[PATCH] read-only access to server repository

[David Decotigny]

Hi,

This is not a "bug" in cvs, but rather a (very small) patch proposal. 
I've added a "roserver" command that does essentially the same as 
"server", with a slight difference: it allows only read-only commands to 
be executed. This allows for an anonymous read-only cvs access through ssh.

The patch is against cvs 1.11.12, and has been tested on x86/linux 2.6.2.

If interested in the "anonymous cvs access through ssh", refer to 
google's cache : 
http://216.239.59.104/search?q=cache:nfX48ERSj0EJ:www.kitenet.net/programs/sshcvs/+anonymous+cvs+ssh&hl=fr&ie=UTF-8
Since it may not be there forever, here are the basics. The principle is 
to distribute a private ssh key (with an empty passphrase) on one side 
(the clients). And, on the other (server) side, to configure the ssh 
account on the server by adding the associated public key to the 
authorized_keys file (usually in ~/.ssh/), *AND* making it limited to 
the execution of the cvs roserver command. The latter is achieved by 
preceding this public key with something like the following in the 
authorized_keys file:
---
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/cvs 
roserver" ssh-rsa AA..._remaining_of_the_public_key_...
---
And the user simply has to use the private key distributed above 
("IdentityFile" config statement in a "Host" declaration of his 
~/.ssh/config) to access the server.

Difference with CVSROOT/readers and writers files ? This method allows 
user "foo" to make its cvs management through ssh in a normal 
(read/write) way, while allowing other people to access to this same 
account (login="foo") for cvs access only in a read-only and controlled 
way. Actually, one cannot set correctly the readers/writers files to 
behave differently with a same user name. Furthermore, they only work 
with the 'pserver' method, not the 'ext' method.

Please reply to me personnaly, I don't plan to register to the mailing 
list. BTW, I was not able to enter this into issuezilla, please do it 
for me...

I have been using cvs daily for many years, and really enjoy it, thanks 
to you all !

Sincerely,

--
David Decotigny

diff -ru cvs-1.11.12/src/cvs.h mycvs/src/cvs.h
--- cvs-1.11.12/src/cvs.h       2004-02-03 18:42:59.000000000 +0100
+++ mycvs/src/cvs.h     2004-02-17 17:39:13.388577565 +0100
@@ -387,6 +387,7 @@
 extern int trace;              /* Show all commands */
 extern int noexec;             /* Don't modify disk anywhere */
 extern int logoff;             /* Don't write history entry */
+extern int roserver;            /* Server repository access is read-only */
 
 extern int top_level_admin;
 
diff -ru cvs-1.11.12/src/main.c mycvs/src/main.c
--- cvs-1.11.12/src/main.c      2004-02-03 15:37:53.000000000 +0100
+++ mycvs/src/main.c    2004-02-17 18:03:01.185121408 +0100
@@ -42,6 +42,7 @@
 int trace = 0;
 int noexec = 0;
 int logoff = 0;
+int roserver = 0;
 
 /* Set if we should be writing CVSADM directories at top level.  At
    least for now we'll make the default be off (the CVS 1.9, not CVS
@@ -135,6 +136,7 @@
     { "rtag",     "rt",       "rfreeze",   cvstag,    
CVS_CMD_MODIFIES_REPOSITORY },
 #ifdef SERVER_SUPPORT
     { "server",   NULL,       NULL,        server,    
CVS_CMD_MODIFIES_REPOSITORY | CVS_CMD_USES_WORK_DIR },
+    { "roserver", NULL,       NULL,        server,    
CVS_CMD_MODIFIES_REPOSITORY | CVS_CMD_USES_WORK_DIR },
 #endif
     { "status",   "st",       "stat",      cvsstatus, CVS_CMD_USES_WORK_DIR },
     { "tag",      "ta",       "freeze",    cvstag,    
CVS_CMD_MODIFIES_REPOSITORY | CVS_CMD_USES_WORK_DIR },
@@ -226,6 +228,7 @@
     "        rtag         Add a symbolic tag to a module\n",
 #ifdef SERVER_SUPPORT
     "        server       Server mode\n",
+    "        roserver     Read-only server mode\n",
 #endif
     "        status       Display status information on checked out files\n",
     "        tag          Add a symbolic tag to checked out version of 
files\n",
@@ -717,6 +720,16 @@
        }
 # endif /* AUTH_SERVER_SUPPORT || HAVE_GSSAPI */
 
+       /* Read only access to repository */
+       if (strcmp (command_name, "roserver") == 0)
+       {
+           /* Mark directory access as Read-Only */
+           roserver = 1;
+
+           /* Pretend we were invoked as a plain server.  */
+           command_name = "server";
+       }
+
        server_active = strcmp (command_name, "server") == 0;
 
 #endif /* SERVER_SUPPORT */
diff -ru cvs-1.11.12/src/server.c mycvs/src/server.c
--- cvs-1.11.12/src/server.c    2004-02-03 17:13:44.000000000 +0100
+++ mycvs/src/server.c  2004-02-17 17:50:08.151303453 +0100
@@ -2421,11 +2421,18 @@
 check_command_legal_p (cmd_name)
     char *cmd_name;
 {
+
+    /* Server access to a read-only repository */
+    if (roserver)
+      return ! (lookup_command_attribute (cmd_name)
+               & CVS_CMD_MODIFIES_REPOSITORY);
+
     /* Right now, only pserver notices illegal commands -- namely,
      * write attempts by a read-only user.  Therefore, if CVS_Username
      * is not set, this just returns 1, because CVS_Username unset
      * means pserver is not active.
      */
+
 #ifdef AUTH_SERVER_SUPPORT
     if (CVS_Username == NULL)
        return 1;