Author: bz
Date: Sat Sep 15 18:00:34 2012
New Revision: 240534
URL: http://svn.freebsd.org/changeset/base/240534
Log:
Use SVN access files rather than CVS. At least doc is no longer
exported to CVS so new committers did not gain access.
Use a defined length for username (not ideal but better than 32).
Consistently use username and not pw->pw_name. Close the password
database files to ensure we cannot access them any more after copy.
Factor out reading access files for karma into a function; no longer
allow open to fail. Put #ifdef checks around all three file reads,
not just the extra two.
Move karma variable initializations to just before needed.
Modified:
svnadmin/tools/svnssh/svnssh.c
Modified: svnadmin/tools/svnssh/svnssh.c
==============================================================================
--- svnadmin/tools/svnssh/svnssh.c Sat Sep 15 17:47:44 2012
(r240533)
+++ svnadmin/tools/svnssh/svnssh.c Sat Sep 15 18:00:34 2012
(r240534)
@@ -31,9 +31,8 @@
#define SVNROOT "/s/svn"
#define BASEACCESS SVNROOT "/base/conf/access"
-/* Access cvs access files over nfs for now */
-#define DOCACCESS "/home/dcvs/CVSROOT/access"
-#define PORTSACCESS "/home/pcvs/CVSROOT/access"
+#define DOCACCESS SVNROOT "/doc/conf/access"
+#define PORTSACCESS SVNROOT "/ports/conf/access"
#define NOCOMMIT "/etc/nocommit"
@@ -44,7 +43,7 @@ static const char *env[] = {
NULL
};
-static char username[32];
+static char username[_SC_LOGIN_NAME_MAX + 1];
static char linebuf[1024];
static void
@@ -61,6 +60,7 @@ msg(const char *fmt, ...)
static void
usage(void)
{
+
msg("Only the \"svnserve -t\" command is available.");
exit(1);
}
@@ -80,7 +80,7 @@ shell(char *argv[], int interactive)
}
static int
-karmacheck(FILE *fp, char *name)
+karmacheck(FILE *fp, const char *name)
{
char buf[1024];
char *p, *s;
@@ -107,6 +107,26 @@ karmacheck(FILE *fp, char *name)
return karma;
}
+static int
+read_access(const char *accessf, const char *name)
+{
+ FILE *fp;
+ int karma;
+
+ karma = 0;
+ /* Must not fail. */
+ fp = fopen(accessf, "r");
+ if (fp == NULL) {
+ msg("Cannot open %s", accessf);
+ exit(1);
+ } else {
+ karma = karmacheck(fp, name);
+ fclose(fp);
+ }
+
+ return (karma);
+}
+
int
main(int argc, char *argv[])
{
@@ -119,12 +139,9 @@ main(int argc, char *argv[])
gid_t repogid;
gid_t mygroups[NGROUPS_MAX];
int ngroups;
- int karma;
- int shellkarma;
+ int karma, shellkarma;
umask(002);
- karma = 0;
- shellkarma = 0;
openlog("svnssh", LOG_PID | LOG_NDELAY, LOG_AUTH);
pw = getpwuid(getuid());
if (pw == NULL) {
@@ -136,9 +153,11 @@ main(int argc, char *argv[])
exit(1);
}
- /* save in a static buffer */
+ /* Save in a static buffer. */
strlcpy(username, pw->pw_name, sizeof(username));
+ endpwent();
+ shellkarma = 0;
ngroups = getgroups(NGROUPS_MAX, mygroups);
if (ngroups > 0) {
gr = getgrnam("shell");
@@ -191,27 +210,15 @@ main(int argc, char *argv[])
exit(1);
}
- fp = fopen(BASEACCESS, "r");
- if (fp == NULL) {
- msg("Cannot open %s", BASEACCESS);
- exit(1);
- } else {
- karma += karmacheck(fp, pw->pw_name);
- fclose(fp);
- }
+ karma = 0;
+#ifdef BASEACCESS
+ karma += read_access(BASEACCESS, username);
+#endif
#ifdef DOCACCESS
- /* Allow for failures due to NFS */
- if ((fp = fopen(DOCACCESS, "r")) != NULL) {
- karma += karmacheck(fp, pw->pw_name);
- fclose(fp);
- }
+ karma += read_access(DOCACCESS, username);
#endif
#ifdef PORTSACCESS
- /* Allow for failures due to NFS */
- if ((fp = fopen(PORTSACCESS, "r")) != NULL) {
- karma += karmacheck(fp, pw->pw_name);
- fclose(fp);
- }
+ karma += read_access(PORTSACCESS, username);
#endif
if (karma > 0) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
