[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] ccvs ChangeLog NEWS doc/ChangeLog doc/cvs.texin...
From: |
Mark D. Baushke |
Subject: |
[Cvs-cvs] ccvs ChangeLog NEWS doc/ChangeLog doc/cvs.texin... |
Date: |
Wed, 13 Jun 2007 01:23:39 +0000 |
CVSROOT: /cvsroot/cvs
Module name: ccvs
Changes by: Mark D. Baushke <mdb> 07/06/13 01:23:38
Modified files:
. : ChangeLog NEWS
doc : ChangeLog cvs.texinfo cvsclient.texi
src : ChangeLog gssapi-client.c server.c
Log message:
[bug #17083]
* NEWS: Document :gserver:address@hidden:/path support.
* doc/cvs.texinfo (GSSAPI authenticated): Allow
:gserver:address@hidden:/path in addition to the :gserver:host:/path
method.
* doc/cvsclient.texi (Connection and Authentication): Describe the new
GSSAPI-U autentication request.
* src/gssapi-client.c (connect_to_gserver): send GSSAPI-U(ser)
auth string and user name if gserver:address@hidden is used.
* src/server.c (pserver_authenticate_connection): handle
GSSAPI-U(ser) auth string, looking in that account's .k5login
for allowed principals.
(gserver_authenticate_connection): Add a username argument.
(patch adapted from Marc W. Mengel <address@hidden>)
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/ccvs/ChangeLog?cvsroot=cvs&r1=1.1350&r2=1.1351
http://cvs.savannah.gnu.org/viewcvs/ccvs/NEWS?cvsroot=cvs&r1=1.369&r2=1.370
http://cvs.savannah.gnu.org/viewcvs/ccvs/doc/ChangeLog?cvsroot=cvs&r1=1.979&r2=1.980
http://cvs.savannah.gnu.org/viewcvs/ccvs/doc/cvs.texinfo?cvsroot=cvs&r1=1.699&r2=1.700
http://cvs.savannah.gnu.org/viewcvs/ccvs/doc/cvsclient.texi?cvsroot=cvs&r1=1.149&r2=1.150
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/ChangeLog?cvsroot=cvs&r1=1.3512&r2=1.3513
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/gssapi-client.c?cvsroot=cvs&r1=1.9&r2=1.10
http://cvs.savannah.gnu.org/viewcvs/ccvs/src/server.c?cvsroot=cvs&r1=1.474&r2=1.475
Patches:
Index: ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/ChangeLog,v
retrieving revision 1.1350
retrieving revision 1.1351
diff -u -b -r1.1350 -r1.1351
--- ChangeLog 11 Jun 2007 15:46:47 -0000 1.1350
+++ ChangeLog 13 Jun 2007 01:23:37 -0000 1.1351
@@ -1,3 +1,8 @@
+2007-06-12 Mark D. Baushke <address@hidden>
+
+ [bug #17083]
+ * NEWS: Document :gserver:address@hidden:/path support.
+
2007-05-11 Derek Price <address@hidden>
* NEWS: Note improved error messages for `cvs history'.
Index: NEWS
===================================================================
RCS file: /cvsroot/cvs/ccvs/NEWS,v
retrieving revision 1.369
retrieving revision 1.370
diff -u -b -r1.369 -r1.370
--- NEWS 11 Jun 2007 15:46:47 -0000 1.369
+++ NEWS 13 Jun 2007 01:23:37 -0000 1.370
@@ -3,6 +3,9 @@
NEW FEATURES
+* :gserver:address@hidden:/path is now supported in addition to
+ :gserver:host:/path in CVSROOT. (CVS bug #17083.)
+
* Rare error messages should me more informative when multiple history files
are being parsed (as a result of the HistorySearchPath config option and the
`cvs history' command).
Index: doc/ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/doc/ChangeLog,v
retrieving revision 1.979
retrieving revision 1.980
diff -u -b -r1.979 -r1.980
--- doc/ChangeLog 9 May 2007 23:44:25 -0000 1.979
+++ doc/ChangeLog 13 Jun 2007 01:23:37 -0000 1.980
@@ -1,3 +1,13 @@
+2007-06-12 Mark D. Baushke <address@hidden>
+
+ [bug #17083]
+ * cvs.texinfo (GSSAPI authenticated): Allow
+ :gserver:address@hidden:/path in addition to the :gserver:host:/path
+ method.
+
+ * cvsclient.texi (Connection and Authentication): Describe the new
+ GSSAPI-U autentication request.
+
2007-05-09 Derek Price <address@hidden>
and Sylvain Beucler <address@hidden>
Index: doc/cvs.texinfo
===================================================================
RCS file: /cvsroot/cvs/ccvs/doc/cvs.texinfo,v
retrieving revision 1.699
retrieving revision 1.700
diff -u -b -r1.699 -r1.700
--- doc/cvs.texinfo 9 May 2007 23:44:25 -0000 1.699
+++ doc/cvs.texinfo 13 Jun 2007 01:23:37 -0000 1.700
@@ -3089,6 +3089,15 @@
canonical name of the server host. You will have to
set this up as required by your GSSAPI mechanism.
