe @C:\DOCUME~1\swang.DT\LOCALS~1\Temp\nma01364. main.obj : error LNK2001: unresolved external symbol _annotate .\WinDebug/cvs.exe : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: 'link.exe' : return code '0x460' Stop. Yeah - that's fixed in the dev version. Use the most recent make file instead - version 1.42. http://ccvs.cvshome.org/source/browse/ccvs/cvsnt.mak Derek -- Derek Price CVS Solutions Architect ( http://CVSHome.org ) mailto:[EMAIL PROTECTED] CollabNet ( http://collab.net ) -- Rick: How long was it we had, honey? Elsa: I didn't count the days. Rick: Well I did, every one of them. Mostly I remember the last one. The wow finish. The guy standing on the station platform in the rain with a comical look on his face because his insides had been kicked out. - Humphrey Bogart Ingrid Bergman, _Casablanca_ ___ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
Enhancement requests
Hi all. There are two enhancements I would like to see, both connected with the stuff it ignores on import and update: 1. cvs already ignores *.Z archives, so can it also be set to ignore *.bz2 and *.gz archives as well. 2. Can CVS be 'trained' to differentiate between directories and files for the various ignore entries? One obvious way to me would be to say that if the entry in the list of files to ignore ends with a / then that refers to a directory to be ignored, and any entry not ending with this character refers to a file. This would mean that to ignore something as both, it would need to be entered twice, once in each format. I will add that on looking at ignore.c I get the impression that something along these lines has already been a\dded, but just doesn't work. Comments anybody? Best wishes from Riley. ___ Bug-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-cvs
RE: bug / enhancement regarding cvs log
Hi Thanks for bearing with me here. Here is the explanaton. current status of the repository module : WSA/iCare - everything commited and in sync and the latest version tagged with iCare060 modified Application.java - say for e.g., added a line break at the beginning of the file cvs commit Application.java and gave a log : cvs testing cvs rtag dev2310 WSA/iCare when you do a cvs log -rdev2310 -wnavin you get the foll. output. (For brevity I have kept the log of the first 3-4 files only.) Notice that I had modified only Application.java in the revision tag dev2310 and I got many more files which weren't even modified in this tag - and I get the same output even if I do cvs log -riCare060::. What I really wanted was to have an option to have a log of files modified in this tag only. Currently, as a workaround I do a cvs rdiff -s -r iCare060 dev2310 WSA/iCare which gives me a list of files modified after iCare060 and till dev2310 in this case the output comes as File WSA/iCare/Application.java changed from revision 1.61 to 1.62 - i then pipe this output to a perl program which builds the list of files (in a string separated by spaces) which were listed here. This list is then passed to the log command. For me, this is not a very clean solution because if I want complete flexibility I have to pass 2 separate set of tags - one to the rdiff command which prints the summary of files which have changed and the other set to the log command. I hope I have not been too ambiguous in explaining things here. I use this functionality to build my Changelog for each person working on the repository. Thanks. -navin. = RCS file: /mnt/cvsroot/WSA/iCare/Application.java,v Working file: Application.java head: 1.62 branch: locks: strict access list: symbolic names: dev2310: 1.62 iCare060: 1.61 iCare059: 1.60 iCare058: 1.60 dev0910: 1.60 iCare057A: 1.60 iCare057: 1.60 iCare056: 1.60 iCare055: 1.60 iCare054: 1.59 iCare053: 1.58 iCare052A: 1.58 BRANCH_ICARE052: 1.58.0.2 iCare052: 1.58 iCare051A: 1.58 iCare051: 1.58 iCare050A: 1.58 iCare050: 1.58 iCare049: 1.56 iCare048: 1.54 iCare047: 1.54 iCare046: 1.48 iCare045: 1.48 iCare044: 1.48 iCare043: 1.46 iCare042: 1.46 iCare041: 1.46 iCare040: 1.44 iCare039: 1.44 iCare038: 1.44 iCare037: 1.44 iCare036: 1.43 iCare035: 1.42 iCare34preFrank: 1.41 iCare033: 1.35 iCare032: 1.34 iCare031: 1.31 dev2108: 1.30 iCare030: 1.29 iCare029: 1.27 iCare028: 1.25 iCare027: 1.24 iCare026: 1.21 dev0208: 1.21 dev0108: 1.21 iCare025: 1.21 iCare024: 1.21 version023: 1.20 iCare022: 1.19 iCare021: 1.19 dev1407: 1.12 dev1107: 1.7 dev0507: 1.5 iCare018: 1.5 dev-0626: 1.5 dev1: 1.4 v017: 1.1.1.1 wsa: 1.1.1 keyword substitution: kv total revisions: 63;selected revisions: 1 description: revision 1.62 date: 2001/10/23 00:27:43; author: navin; state: Exp; lines: +1 -0 cvs testing = RCS file: /mnt/cvsroot/WSA/iCare/CustomDBDelegate.java,v Working file: CustomDBDelegate.java head: 1.2 branch: locks: strict access list: symbolic names: dev2310: 1.2 iCare060: 1.2 iCare059: 1.2 iCare058: 1.2 dev0910: 1.2 iCare057A: 1.2 iCare057: 1.2 iCare056: 1.2 iCare055: 1.2 iCare054: 1.2 iCare053: 1.2 iCare052A: 1.2 BRANCH_ICARE052: 1.2.0.2 iCare052: 1.2 iCare051A: 1.1 iCare051: 1.1 iCare050A: 1.1 iCare050: 1.1 iCare049: 1.1 iCare048: 1.1 iCare047: 1.1 iCare046: 1.1 iCare045: 1.1 iCare044: 1.1 iCare043: 1.1 iCare042: 1.1 iCare041: 1.1 iCare040: 1.1 iCare039: 1.1 iCare038: 1.1 iCare037: 1.1 iCare036: 1.1 iCare035: 1.1 iCare34preFrank: 1.1 iCare033: 1.1 iCare032: 1.1 iCare031: 1.1 dev2108: 1.1 keyword substitution: kv total revisions: 2; selected revisions: 1 description: revision 1.2 date: 2001/09/21 01:00:00; author: navin; state: Exp; lines: +10 -8 was trying to implement DatabaseDelegate = RCS file: