Re: "cvs server" accepts but ignored --allow-root

Wed, 20 Nov 2002 22:07:42 -0800

patch attached to enable handling --allow-server for "cvs server" use. It's against 1.11.1p1 as I added it to server running the older release, but it's trivial, so applying to 1.11.2 would be easy.

Tim Riker wrote:
It seems that --allow-root is not handled by cvs when using server.

I have found many FAQs on the net that indicate I should setup cvs over ssh using something like:

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/cvs --allow-root=/cvs/limited server" ssh-dss A...ys= timr@localhost

Which would then limit cvsroot to /cvs/limited. This is NOT the case. cvs silently accepts the --allow-root, but does not process it. It DOES process it if used with pserver.

Accepting the argument if it will not be handled is a bug.

Not handling the argument if it is accepted it also a bug.

As there are sites using this (or thinking they are using this) now, I would strongly recommend it get added as a feature.

Documenting the non-feature and correctly reporting the error would probably be tougher.

I would think a call to root_allow_ok() from server_root() and making the "error 0" clause in root_allow_ok() be conditional on Pserver_Repos would do the trick.


--
Tim Riker - http://rikers.org/ - [EMAIL PROTECTED]
Lineo CTO - [EMAIL PROTECTED] - http://www.Lineo.com/
BZFlag maintainer - http://BZFlag.org/ - for fun!



diff -Naur cvs-1.11.1p1.orig/src/cvs.h cvs-1.11.1p1/src/cvs.h
--- cvs-1.11.1p1.orig/src/cvs.h Tue Apr 24 12:14:53 2001
+++ cvs-1.11.1p1/src/cvs.h      Wed Nov 20 22:15:40 2002
@@ -465,6 +465,7 @@
 void Create_Root PROTO((char *dir, char *rootdir));
 void root_allow_add PROTO ((char *));
 void root_allow_free PROTO ((void));
+int root_allow_used PROTO ((void));
 int root_allow_ok PROTO ((char *));
 
 char *gca PROTO((const char *rev1, const char *rev2));
diff -Naur cvs-1.11.1p1.orig/src/root.c cvs-1.11.1p1/src/root.c
--- cvs-1.11.1p1.orig/src/root.c        Thu Apr 19 13:45:33 2001
+++ cvs-1.11.1p1/src/root.c     Wed Nov 20 22:09:25 2002
@@ -238,6 +238,12 @@
 }
 
 int
+root_allow_used ()
+{
+    return root_allow_count != 0;
+}
+
+int
 root_allow_ok (arg)
     char *arg;
 {
diff -Naur cvs-1.11.1p1.orig/src/server.c cvs-1.11.1p1/src/server.c
--- cvs-1.11.1p1.orig/src/server.c      Wed Nov 20 22:00:49 2002
+++ cvs-1.11.1p1/src/server.c   Wed Nov 20 22:12:54 2002
@@ -760,6 +760,13 @@
                     "E Protocol error: Duplicate Root request, for %s", arg);
        return;
     }
+    if (root_allow_used() && !root_allow_ok(arg))
+    {
+       if (alloc_pending (80 + strlen (arg)))
+           sprintf (pending_error_text,
+                    "E Bad root %s", arg);
+       return;
+    }
 
 #ifdef AUTH_SERVER_SUPPORT
     if (Pserver_Repos != NULL)























					Reply via email to