---
Documentation/git-cvsserver.txt | 42 +++++++++++++++++++++++++++---
git-cvsserver.perl | 34 ++++++++++++++++++++++++
t/t9400-git-cvsserver-server.sh | 55 +++++++++++++++++++++++++++++++++++++++
3 files changed, 127 insertions(+), 4 deletions(-)
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt
index 7004dd2..59c8e5d 100644
--- a/Documentation/git-cvsserver.txt
+++ b/Documentation/git-cvsserver.txt
@@ -100,10 +100,44 @@ looks like
------
Only anonymous access is provided by pserve by default. To commit you
-will have to create pserver accounts, simply add a gitcvs.authdb
-setting in the config file of the repositories you want the cvsserver
-to allow writes to, for example:
+will have to specify an authentication option in the config file.
+Currently there are two options are available for authentication through
+pserver in git-cvsserver: one through an authenticator script and an other
+through a textual authentication database.
+
+ a. To use the authentication script based method, simply add a
+ gitcvs.authscript setting in the config file of the repositories you want
+ the cvsserver to allow writes to, for example:
++
+--
+------
+
+ [gitcvs]
+ authscript = /usr/local/bin/cvsserver-auth.sh
+
+------
+The file specified here must be executable by the user the git-cvsserver runs
+under. The script will receive two lines on standard input, the first is the
+username and the second is the password. It should return 0 if the user was
+successfully authenticated, and a non-zero value if not.
+Here is an example for an authentication script which checks the users against
+active directory:
+------
+#!/bin/sh
+# /usr/local/bin/cvsserver-auth.sh
+read username
+read password
+
+wbinfo -a "${username}%${password}"
+------
+--
+
+ b. To use the authentication database based method, simply add a
+ gitcvs.authdb setting in the config file of the repositories you want the
+ cvsserver to allow writes to, for example:
++
+--
------
[gitcvs]
@@ -125,7 +159,7 @@ Alternatively you can produce the password with
perl's crypt() operator:
-----
perl -e 'my ($user, $pass) = @ARGV; printf "%s:%s\n", $user,
crypt($user, $pass)' $USER password
-----
-
+--
Then provide your password via the pserver method, for example:
------
cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name>
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index e9f3037..c89d999 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -197,6 +197,40 @@ if ($state->{method} eq 'pserver') {
}
# Fall through to LOVE
+ } elsif (exists $cfg->{gitcvs}->{authscript} and
+ exists $cfg->{gitcvs}->{authdb}) {
+ print "E Ambiguous configuration of authentication methods. " .
+ "Only one authentication method can be enabled at once\n";
+ print "I HATE YOU\n";
+ exit 1;
+ } elsif (exists $cfg->{gitcvs}->{authscript}) {
+ my $authscript = $cfg->{gitcvs}->{authscript};
+
+ unless (-x $authscript) {
+ print "E The authentication script specified in " .
+ "[gitcvs.authscript] cannot be executed\n";
+ print "I HATE YOU\n";
+ exit 1;
+ }
+
+ open my $script_fd, '|-', "'$authscript'"
+ or die "Couldn't open authentication script '$authscript': $!";
+
+ if (length($password) > 0) {
+ $password = descramble($password);
+ }
+
+ print $script_fd "$user\n";
+ print $script_fd "$password\n";
+ close $script_fd;
+
+ unless ($? == 0) {
+ print "E External script authentication failed.\n";
+ print "I HATE YOU\n";
+ exit 1;
+ }
+
+ # Fall through to LOVE
} else {
# Trying to authenticate a user
if (not exists $cfg->{gitcvs}->{authdb}) {
diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
index 8639506..ab5cb26 100755
--- a/t/t9400-git-cvsserver-server.sh
+++ b/t/t9400-git-cvsserver-server.sh
@@ -64,6 +64,16 @@ test_expect_success 'basic checkout' \
# PSERVER AUTHENTICATION
#------------------------
+cat >"$SERVERDIR/authscript.sh" <<EOF
+#!/bin/sh
+read username
+read password
+
+test "\$username" = cvsuser -a "\$password" = cvspassword
+EOF
+
+chmod a+x "$SERVERDIR/authscript.sh"
+
cat >request-anonymous <<EOF
BEGIN AUTH REQUEST
$SERVERDIR
@@ -134,6 +144,51 @@ test_expect_success 'pserver authentication
failure (login/non-anonymous user)'
fi &&
sed -ne \$p log | grep "^I HATE YOU\$"'
+GIT_DIR="$SERVERDIR" git config gitcvs.authscript
"$SERVERDIR/authscript.sh" || exit 1
+
+test_expect_success 'pserver authentication failure (both
authentication methods)' \
+ 'if cat request-git | git-cvsserver pserver >log 2>&1
+ then
+ false
+ else
+ true
+ fi &&
+ sed -ne \$p log | grep "^I HATE YOU\$"'
+
+GIT_DIR="$SERVERDIR" git config --unset gitcvs.authdb || exit 1
+
+test_expect_success 'pserver authentication (authscript)' \
+ 'cat request-anonymous | git-cvsserver pserver >log 2>&1 &&
+ sed -ne \$p log | grep "^I LOVE YOU\$"'
+
+test_expect_success 'pserver authentication failure (authscript,
non-anonymous user)' \
+ 'if cat request-git | git-cvsserver pserver >log 2>&1
+ then
+ false
+ else
+ true
+ fi &&
+ sed -ne \$p log | grep "^I HATE YOU\$"'
+
+test_expect_success 'pserver authentication success (authscript,
non-anonymous user with password)' \
+ 'cat login-git-ok | git-cvsserver pserver >log 2>&1 &&
+ sed -ne \$p log | grep "^I LOVE YOU\$"'
+
+test_expect_success 'pserver authentication (authscript, login)' \
+ 'cat login-anonymous | git-cvsserver pserver >log 2>&1 &&
+ sed -ne \$p log | grep "^I LOVE YOU\$"'
+
+test_expect_success 'pserver authentication failure (authscript,
login/non-anonymous user)' \
+ 'if cat login-git | git-cvsserver pserver >log 2>&1
+ then
+ false
+ else
+ true
+ fi &&
+ sed -ne \$p log | grep "^I HATE YOU\$"'
+
+GIT_DIR="$SERVERDIR" git config --unset gitcvs.authscript || exit 1
+GIT_DIR="$SERVERDIR" git config gitcvs.authdb "$SERVERDIR/auth.db" || exit 1
# misuse pserver authentication for testing of req_Root
--
1.7.0.4
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html