Re: gssapi pserver and --allow-root

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gssapi pserver and --allow-root

From:	CVS stuff
Subject:	Re: gssapi pserver and --allow-root
Date:	Mon, 25 Jun 2001 01:41:36 -0400 (EDT)

  After checking a little more, it looked like maybe a fix for
this belongs in server.c:serve_root().  Here's an offered cdiff
against src/server.c from 1.11.1p1:

Cheers,  --Dave

============================================================
*** src/server.c.orig   Mon Jun 25 00:58:06 2001
--- src/server.c        Mon Jun 25 01:17:12 2001
***************
*** 756,763 ****
--- 756,777 ----
                     "E Protocol error: Duplicate Root request, for %s", arg);
        return;
      }
  
+     /* dlb, 22-Jun-01:
+        Could a modified client authenticate against a valid cvsroot
+        in pserver_authenticate_connection() and then specify an ar-
+        bitrary cvsroot here?  If so, this check is a needed stopgap.
+        Also, it's fairly critical for gserver-type authentication
+        (without it, --allow-root goes unenforced for this type).  */
+     if (!root_allow_ok(arg))
+     {
+       if (alloc_pending (80 + strlen (arg)))
+           sprintf (pending_error_text,
+                    "E Invalid Root: %s", arg);
+       return;
+     }
+ 
  #ifdef AUTH_SERVER_SUPPORT
      if (Pserver_Repos != NULL)
      {
        if (strcmp (Pserver_Repos, arg) != 0)

[Prev in Thread]

Current Thread

[Next in Thread]

gssapi pserver and --allow-root, CVS stuff, 2001/06/15
- Re: gssapi pserver and --allow-root, Derek R. Price, 2001/06/15
  - Re: gssapi pserver and --allow-root, CVS stuff <=

Prev by Date: toner cartridges
Next by Date: Transcription/Translation Services**
Previous by thread: Re: gssapi pserver and --allow-root
Next by thread: cvs admin -b bugs
Index(es):
- Date
- Thread