bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user.c, user.h


From: Derek Robert Price
Subject: Re: user.c, user.h
Date: Tue, 13 Aug 2002 15:37:14 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606

Andrey Aristarkhov wrote:

-----Original Message-----
From: address@hidden [mailto:address@hidden On Behalf Of Derek Robert Price
Please see the `HACKING' file in the top level of the CVS source
distribution for instructions on the submission of patches.  You are
missing documentation (`cvs.texinfo') changes and test suite
(`src/sanity.sh') changes.  These are required for every change to the
CVS source because otherwise those sections of the code tend to
deteriorate rapidly.
I've never used TeX. I'll try to write.

Texinfo, the TeX wrapper the CVS documentation uses is prety straightforward. If you ignore some of the setup stuff at the beginning, then it's mostly simple text tags. You might need to know how to declare a new `node' (chapter/section) or add index entries, but you should be able to get that by scanning what's already in cvs.texinfo. Other useful tags are @code{}, @file{}, and @strong{} for block quote type effects, @sc{cvs} as the name of the application under discussion, and @pxref{} and @xref{} for cross references to other nodes, but like I said, you should be able to get most of it by scanning the file. You don't have to get everything right the first time either. If I check it in I'll review it and tidy up as long as most of the important data is there.

Oops, I almost missed getpwpath().  I deleted your code already, but
there is already a construct_cvspass_filename() function in `login.c'
as
well.
construct_cvspass_filename() constructs path to user's password file. My
{set,get}pwpath functions is used to store path to CVSROOT/passwd file.

Yep, you're right. Sorry about that. I like your abstraction and I'm tempted to say it should be in root.c or the like and extended for all admin files (e.g. get_repository_admin_file(root, CVSROOTADM_PASSWD)) simply because all those sprintf("%s/%s/%s",...)'s that litter the code look messy and don't necessarily remain portable across OSs, but I'm hardly going to require that for acceptance of this patch.

Again, much of this happens in `server.c'.  Please reuse code.  And
unless I'm mistaken, this asks for the admin password - that shouldn't
be happening.  If the user is an administrator they should already have
authenticated.
I've investigated server.c and login.c before writing this code. There
is no reusable code over there.

Sorry. It's your get_password() function that duplicates code, but I already mentioned that.

The only thing I've taken from login.c
is GETPASS macro definition. Suppose it should be placed in cvs.h header
file.

I missed that GETPASS was from login.c. `cvs.h' might be an appropriate place. Maybe a new `user.h' or `subr.h' would be more appropriate.

As for allowing any user's password to be changed if you know the
user's
password, I'm against that.  It's unneeded overhead.  Go ahead and
verify a user's password, but make other users log in to change their
own password or let the admin do it.
I've implemented (I hope) UNIX-like behavior of passwd command.
Try to login and run 'passwd' under UNIX. First you will be asked for
current user password. It's not overhead. If 'cvs pass' will rely on
current user password anyone can change it having physical access to
user workstation.


Sorry yet again.  I think I misread:

3. User's password can be changed either by CVS Administrator or by a
person who knows current user's CVS password.

to mean that a non-admin user specifying another username could change the password if they knew the user's password, which isn't like any UNIX I've used. But it sounds like you did it Right (tm).

Derek

--
               *8^)

Email: address@hidden

Get CVS support at http://ximbiot.com
--
Travel advisories - Alaska:  Tourists are warned to wear tiny bells on
their clothing when hiking in bear country.  The bells warn away MOST
bears.  Tourists are also cautioned to watch the ground on the trail,
paying particular attention to bear droppings, to be alert for the
presence of Grizzly Bears.  One can tell Grizzly droppings by the tiny
bells in them.







reply via email to

[Prev in Thread] Current Thread [Next in Thread]