[Pkg-cvs-commits] r80 - in /trunk: changelog patches/69_ext_allowroot

93sam at users.alioth.debian.org 93sam at users.alioth.debian.org
Sun May 18 01:32:46 UTC 2008 

Author: 93sam
Date: Sun May 18 01:32:46 2008
New Revision: 80

URL: http://svn.debian.org/wsvn/?sc=1&rev=80
Log:
  * Be more aggressive about checking --allow-root; can now be used for
    limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
    thanks to Tim Riker for the original patch.


Added:
    trunk/patches/69_ext_allowroot
Modified:
    trunk/changelog

Modified: trunk/changelog
URL: http://svn.debian.org/wsvn/trunk/changelog?rev=80&op=diff
==============================================================================
--- trunk/changelog (original)
+++ trunk/changelog Sun May 18 01:32:46 2008
@@ -1,3 +1,11 @@
+cvs (1:1.12.13-11) unstable; urgency=low
+
+  * Be more aggressive about checking --allow-root; can now be used for
+    limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
+    thanks to Tim Riker for the original patch.
+
+ -- Steve McIntyre <93sam at debian.org>  Mon, 27 Jan 2008 19:08:02 +0000
+
 cvs (1:1.12.13-10) unstable; urgency=low
 
   * Fix the internal getcwd() function to cope with working inside a

Added: trunk/patches/69_ext_allowroot
URL: http://svn.debian.org/wsvn/trunk/patches/69_ext_allowroot?rev=80&op=file
==============================================================================
--- trunk/patches/69_ext_allowroot (added)
+++ trunk/patches/69_ext_allowroot Sun May 18 01:32:46 2008
@@ -0,0 +1,80 @@
+# Be more aggressive about checking --allow-root; can now be used for
+# limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
+# Original patch by Tim Riker <Tim at Rikers.org>, slightly cleaned up
+diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
+--- cvs-1.12.13-old/src/cvs.h	2008-04-07 14:38:12.000000000 +0100
++++ cvs-1.12.13/src/cvs.h	2008-04-07 15:03:17.000000000 +0100
+@@ -399,8 +399,7 @@
+ extern int noexec;		/* Don't modify disk anywhere */
+ extern int readonlyfs;		/* fail on all write locks; succeed all read locks */
+ extern int logoff;		/* Don't write history entry */
+-
+-
++extern int allowed_root_req;    /* Should we limit to a specified root? */
+ 
+ #define LOGMSG_REREAD_NEVER 0	/* do_verify - never  reread message */
+ #define LOGMSG_REREAD_ALWAYS 1	/* do_verify - always reread message */
+diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
+--- cvs-1.12.13-old/src/main.c	2008-04-07 14:38:12.000000000 +0100
++++ cvs-1.12.13/src/main.c	2008-04-07 15:04:51.000000000 +0100
+@@ -45,6 +45,7 @@
+ int noexec = 0;
+ int readonlyfs = 0;
+ int logoff = 0;
++int allowed_root_req = 0;
+ char *PasswordFileName = NULL;
+ 
+ /***
+@@ -648,6 +649,7 @@
+ 	    case 3:
+ 		/* --allow-root */
+ 		root_allow_add (optarg, gConfigPath);
++                allowed_root_req = 1;
+ 		break;
+ #endif /* SERVER_SUPPORT */
+ 	    case 5:
+diff -ruN cvs-1.12.13-old/src/root.c cvs-1.12.13/src/root.c
+--- cvs-1.12.13-old/src/root.c	2008-04-07 14:38:11.000000000 +0100
++++ cvs-1.12.13/src/root.c	2008-04-07 15:39:49.000000000 +0100
+@@ -293,6 +293,12 @@
+     dellist (&root_allow);
+ }
+ 
++int
++root_allow_used ()
++{
++    return (root_allow != NULL);
++}
++
+ bool
+ root_allow_ok (const char *arg)
+ {
+diff -ruN cvs-1.12.13-old/src/root.h cvs-1.12.13/src/root.h
+--- cvs-1.12.13-old/src/root.h	2005-09-25 01:38:29.000000000 +0100
++++ cvs-1.12.13/src/root.h	2008-04-07 15:40:04.000000000 +0100
+@@ -64,6 +64,7 @@
+ void root_allow_add (const char *, const char *configPath);
+ void root_allow_free (void);
+ bool root_allow_ok (const char *);
++int root_allow_used ();
+ struct config *get_root_allow_config (const char *arg, const char *configPath);
+ const char *primary_root_translate (const char *root_in);
+ const char *primary_root_inverse_translate (const char *root_in);
+diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
+--- cvs-1.12.13-old/src/server.c	2008-04-07 14:38:12.000000000 +0100
++++ cvs-1.12.13/src/server.c	2008-04-07 15:43:01.000000000 +0100
+@@ -801,6 +801,14 @@
+ 	return;
+     }
+ 
++    if (root_allow_used() && !root_allow_ok(arg))
++    {
++	if (alloc_pending (80 + strlen (arg)))
++	    sprintf (pending_error_text,
++		     "E Bad root %s", arg);
++	return;
++    }
++
+     /* Set original_parsed_root here, not because it can be changed in the
+      * client Redirect sense, but so we don't have to switch in code that
+      * runs in both modes to decide which to print.

More information about the Pkg-cvs-commits mailing list