diff -Naur cvs-1.11.1p1/src/extern_auth.h cvs-1.11.1p1-patch/src/extern_auth.h --- cvs-1.11.1p1/src/extern_auth.h Wed Dec 31 21:00:00 1969 +++ cvs-1.11.1p1-patch/src/extern_auth.h Wed Apr 10 10:13:48 2002 @@ -0,0 +1,81 @@ +#include +char extern_auth_program[200]; + + /* 0 means no entry found for this user. + * 1 means entry found and password matches (or found password is empty) + * 2 means entry found, but password does not match. + * + * If 1, host_user_ptr will be set to point at the system + * username (i.e., the "real" identity, which may or may not be the + * CVS username) of this user; caller may free this. Global + * CVS_Username will point at an allocated copy of cvs username (i.e., + * the username argument below). + */ + +static int +pserver_external_check_repository_password(username, password,repository, host_user_ptr) + char *username, *password, *repository, **host_user_ptr; +{ + int retval = 0; + FILE *pp=NULL; // Pointer to pipe + char resp[240]; // return of external authentication program + char msg[230]; + char myps[20]; + + struct sockaddr_in peer; + int len; + char *tmp; + + + if((*password != '\0') && (*password != ' ')) { + len = sizeof peer; + + getpeername(STDIN_FILENO, (struct sockaddr *) &peer, &len); + + //Start the PIPE + sprintf(extern_auth_program, "%s %s %s %s %s", extern_auth_program, + username, password, repository, + inet_ntoa(peer.sin_addr)); + + pp=popen(extern_auth_program,"r"); + + + //Read the answer from external program + fgets(resp, sizeof(resp), pp); + + sscanf(resp, "%d|%s", &retval, msg); + tmp = strchr(resp, '|'); + tmp++; + strcpy(msg, tmp); + + tmp = msg; + tmp+=strlen(msg); + *tmp = '\0'; + tmp--; + while(*tmp == 10) { + *tmp = '\0'; + tmp--; + } + + pclose(pp); + } else { + retval = 3; + strcpy(msg, "Error: The password starts with space or is NULL"); + } + + if(retval==1) { + *host_user_ptr=xstrdup(msg); + } else if(retval==3) { + error(0, errno, msg); + return 0; + } + + + if ((retval>=0)&&(retval<=2)) { + return(retval); + } else { + error(0, errno, "The answer from external program is invalid"); + return 0; + } +} + diff -Naur cvs-1.11.1p1/src/parseinfo.c cvs-1.11.1p1-patch/src/parseinfo.c --- cvs-1.11.1p1/src/parseinfo.c Thu Apr 19 16:45:32 2001 +++ cvs-1.11.1p1-patch/src/parseinfo.c Wed Apr 10 10:04:45 2002 @@ -259,7 +259,9 @@ return 0; } - while (getline (&line, &line_allocated, fp_info) >= 0) + strcpy(extern_auth_program, ""); + + while (getline (&line, &line_allocated, fp_info) >= 0) { /* Skip comments. */ if (line[0] == '#') @@ -384,6 +386,13 @@ strcpy (logHistory, p); } } + else if(strcmp(line,"ExternAuthProgram")==0) + { + if (strcmp(p,"")!=0) + { + strcpy(extern_auth_program, p); + } + } else { /* We may be dealing with a keyword which was added in a diff -Naur cvs-1.11.1p1/src/server.c cvs-1.11.1p1-patch/src/server.c --- cvs-1.11.1p1/src/server.c Thu Apr 19 16:34:04 2001 +++ cvs-1.11.1p1-patch/src/server.c Wed Apr 10 10:02:28 2002 @@ -15,6 +15,7 @@ #include "fileattr.h" #include "getline.h" #include "buffer.h" +#include "extern_auth.h" #if defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT) # ifdef HAVE_GSSAPI @@ -5539,11 +5540,17 @@ password file. If so, that's enough to authenticate with. If not, we'll check /etc/passwd. */ - rc = check_repository_password (username, password, repository, - &host_user); - if (rc == 2) - return NULL; + if(strcmp(extern_auth_program,"")==0) + { + rc = check_repository_password (username, password, repository, + &host_user); + } else { + rc = pserver_external_check_repository_password(username, password, repository, &host_user); + } + + if (rc == 2) + return NULL; /* else */ diff -Naur cvs-1.11.1p1/src/server.h cvs-1.11.1p1-patch/src/server.h --- cvs-1.11.1p1/src/server.h Thu Apr 19 16:29:12 2001 +++ cvs-1.11.1p1-patch/src/server.h Thu Feb 21 14:47:51 2002 @@ -131,6 +131,8 @@ #ifdef AUTH_SERVER_SUPPORT extern char *CVS_Username; extern int system_auth; +extern char extern_auth_program[200]; + #endif /* AUTH_SERVER_SUPPORT */ #endif /* SERVER_SUPPORT */