Sam Vilain <sam@xxxxxxxxxx> writes: > Ævar Arnfjörð Bjarmason wrote: >> Yes see [1] it works but the list members wanted some tool to manage >> passwords too which I didn't pursue since it worked for me in its >> present form. >> >> 1. http://lists-archives.org/git/640574-authentication-support-for-pserver.html > > Cool, well done. Having re-read that thread, I think Martin Langhoff's > response > http://lists-archives.org/git/641074-authentication-support-for-pserver.html > is the most pertinent. I didn't see any requests for an actual tool to > be written, just that the password file be separate to the git config > file, and/or use crypt() to store its contents. Perhaps point them at > "htpasswd" if they want a tool :) > > This patch is untested and sits on top of the previous patch by Ævar. > Pullable from git://git.catalyst.net.nz/git.git#cvsserver-auth > > Subject: [PATCH] git-cvsserver: use a password file cvsserver pserver > > If a git repository is shared via HTTP, the config file is typically > visible. Use an external file instead. > --- > Documentation/git-cvsserver.txt | 21 ++++++++++++++++----- > git-cvsserver.perl | 27 ++++++++++++++------------- > 2 files changed, 30 insertions(+), 18 deletions(-) > > diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt > index 98183d4..c642f12 100644 > --- a/Documentation/git-cvsserver.txt > +++ b/Documentation/git-cvsserver.txt > @@ -97,16 +97,27 @@ looks like > ------ > > Only anonymous access is provided by pserve by default. To commit you > -will have to create pserver accounts, simply add a [gitcvs.users] > -section to the repositories you want to access, for example: > +will have to create pserver accounts, simply add a gitcvs.authdb > +setting in the config file of the repositories you want the cvsserver > +to allow writes to, for example: > > ------ > > - [gitcvs.users] > - someuser = somepassword > - otheruser = otherpassword > + [gitcvs] > + authdb = /etc/cvsserver/passwd > > ------ > +The format of these files is username followed by the crypted password, > +for example: > + > +------ > + myuser:$1Oyx5r9mdGZ2 > + myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./ > +------ > +You can use the 'htpasswd' facility that comes with Apache to make these > +files, but Apache's MD5 crypt method differs from the one used by most C > +library's crypt() function, so don't use the -m option. > + > Then provide your password via the pserver method, for example: > ------ > cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name> > diff --git a/git-cvsserver.perl b/git-cvsserver.perl > index 9bc2ff5..e54cbcd 100755 > --- a/git-cvsserver.perl > +++ b/git-cvsserver.perl > @@ -156,24 +156,25 @@ if ($state->{method} eq 'pserver') { > > unless ($user eq 'anonymous') { > # Trying to authenticate a user > - if (not exists $cfg->{gitcvs}->{users}) { > - print "E the repo config file needs a [gitcvs.users] section with user/password key-value pairs\n"; > + if (not exists $cfg->{gitcvs}->{authdb}) { > + print "E the repo config file needs a [gitcvs.authdb] section with a filename\n"; > print "I HATE YOU\n"; > exit 1; > - } elsif (exists $cfg->{gitcvs}->{users} and not exists $cfg->{gitcvs}->{users}->{$user}) { > - #print "E the repo config file has a [gitcvs.users] section but the user $user is not defined in it\n"; > + } > + my $auth_ok; > + open PASSWD, "<$cfg->{gitcvs}->{authdb}" or die $!; > + while(<PASSWD>) { > + if (m{^\Q$user\E:(.*)}) { > + if (crypt($user, $1) eq $1) { > + $auth_ok = 1; > + } > + }; > + } > + unless ($auth_ok) { > print "I HATE YOU\n"; > exit 1; > - } else { > - my $descrambled_password = descramble($password); > - my $cleartext_password = $cfg->{gitcvs}->{users}->{$user}; > - if ($descrambled_password ne $cleartext_password) { > - #print "E The password supplied for user $user was incorrect\n"; > - print "I HATE YOU\n"; > - exit 1; > - } > - # else fall through to LOVE > } > + # else fall through to LOVE > } > > # For checking whether the user is anonymous on commit > -- > 1.5.3.5 Ah, I didn't notice that this got crossposted, here, anyway I've cleaned up this patch a bit and submitted it in reply to the original thread [1]. 1. http://article.gmane.org/gmane.comp.version-control.git/76446/match=bjarmason -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
