[Pkg-cvs-commits] r80 - in /trunk: changelog patches/69_ext_allowroot
93sam at users.alioth.debian.org
93sam at users.alioth.debian.org
Sun May 18 01:32:46 UTC 2008
Author: 93sam
Date: Sun May 18 01:32:46 2008
New Revision: 80
URL: http://svn.debian.org/wsvn/?sc=1&rev=80
Log:
* Be more aggressive about checking --allow-root; can now be used for
limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
thanks to Tim Riker for the original patch.
Added:
trunk/patches/69_ext_allowroot
Modified:
trunk/changelog
Modified: trunk/changelog
URL: http://svn.debian.org/wsvn/trunk/changelog?rev=80&op=diff
==============================================================================
--- trunk/changelog (original)
+++ trunk/changelog Sun May 18 01:32:46 2008
@@ -1,3 +1,11 @@
+cvs (1:1.12.13-11) unstable; urgency=low
+
+ * Be more aggressive about checking --allow-root; can now be used for
+ limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
+ thanks to Tim Riker for the original patch.
+
+ -- Steve McIntyre <93sam at debian.org> Mon, 27 Jan 2008 19:08:02 +0000
+
cvs (1:1.12.13-10) unstable; urgency=low
* Fix the internal getcwd() function to cope with working inside a
Added: trunk/patches/69_ext_allowroot
URL: http://svn.debian.org/wsvn/trunk/patches/69_ext_allowroot?rev=80&op=file
==============================================================================
--- trunk/patches/69_ext_allowroot (added)
+++ trunk/patches/69_ext_allowroot Sun May 18 01:32:46 2008
@@ -0,0 +1,80 @@
+# Be more aggressive about checking --allow-root; can now be used for
+# limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
+# Original patch by Tim Riker <Tim at Rikers.org>, slightly cleaned up
+diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
+--- cvs-1.12.13-old/src/cvs.h 2008-04-07 14:38:12.000000000 +0100
++++ cvs-1.12.13/src/cvs.h 2008-04-07 15:03:17.000000000 +0100
+@@ -399,8 +399,7 @@
+ extern int noexec; /* Don't modify disk anywhere */
+ extern int readonlyfs; /* fail on all write locks; succeed all read locks */
+ extern int logoff; /* Don't write history entry */
+-
+-
++extern int allowed_root_req; /* Should we limit to a specified root? */
+
+ #define LOGMSG_REREAD_NEVER 0 /* do_verify - never reread message */
+ #define LOGMSG_REREAD_ALWAYS 1 /* do_verify - always reread message */
+diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
+--- cvs-1.12.13-old/src/main.c 2008-04-07 14:38:12.000000000 +0100
++++ cvs-1.12.13/src/main.c 2008-04-07 15:04:51.000000000 +0100
+@@ -45,6 +45,7 @@
+ int noexec = 0;
+ int readonlyfs = 0;
+ int logoff = 0;
++int allowed_root_req = 0;
+ char *PasswordFileName = NULL;
+
+ /***
+@@ -648,6 +649,7 @@
+ case 3:
+ /* --allow-root */
+ root_allow_add (optarg, gConfigPath);
++ allowed_root_req = 1;
+ break;
+ #endif /* SERVER_SUPPORT */
+ case 5:
+diff -ruN cvs-1.12.13-old/src/root.c cvs-1.12.13/src/root.c
+--- cvs-1.12.13-old/src/root.c 2008-04-07 14:38:11.000000000 +0100
++++ cvs-1.12.13/src/root.c 2008-04-07 15:39:49.000000000 +0100
+@@ -293,6 +293,12 @@
+ dellist (&root_allow);
+ }
+
++int
++root_allow_used ()
++{
++ return (root_allow != NULL);
++}
++
+ bool
+ root_allow_ok (const char *arg)
+ {
+diff -ruN cvs-1.12.13-old/src/root.h cvs-1.12.13/src/root.h
+--- cvs-1.12.13-old/src/root.h 2005-09-25 01:38:29.000000000 +0100
++++ cvs-1.12.13/src/root.h 2008-04-07 15:40:04.000000000 +0100
+@@ -64,6 +64,7 @@
+ void root_allow_add (const char *, const char *configPath);
+ void root_allow_free (void);
+ bool root_allow_ok (const char *);
++int root_allow_used ();
+ struct config *get_root_allow_config (const char *arg, const char *configPath);
+ const char *primary_root_translate (const char *root_in);
+ const char *primary_root_inverse_translate (const char *root_in);
+diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
+--- cvs-1.12.13-old/src/server.c 2008-04-07 14:38:12.000000000 +0100
++++ cvs-1.12.13/src/server.c 2008-04-07 15:43:01.000000000 +0100
+@@ -801,6 +801,14 @@
+ return;
+ }
+
++ if (root_allow_used() && !root_allow_ok(arg))
++ {
++ if (alloc_pending (80 + strlen (arg)))
++ sprintf (pending_error_text,
++ "E Bad root %s", arg);
++ return;
++ }
++
+ /* Set original_parsed_root here, not because it can be changed in the
+ * client Redirect sense, but so we don't have to switch in code that
+ * runs in both modes to decide which to print.
More information about the Pkg-cvs-commits
mailing list