On Thu, 14 Aug 2008, Andreas Ericsson wrote:
I'd do it like this instead: daemon: auth_user = dlsym(dlopen("auth-module.so", RTLD_NOW), "authenticat"); client: "git-authenticate action 'repository'" daemon: send pkt-line challenge client: send pkt-line username client: send pkt-line SHA1(username + password + challenge)daemon: if (auth_user(repository, action, username, password, struct sockaddr_in *inbound))allow_connection(); This approach has several nifty benefits: * The otherwise duplicated code (for different auth schemes) is done only once (in the git daemon). * If the git daemon has no authentication module loaded, we might as well not bother sending any challenge and just pretend we do not know about the authentication scheme. * Any kind of authentication scheme can be supported without changing the core code. If the authentication module does something wrong, one can continue to serve read-only requests by simply unloading the module. * Modules is a great way for newcomers to get started contributing to git so it's a nice way of getting more contributors/sub-maintainers.
if you're going to do modules, you should give the module the connection until it's done so that different types of authentication can be implemented by the module.
David Lang -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
