]>
Commit | Line | Data |
---|---|---|
3a862a5e AM |
1 | # |
2 | # cvs-repouid patch for controlling pserver access. See | |
3 | # README.Debian for details. | |
4 | # | |
5 | # Original patch by Wichert Akkerman <wakkerma@debian.org>, fixes by | |
6 | # Steve McIntyre <steve@einval.com> with help from Alberto Garcia | |
7 | # <agarcia@igalia.com> | |
8 | diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h | |
9 | --- cvs-1.12.13-old/src/cvs.h 2005-10-02 23:17:20.000000000 +0800 | |
10 | +++ cvs-1.12.13/src/cvs.h 2006-02-26 22:08:16.000000000 +0800 | |
11 | @@ -145,6 +145,13 @@ | |
12 | #define CVSADM_TEMPLATE "CVS/Template" | |
13 | #endif /* USE_VMS_FILENAMES */ | |
14 | ||
15 | +/* Global configuration file mapping repositories to uids. This can be | |
16 | + used instead of getting the unix user. This is prevents a security | |
17 | + problem where anyone with commit access can basically become any | |
18 | + user on the machine. Combined with the insecure pserver that is a | |
19 | + problem waiting to happen. */ | |
20 | +#define CVS_REPOUIDFILE "/etc/cvs-repouids" | |
21 | + | |
22 | /* This is the special directory which we use to store various extra | |
23 | per-directory information in the repository. It must be the same as | |
24 | CVSADM to avoid creating a new reserved directory name which users cannot | |
25 | diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c | |
26 | --- cvs-1.12.13-old/src/server.c 2005-09-28 23:25:59.000000000 +0800 | |
27 | +++ cvs-1.12.13/src/server.c 2006-02-26 22:08:16.000000000 +0800 | |
28 | @@ -6570,6 +6570,12 @@ | |
29 | exit (EXIT_FAILURE); | |
30 | } | |
31 | ||
32 | + if (pw->pw_uid == 0) | |
33 | + { | |
34 | + printf("error 0: root not allowed\n"); | |
35 | + exit (EXIT_FAILURE); | |
36 | + } | |
37 | + | |
38 | #if HAVE_INITGROUPS | |
39 | if (initgroups (pw->pw_name, pw->pw_gid) < 0 | |
40 | # ifdef EPERM | |
41 | @@ -6667,6 +6673,51 @@ | |
42 | } | |
43 | #endif | |
44 | ||
45 | +static char* | |
46 | +global_repo_uid(const char* repository) | |
47 | +{ | |
48 | + FILE *fp; | |
49 | + char *linebuf = NULL; | |
50 | + size_t linebuf_len; | |
51 | + int found_it = 0; | |
52 | + size_t repolen = strlen (repository); | |
53 | + char *user; | |
54 | + | |
55 | + fp = fopen (CVS_REPOUIDFILE, "r"); | |
56 | + if (fp == NULL) | |
57 | + { | |
58 | + if (!existence_error (errno)) | |
59 | + error (0, errno, "cannot open %s", CVS_REPOUIDFILE); | |
60 | + return NULL; | |
61 | + } | |
62 | + | |
63 | + while (getline (&linebuf, &linebuf_len, fp) >= 0) | |
64 | + { | |
65 | + if ((strncmp (linebuf, repository, repolen) == 0) | |
66 | + && (linebuf[repolen] == ':')) | |
67 | + { | |
68 | + found_it = 1; | |
69 | + break; | |
70 | + } | |
71 | + } | |
72 | + | |
73 | + if (ferror (fp)) | |
74 | + error (0, errno, "cannot read %s", CVS_REPOUIDFILE); | |
75 | + if (fclose (fp) < 0) | |
76 | + error (0, errno, "cannot close %s", CVS_REPOUIDFILE); | |
77 | + | |
78 | + if (!found_it) { | |
79 | + free (linebuf); | |
80 | + return NULL; | |
81 | + } | |
82 | + | |
83 | + strtok (linebuf + repolen, "\n"); | |
84 | + user = xstrdup (linebuf + repolen + 1); | |
85 | + free (linebuf); | |
86 | + | |
87 | + return user; | |
88 | +} | |
89 | + | |
90 | #ifdef AUTH_SERVER_SUPPORT | |
91 | ||
92 | extern char *crypt (const char *, const char *); | |
93 | @@ -6738,7 +6789,7 @@ | |
94 | /* If found_it, then linebuf contains the information we need. */ | |
95 | if (found_it) | |
96 | { | |
97 | - char *found_password, *host_user_tmp; | |
98 | + char *found_password, *host_user_tmp, *user_override; | |
99 | char *non_cvsuser_portion; | |
100 | ||
101 | /* We need to make sure lines such as | |
102 | @@ -6805,6 +6856,9 @@ | |
103 | /* Give host_user_ptr permanent storage. */ | |
104 | *host_user_ptr = xstrdup (host_user_tmp); | |
105 | retval = 1; | |
106 | + user_override = global_repo_uid (repository); | |
107 | + if (user_override) | |
108 | + *host_user_ptr = user_override; | |
109 | } | |
110 | else | |
111 | { |