[packages/cvs.git] / cvs-debian-repouid.patch

# 
# cvs-repouid patch for controlling pserver access.  See
# README.Debian for details.
#
# Original patch by Wichert Akkerman <wakkerma@debian.org>, fixes by
# Steve McIntyre <steve@einval.com> with help from Alberto Garcia
# <agarcia@igalia.com>
diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
--- cvs-1.12.13-old/src/cvs.h	2005-10-02 23:17:20.000000000 +0800
+++ cvs-1.12.13/src/cvs.h	2006-02-26 22:08:16.000000000 +0800
@@ -145,6 +145,13 @@
 #define CVSADM_TEMPLATE "CVS/Template"
 #endif /* USE_VMS_FILENAMES */
 
+/* Global configuration file mapping repositories to uids. This can be
+   used instead of getting the unix user. This is prevents a security
+   problem where anyone with commit access can basically become any
+   user on the machine. Combined with the insecure pserver that is a
+   problem waiting to happen.  */
+#define CVS_REPOUIDFILE "/etc/cvs-repouids"
+
 /* This is the special directory which we use to store various extra
    per-directory information in the repository.  It must be the same as
    CVSADM to avoid creating a new reserved directory name which users cannot
diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
--- cvs-1.12.13-old/src/server.c	2005-09-28 23:25:59.000000000 +0800
+++ cvs-1.12.13/src/server.c	2006-02-26 22:08:16.000000000 +0800
@@ -6570,6 +6570,12 @@
 	exit (EXIT_FAILURE);
     }
 
+    if (pw->pw_uid == 0)
+    {
+        printf("error 0: root not allowed\n");
+        exit (EXIT_FAILURE);
+    }
+
 #if HAVE_INITGROUPS
     if (initgroups (pw->pw_name, pw->pw_gid) < 0
 #  ifdef EPERM
@@ -6667,6 +6673,51 @@
 }
 #endif
 
+static char*
+global_repo_uid(const char* repository)
+{
+    FILE *fp;
+    char *linebuf = NULL;
+    size_t linebuf_len;
+    int found_it = 0;
+    size_t repolen = strlen (repository);
+    char *user;
+
+    fp = fopen (CVS_REPOUIDFILE, "r");
+    if (fp == NULL)
+    {
+        if (!existence_error (errno))
+            error (0, errno, "cannot open %s", CVS_REPOUIDFILE);
+        return NULL;
+    }
+
+    while (getline (&linebuf, &linebuf_len, fp) >= 0)
+    {
+        if ((strncmp (linebuf, repository, repolen) == 0)
+            && (linebuf[repolen] == ':'))
+        {
+            found_it = 1;
+            break;
+        }
+    }
+
+    if (ferror (fp))
+        error (0, errno, "cannot read %s", CVS_REPOUIDFILE);
+    if (fclose (fp) < 0)
+        error (0, errno, "cannot close %s", CVS_REPOUIDFILE);
+
+    if (!found_it) {
+        free (linebuf);
+        return NULL;
+    }
+
+    strtok (linebuf + repolen, "\n");
+    user = xstrdup (linebuf + repolen + 1);
+    free (linebuf);
+
+    return user;
+}
+
 #ifdef AUTH_SERVER_SUPPORT
 
 extern char *crypt (const char *, const char *);
@@ -6738,7 +6789,7 @@
     /* If found_it, then linebuf contains the information we need. */
     if (found_it)
     {
-	char *found_password, *host_user_tmp;
+	char *found_password, *host_user_tmp, *user_override;
 	char *non_cvsuser_portion;
 
