[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: User variable (Expert question)
From: |
Mark D. Baushke |
Subject: |
Re: User variable (Expert question) |
Date: |
Mon, 10 Feb 2003 10:01:29 -0800 |
Sylvain Lemieux <address@hidden> writes:
> I need the help of a CVS expert that could help solving the following
> problem:
>
> I have built a program to check commit and have people provide an
> acceptance code when they commit there modification.
>
> To do so, I am using a user variable in the commitinfo file to pass the
> extra information. Here is the line I have in my commitinfo.
>
> DEFAULT /serv/CVSROOT/commitcheck ${=COMMITCODE}
>
> If I use the following command line:
>
> cvs -s COMMITCODE=12345 commit
>
> Then ${=COMMITCODE} will be replaced by 12345 and passed as an extra
> argument.
>
> However, if people do cvs commit, the variable is left undefined and my
> commitcheck program isn't called, which create a flaw in my attempt to
> restrict commit. This is real problem for me as people are exploiting
> that flaw to bypass the commit security.
>
> Is there a way to ensure my program is call even is the variable is
> undefined?
>
> Any help will be appreciated!
First, a cvs import will not trigger the commitinfo checks, so there is
still a potential hole in your commit process.
Second, using cvs 1.11.5 and the ccvs version I see the following:
% cvs ci -m test test.c
cvs server: commitinfo:16: no such user variable ${=COMMITCODE}
cvs server: Pre-commit check failed
cvs [server aborted]: correct above errors first!
% cvs -s COMMITCODE=12345 ci -m test test.c
RCS file: /tmp/cvs-sanity/cvsroot/CVSROOT/test.c,v
done
Checking in test.c;
/tmp/cvs-sanity/cvsroot/CVSROOT/test.c,v <-- test.c
initial revision: 1.1
done
cvs server: Rebuilding administrative file database
% cat -n commitinfo
1 # The "commitinfo" file is used to control pre-commit checks.
2 # The filter on the right is invoked with the repository and a list
3 # of files to check. A non-zero exit of the filter program will
4 # cause the commit to be aborted.
5 #
6 # The first entry on a line is a regular expression which is tested
7 # against the directory that the change is being committed to,
relative
8 # to the $CVSROOT. For the first match that is found, then the
remainder
9 # of the line is the name of the filter to run.
10 #
11 # If the repository name does not match any of the regular
expressions in this
12 # file, the "DEFAULT" line is used, if it is specified.
13 #
14 # If the name "ALL" appears as a regular expression it is always used
15 # in addition to the first matching regex or "DEFAULT".
16 DEFAULT $CVSROOT/CVSROOT/commitcheck foo=${=COMMITCODE}
% cat /tmp/cvs-santiy/cvsroot/CVSROOT/commitcheck
#!/bin/sh
case $1 in
foo=12345) exit 0 ;;
*) exit 1 ;;
esac
%
So, I am unable to reproduce your problem. Perhaps you could try with a
newer version of cvs and see if you still have the problem?
Enjoy!
-- Mark