RE: cvs passwd management

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cvs passwd management

From:	Rudy Zung
Subject:	RE: cvs passwd management
Date:	Wed, 12 Apr 2006 16:08:48 -0400

The name of the file mentioned below should be cvsuseradmins,
and not cvsadminusers. My bad :-(

-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf
Of Rudy Zung
Sent: Wednesday, April 12, 2006 3:57 PM
To: Troubled User; address@hidden
Subject: RE: cvs passwd management

Two scripts supplied gratis and as is. Written specifically for my
needs, and I am unlikely to entertain any maintenance requests for it.

Idiosyncracies: call cvsuser script with arguments (see below); cvsuser
will call cryptout.pl, so you generally won't need to deal with cryptout
directly. You must be in the CVSROOT directory where the cvs passwd (NOT
the /etc/passwd) file is located when you invoke cvsuser. My
implementation of cvsuser also requires your Unix login name be present
in a file called cvsadminusers, which should be in the same directory as
the CVSROOT/passwd file. It really doesn't give you much protection,
just enough to prevent my people from accidentally running the script;
you can probably comment out that whole block from cvsuser.

Usage:
Add user to CVSROOT:
   cvsuser <username> <password>
Remove user from CVSROOT:
   cvsuser <username>
Copy password from another CVSROOT:
   cvsuser <username> /<rootName>
This last one has been hardcoded to my intallation where all my roots
are under /cvs; so to copy joeuser from /cvs/someOtherProject, you use:
   cvsuser joeuser /someOtherProject
This also precludes people from having a password that starts with an
initial forward slash.

...Rudy

First script: /usr/local/bin/cryptout.pl:
======= start script =======
#!/usr/bin/perl

# take from fogel CVS book page 114
srand (time());
my $randletter = "(int rand(2) + 0.5) % 2 ? (int rand(10) + 48) : (int
(rand(26)) + (int (rand(1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf("%c%c",
                   eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt($plaintext, $salt);

print "${crypttext}\n";
======= end script =======

Second script: /usr/local/bin/cvsuser:
======= start script =======
#!/bin/sh

CHGRP=/bin/chgrp
CHMOD=/bin/chmod
ECHO=/bin/echo
GREP=/bin/grep
LN=/bin/ln
RM=/bin/rm

if (( ($# < 1) || ($# > 3) )) ; then
   $ECHO "usage: $0 username [ password | /cvsrootname ]"
   $ECHO "       blank password deletes user"
   exit 1
fi

if [[ ( `/bin/pwd | cut -c 1-9` != /usr/cvs/ ) && \
      ( `/bin/pwd | cut -c 1-5` != /cvs/ ) ]] ; then
   $ECHO Can only be run under /cvs tree
   exit 2
fi

if [[ ! -e cvsuseradmins ]] ; then
   $ECHO No cvsuseradmins file found
   exit 3
fi

if [ `/usr/bin/id -u` -ne 0 ] ; then
   if ( ! { $GREP `/usr/bin/whoami` cvsuseradmins > /dev/null ; } ) ;
then 
      $ECHO You are not a CVS user administrator for this CVSROOT
      exit 4
   fi
fi

if [[ ! -e passwd ]] ; then
   $ECHO No passwd file found
   exit 5
fi

#if [[ ! -O passwd ]] ; then
#   echo Unwilling to modify passwd file owned by \
#        `/bin/ls -l passwd | cut -d " " -f 5`
#   exit 9
#fi

if [ -e passwd.tmp ] ; then
   $RM -f passwd.tmp
fi

$GREP -v ^$1: passwd | $GREP -v ^\$ > passwd.tmp
$CHGRP cvs passwd.tmp
$CHMOD ug=rw,o-rwx passwd.tmp

if [ -z $2 ] ; then
   if ( { /usr/bin/diff passwd passwd.tmp > /dev/null ; } ) ; then
      $ECHO No $1 to remove
   else
      $ECHO Removed $1
   fi
else
   if [[ `$ECHO $2 | cut -c 1` == '/' ]] ; then
#      /bin/grep ^$1: $2 >> passwd.tmp
      $GREP ^$1: ../../${2}/CVSROOT/passwd >> passwd.tmp
      if ( ! { $GREP $1: passwd.tmp > /dev/null ; } ) ; then
         $ECHO User $1 failed to appear in the passwd file
         $RM passwd.tmp
         exit 10
      fi
   else
      $ECHO $1:`/usr/local/bin/cryptout.pl $2`:${3:-cvs} >> passwd.tmp
      if ( ! { $GREP $1: passwd.tmp > /dev/null ; } ) ; then
         $ECHO User $1 failed to appear in the passwd file\; reverting
         $RM passwd.tmp
         exit 11
      fi
   fi
fi

# lossless operation to hardlink a backup, then hardlink passwd to the
tmp
/$LN -f passwd     passwd.bak
/$LN -f passwd.tmp passwd

# this is correct: if we have a good passwd file, we can rm the tmp
if [ -e passwd ] ; then
   $RM -f passwd.tmp
fi
======= end script =======

...Rudy

-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of
Troubled User
Sent: Wednesday, April 12, 2006 12:42 PM
To: address@hidden
Subject: cvs passwd management

Im trying to find a tool that will help me edit the cvsroot/passwd file.
(there are multiple cvsroots / passwd files  involved)

I'm in the middle of writing a perl script, but i don't like the way it
works.  It basically does the following:

1. copy passwd to passwd.tmp
2. read passwd.tmp. 
   2a.  (for each line) if the user on the current line is Not the user
im trying to edit, then print the current line to passwd.
           If it is the user im editing, then print a variable
containing the new value to passwd instead of what was in passwd.tmp
   2b. If the user was not in passwd.tmp, add an entry for the new user
to the end of passwd
3. delete passwd.tmp

this will work, but i just think it's sloppy, and would rather use a
tool that is already been developed.
_______________________________________________
info-cvs mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/info-cvs

_______________________________________________
info-cvs mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/info-cvs

[Prev in Thread]

Current Thread

[Next in Thread]

cvs passwd management, Troubled User, 2006/04/12
- RE: cvs passwd management, Rudy Zung, 2006/04/12
- RE: cvs passwd management, Rudy Zung <=

Prev by Date: RE: cvs passwd management
Next by Date: RE: how filter file with tortoise cvs when update?
Previous by thread: RE: cvs passwd management
Next by thread: auto branch propagation
Index(es):
- Date
- Thread