 	/* We need to make sure lines such as
@@ -6805,6 +6856,9 @@
 	    /* Give host_user_ptr permanent storage. */
 	    *host_user_ptr = xstrdup (host_user_tmp);
 	    retval = 1;
+        user_override = global_repo_uid (repository);
+        if (user_override)
+            *host_user_ptr = user_override;
 	}
 	else
 	{
Commit	Line	Data
3a862a5e AM	1	#
	2	# cvs-repouid patch for controlling pserver access. See
	3	# README.Debian for details.
	4	#
	5	# Original patch by Wichert Akkerman <wakkerma@debian.org>, fixes by
	6	# Steve McIntyre <steve@einval.com> with help from Alberto Garcia
	7	# <agarcia@igalia.com>
	8	diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
	9	--- cvs-1.12.13-old/src/cvs.h 2005-10-02 23:17:20.000000000 +0800
	10	+++ cvs-1.12.13/src/cvs.h 2006-02-26 22:08:16.000000000 +0800
	11	@@ -145,6 +145,13 @@
	12	#define CVSADM_TEMPLATE "CVS/Template"
	13	#endif /* USE_VMS_FILENAMES */
	14
	15	+/* Global configuration file mapping repositories to uids. This can be
	16	+ used instead of getting the unix user. This is prevents a security
	17	+ problem where anyone with commit access can basically become any
	18	+ user on the machine. Combined with the insecure pserver that is a
	19	+ problem waiting to happen. */
	20	+#define CVS_REPOUIDFILE "/etc/cvs-repouids"
	21	+
	22	/* This is the special directory which we use to store various extra
	23	per-directory information in the repository. It must be the same as
	24	CVSADM to avoid creating a new reserved directory name which users cannot
	25	diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
	26	--- cvs-1.12.13-old/src/server.c 2005-09-28 23:25:59.000000000 +0800
	27	+++ cvs-1.12.13/src/server.c 2006-02-26 22:08:16.000000000 +0800
	28	@@ -6570,6 +6570,12 @@
	29	exit (EXIT_FAILURE);
	30	}
	31
	32	+ if (pw->pw_uid == 0)
	33	+ {
	34	+ printf("error 0: root not allowed\n");
	35	+ exit (EXIT_FAILURE);
	36	+ }
	37	+
	38	#if HAVE_INITGROUPS
	39	if (initgroups (pw->pw_name, pw->pw_gid) < 0
	40	# ifdef EPERM
	41	@@ -6667,6 +6673,51 @@
	42	}
	43	#endif
	44
	45	+static char*
	46	+global_repo_uid(const char* repository)
	47	+{
	48	+ FILE *fp;
	49	+ char *linebuf = NULL;
	50	+ size_t linebuf_len;
	51	+ int found_it = 0;
	52	+ size_t repolen = strlen (repository);
	53	+ char *user;
	54	+
	55	+ fp = fopen (CVS_REPOUIDFILE, "r");
	56	+ if (fp == NULL)
	57	+ {
	58	+ if (!existence_error (errno))
	59	+ error (0, errno, "cannot open %s", CVS_REPOUIDFILE);
	60	+ return NULL;
	61	+ }
	62	+
	63	+ while (getline (&linebuf, &linebuf_len, fp) >= 0)
	64	+ {
65	+ if ((strncmp (linebuf, repository, repolen) == 0)
66	+ && (linebuf[repolen] == ':'))
67	+ {
68	+ found_it = 1;
69	+ break;
70	+ }
71	+ }
72	+
73	+ if (ferror (fp))
74	+ error (0, errno, "cannot read %s", CVS_REPOUIDFILE);
75	+ if (fclose (fp) < 0)
76	+ error (0, errno, "cannot close %s", CVS_REPOUIDFILE);
77	+
78	+ if (!found_it) {
79	+ free (linebuf);
80	+ return NULL;
81	+ }
82	+
83	+ strtok (linebuf + repolen, "\n");
84	+ user = xstrdup (linebuf + repolen + 1);
85	+ free (linebuf);
86	+
87	+ return user;
88	+}
89	+
90	#ifdef AUTH_SERVER_SUPPORT
91
92	extern char crypt (const char , const char *);
93	@@ -6738,7 +6789,7 @@
94	/* If found_it, then linebuf contains the information we need. */
95	if (found_it)
96	{
97	- char found_password, host_user_tmp;
98	+ char found_password, host_user_tmp, *user_override;
99	char *non_cvsuser_portion;
100
101	/* We need to make sure lines such as
102	@@ -6805,6 +6856,9 @@
103	/* Give host_user_ptr permanent storage. */
104	*host_user_ptr = xstrdup (host_user_tmp);
105	retval = 1;
106	+ user_override = global_repo_uid (repository);
107	+ if (user_override)
108	+ *host_user_ptr = user_override;
109	}
110	else
111	{