[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "cvs server" accepts but ignored --allow-root
From: |
Tim Riker |
Subject: |
Re: "cvs server" accepts but ignored --allow-root |
Date: |
Wed, 20 Nov 2002 22:58:45 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020913 Debian/1.1-1 |
patch attached to enable handling --allow-server for "cvs server" use.
It's against 1.11.1p1 as I added it to server running the older release,
but it's trivial, so applying to 1.11.2 would be easy.
Tim Riker wrote:
It seems that --allow-root is not handled by cvs when using server.
I have found many FAQs on the net that indicate I should setup cvs over
ssh using something like:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/cvs
--allow-root=/cvs/limited server" ssh-dss A...ys= timr@localhost
Which would then limit cvsroot to /cvs/limited. This is NOT the case.
cvs silently accepts the --allow-root, but does not process it. It DOES
process it if used with pserver.
Accepting the argument if it will not be handled is a bug.
Not handling the argument if it is accepted it also a bug.
As there are sites using this (or thinking they are using this) now, I
would strongly recommend it get added as a feature.
Documenting the non-feature and correctly reporting the error would
probably be tougher.
I would think a call to root_allow_ok() from server_root() and making
the "error 0" clause in root_allow_ok() be conditional on Pserver_Repos
would do the trick.
--
Tim Riker - http://rikers.org/ - TimR@Debian.org
Lineo CTO - Tim@Lineo.com - http://www.Lineo.com/
BZFlag maintainer - http://BZFlag.org/ - for fun!
diff -Naur cvs-1.11.1p1.orig/src/cvs.h cvs-1.11.1p1/src/cvs.h
--- cvs-1.11.1p1.orig/src/cvs.h Tue Apr 24 12:14:53 2001
+++ cvs-1.11.1p1/src/cvs.h Wed Nov 20 22:15:40 2002
@@ -465,6 +465,7 @@
void Create_Root PROTO((char *dir, char *rootdir));
void root_allow_add PROTO ((char *));
void root_allow_free PROTO ((void));
+int root_allow_used PROTO ((void));
int root_allow_ok PROTO ((char *));
char *gca PROTO((const char *rev1, const char *rev2));
diff -Naur cvs-1.11.1p1.orig/src/root.c cvs-1.11.1p1/src/root.c
--- cvs-1.11.1p1.orig/src/root.c Thu Apr 19 13:45:33 2001
+++ cvs-1.11.1p1/src/root.c Wed Nov 20 22:09:25 2002
@@ -238,6 +238,12 @@
}
int
+root_allow_used ()
+{
+ return root_allow_count != 0;
+}
+
+int
root_allow_ok (arg)
char *arg;
{
diff -Naur cvs-1.11.1p1.orig/src/server.c cvs-1.11.1p1/src/server.c
--- cvs-1.11.1p1.orig/src/server.c Wed Nov 20 22:00:49 2002
+++ cvs-1.11.1p1/src/server.c Wed Nov 20 22:12:54 2002
@@ -760,6 +760,13 @@
"E Protocol error: Duplicate Root request, for %s", arg);
return;
}
+ if (root_allow_used() && !root_allow_ok(arg))
+ {
+ if (alloc_pending (80 + strlen (arg)))
+ sprintf (pending_error_text,
+ "E Bad root %s", arg);
+ return;
+ }
#ifdef AUTH_SERVER_SUPPORT
if (Pserver_Repos != NULL)
- Re: "cvs server" accepts but ignored --allow-root,
Tim Riker <=