Re: [Cvs-dev] cvs-passwd patch: weird problem

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Prasad J Pandit <address@hidden> writes:

> On Sun, 20 Aug 2006, Mark D. Baushke wrote:
>    Oh, surely Mark, I understand your concern!
> But you know, to be honest, I'm yet to acquaint
> myself with sanity.sh stuff, I've not spent much
> time with it; And so far, I understand only
> that, it works by creating repository and other
> directories in /tmp for every test it performs.

Correct as far as it goes. There is a fairly rich
set of primitives available to help you write
tests.

> But the way it handles user input, I don't know.
> Let's take, for example, test to change the
> password, now it requires three strings(current
> password, new password, confirmed new password)
> to be entered by user. so, how do I supply any
> such information to sanity.sh?

To be honest, I am not sure I understand why the
old-password is needed as it would already be in
the users $HOME/.cvspass file... is this how CVSNT
does things? I can understand the client asking
the user to retype the new password once or maybe
even multiple times.

Well, I am presuming that you are using getpass()
which will try to read from a tty if one is
available and otherwise read from stdin. So,

CVS_SERVER=$servercvs

at this point the $servercvs would be a script
that will respond properly to the cvs passwd
command from the client.

dotest passwd-label \
(echo old-password; echo new-password; echo new-password) |\
"$testcvs passwd" \
"expected output from the client
over multiple lines if needed"

> I'm entirely banking on you guys for all guidance & help required in
> this regard. And hope you won't mind. :)

If you can write the commands and know what is
being sent across the wire by using CVS_CLIENT_LOG
to capture the .in and .out files, you should be
able to write the series of combinations of tests.

  - user has no problems with the validity of the
    old new and confirmed passwords.

  - user has a typo in the old password

  - user has another typo in the old password

  - user has too many typos in the old password

  - user has a typo in the confirm password

  - user has another typo in the confirm password

  - user has too many typos in the confirmation password

  - user uses illegal characters in the password

  - user uses two few characters in the password

  - user uses two many characters in the password (is that possible?)

that will primarily be a client/side test right? I
am presuming that you are already looing at the
.cvspass cache of the old password without needing
a round-trip to the server right?

> > You should also pay attention to Larry's suggestions regarding the
> > improper use of the crypt() function.
> 
>    Yes, I saw that page. So, I should copy the ecrypted password from
> crypts static buffer to some other place, and use that pointer, that's
> it, right?
> 
> I did that, still problem sustains.

Huh. Have you tried using a debugger and putting a
breakpoint to see what the values are of the data
that seems wrong when you remove the printf()
statements?

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)

iD8DBQFE6WzDCg7APGsDnFERAmLXAKDAoDCFrOH7DuGJTLcgxxgCuGHKpQCg0pG5
N1PQXznSHoe312mlRtDvlww=
=ylhY
-----END PGP SIGNATURE-----