[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gssapi pserver and --allow-root
From: |
CVS stuff |
Subject: |
Re: gssapi pserver and --allow-root |
Date: |
Mon, 25 Jun 2001 01:41:36 -0400 (EDT) |
After checking a little more, it looked like maybe a fix for
this belongs in server.c:serve_root(). Here's an offered cdiff
against src/server.c from 1.11.1p1:
Cheers, --Dave
============================================================
*** src/server.c.orig Mon Jun 25 00:58:06 2001
--- src/server.c Mon Jun 25 01:17:12 2001
***************
*** 756,763 ****
--- 756,777 ----
"E Protocol error: Duplicate Root request, for %s", arg);
return;
}
+ /* dlb, 22-Jun-01:
+ Could a modified client authenticate against a valid cvsroot
+ in pserver_authenticate_connection() and then specify an ar-
+ bitrary cvsroot here? If so, this check is a needed stopgap.
+ Also, it's fairly critical for gserver-type authentication
+ (without it, --allow-root goes unenforced for this type). */
+ if (!root_allow_ok(arg))
+ {
+ if (alloc_pending (80 + strlen (arg)))
+ sprintf (pending_error_text,
+ "E Invalid Root: %s", arg);
+ return;
+ }
+
#ifdef AUTH_SERVER_SUPPORT
if (Pserver_Repos != NULL)
{
if (strcmp (Pserver_Repos, arg) != 0)