Re: user.c, user.h

[Derek Robert Price]

Andrey Aristarkhov wrote:

> > -----Original Message-----
> > From: Derek Robert Price [mailto:derek@ximbiot.com]
> > Sent: Wednesday, August 14, 2002 5:07 PM
> > To: Andrey Aristarkhov
> > Cc: bug-cvs@gnu.org
> > Subject: Re: user.c, user.h
> >    
>
> [skipped]
>
>
>  
>
> > > You are right. There must be a struct like this
> > > struct cvs_passwd {
> > >         char * username;
> > >         char * passwd;
> > >         char * alias;
> > >         /* from CVSROOT/users */
> > >         char * notify_name;
> > > } cvspasswd_t;
> > > and corresponded function
> > >
> > > cvspasswd_t * getcvspwent(const char * user, const char *
> > >      
> passwd_file);
>  
>
> > > or even better
> > > cvspasswd_t * getcvspwent(const char * user, int file_type /*
> > > PASSWD_LOCAL | PASSWD_ROOT */);
> > > PASSWD_LOCAL is for ~/.cvspasswd and PASSWD_ROOT is for
> > >      
> CVSROOT/passwd
>  
>
> > >      
> > Let's name them like the system functions.  The system getpwent()
> > iterates over the entries in the file, returning a new passwd
> >    
> structure
>  
>
> > with each call.  getpwnam() looks up a single passwd structure by user
> > name.
> >    
> Ok. Thus, there will be three functions for passwords reading
> getcvspwent(int mode);
> getcvspwnam(const char * username, int mode);
> endcvspwent(int mode);
> where mode is
> enum cvspwmode {CPM_LOCAL, CPM_ROOT, CPM_CURRENT};
> CPM_CURRENT is necessary for consequent calls to getcvspwent() function;
>  

cvspwmode won't mean much the way you have things defined at the moment. 
The .cvspass file only contains a set of repositories (CVSROOTs) and 
passwords.  You could expand the cvspasswd_t structure to include 
cvsroot, I suppose and let the user decide which elements to look at.

Of course, if you really wanted to use the same function to access both 
files, you could probably switch its operation on the global 
server_active and client_active variables.  There shouldn't ever be a 
need to call both from the same process.

> > > Sorry for some uncertainty. I meant that user's caller prinicipal and
> > > CVS user name could be deferent.
> > >
> > >
> > >      
> > What is written in the log file on commit in local mode under NT then?
> >    
> NT user name, of course. 
> Ok. I try to explain again (sorry, English is not my native language).
> My UNIX account name is 'dron' but my CVS account is 'arist'. Thus, with
> current implementation of 'password' I'm able to change my password for
> 'arist' running 'cvs pass arist'
>  

Passwords are irrelevant in local mode regardless.  About the only 
reason to want to run this command in local mode should be if you're a 
cvs administrator.  Then file system permissions should be relied on 
rather than CVS passwords.

This means that there is no reason for non-administrators to have to 
specify a username.  They would have already run, for example, `cvs 
login' as user `arist' first anyhow, so CVS knows the CVS username 
already - it is specified in the CVSROOT.

Hrm.  There is an argument that keeping a CVSROOT/passwd file writeable 
for all cvs users is a security flaw, but OS file permissions could 
still be used to leave that configuration detail up to the administrator.

Derek

--
               *8^)

Email: derek@ximbiot.com

Get CVS support at http://ximbiot.com
--
The man who reads nothing at all is better educated than the man who reads
nothing but newspapers.

                        - Thomas Jefferson (1743-1826)