CVS Internal Authorization Patch

[Mark D. Roth]

I've attached a patch for cvs-1.11 which adds internal user and
authorization capability to CVS.  It is primarily based on this patch
for 1.10.3 from Corey Minyard:

   http://www.cvshome.org/cyclic/cvs/dev-access.txt

I have made the following modifications to Corey's original patch:

  * Changed src/setpass.c to use the builtin RCS functions instead of
    executing external binaries.

  * Changed auth code in src/perms.c to inherit directory owner and
    permissions from parent directories.

  * Because permissions are now inheritted from the parent when not
    explicitly set in the child, doing a "cvs add" on a directory no
    longer creates an empty perms file for that directory.  (It still
    sets the owner of the new directory, however.)

  * When doing a "cvs import" of a new directory, if the directory
    does not lie under a previously existing subdirectory of the CVS
    root, an empty perms file will be written.  (This prevents the
    perms from being inheritted from the root directory of the
    repository, so that using "ALL:c" in the root directory can allow
    any user to create a new hierarchy without opening up permissions
    in the new hierarchy itself.)

  * Fixed a bug in deluser() which caused the admin's account to be
    deleted instead of the user specified on the commandline.

  * Tweaked configure.in to allow --with-gssapi to work with MIT
    krb5-1.2.1.

  * Added very basic syslog() support.

  * Fixed "-D" flag to work with --allow-root option.

We've been using a slightly older version of this patch for 1.10.8 in
Production for several months now with no problems, but I'd appreciate
any feedback 

-- 
Mark D. Roth <address@hidden>
http://www.feep.net/~roth/

cvs-1.11-auth-20001106.diff
Description: Text document