+If the client has a local username @var{luser} they
+wish to use, then a @var{$CVSROOT} may be set to use
address@hidden:gserver:address@hidden@@address@hidden:/path}, and
+the client will use send a GSSAPI-U request to the CVS
+server the server will attempt to determine if the user
+is authorized to log in to the account @var{luser}
+given the Kerberos principal name of cvs/@var{hostname}
+and a local username @var{luser}.
+
To connect using GSSAPI, use the @samp{:gserver:} method. For
example,
@@ -3096,6 +3105,12 @@
cvs -d :gserver:faun.example.org:/usr/local/cvsroot checkout foo
@end example
+or
+
address@hidden
+cvs -d :gserver:myuser@@faun.example.org:/usr/local/cvsroot checkout foo
address@hidden example
+
@node Kerberos authenticated
@subsection Direct connection with Kerberos
Index: doc/cvsclient.texi
===================================================================
RCS file: /cvsroot/cvs/ccvs/doc/cvsclient.texi,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -b -r1.149 -r1.150
--- doc/cvsclient.texi 8 May 2007 12:35:53 -0000 1.149
+++ doc/cvsclient.texi 13 Jun 2007 01:23:37 -0000 1.150
@@ -249,6 +249,15 @@
After the GSSAPI authentication is complete, the server continues with
the responses described above (@samp{I LOVE YOU}, etc.).
+If the client wishes to log in to the account @var{luser}, then a
+slightly different request is sent. The procedure is to start with
address@hidden GSSAPI-U REQUEST} and the next line sent is
address@hidden GSSAPI authentication information is then exchanged
+between the client and the server. Each packet of information consists
+of a two byte big-endian length, followed by that many bytes of data.
+After the GSSAPI-U authentication is complete, the server continues
+with the responses described above (@samp{I LOVE YOU}, etc.).
+
@item future possibilities
There are a nearly unlimited number of ways to connect and authenticate.
One might want to allow access based on IP address (similar to the usual
Index: src/ChangeLog
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/ChangeLog,v
retrieving revision 1.3512
retrieving revision 1.3513
diff -u -b -r1.3512 -r1.3513
--- src/ChangeLog 11 Jun 2007 15:45:58 -0000 1.3512
+++ src/ChangeLog 13 Jun 2007 01:23:38 -0000 1.3513
@@ -1,3 +1,15 @@
+2007-06-12 Mark D. Baushke <address@hidden>
+
+ [bug #17083]
+ * gssapi-client.c (connect_to_gserver): send GSSAPI-U(ser)
+ auth string and user name if gserver:address@hidden is used.
+
+ * server.c (pserver_authenticate_connection): handle
+ GSSAPI-U(ser) auth string, looking in that account's .k5login
+ for allowed principals.
+ (gserver_authenticate_connection): Add a username argument.
+ (patch adapted from Marc W. Mengel <address@hidden>)
+
2007-06-11 Derek Price <address@hidden>
* history.c: Output more useful error messages when multiple history
Index: src/gssapi-client.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/gssapi-client.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- src/gssapi-client.c 4 Nov 2004 21:22:27 -0000 1.9
+++ src/gssapi-client.c 13 Jun 2007 01:23:38 -0000 1.10
@@ -85,11 +85,22 @@
OM_uint32 stat_min, stat_maj;
gss_name_t server_name;
+ if (current_parsed_root->username != NULL)
+ str = "BEGIN GSSAPI-U REQUEST\012";
+ else
str = "BEGIN GSSAPI REQUEST\012";
if (send (sock, str, strlen (str), 0) < 0)
error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+ if (current_parsed_root->username != NULL) {
+ str = current_parsed_root->username;
+ if (send (sock, str, strlen (str), 0) < 0)
+ error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+ if (send (sock, "\012", 1, 0) < 0)
+ error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+ }
+
if (strlen (hostinfo->h_name) > BUFSIZE - 5)
error (1, 0, "Internal error: hostname exceeds length of buffer");
sprintf (buf, "address@hidden", hostinfo->h_name);
Index: src/server.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/server.c,v
retrieving revision 1.474
retrieving revision 1.475
diff -u -b -r1.474 -r1.475
--- src/server.c 30 May 2007 23:20:44 -0000 1.474
+++ src/server.c 13 Jun 2007 01:23:38 -0000 1.475
@@ -65,7 +65,7 @@
name. */
# include <krb5.h>
-static void gserver_authenticate_connection (void);
+static void gserver_authenticate_connection (char *);
/* Whether we are already wrapping GSSAPI communication. */
static int cvs_gssapi_wrapping;
@@ -7337,12 +7337,24 @@
{
#ifdef HAVE_GSSAPI
free (tmp);
- gserver_authenticate_connection ();
+ gserver_authenticate_connection (NULL);
return;
#else
error (1, 0, "GSSAPI authentication not supported by this server");
#endif
}
+ else if (strcmp (tmp, "BEGIN GSSAPI-U REQUEST") == 0)
+ {
+#ifdef HAVE_GSSAPI
+ free (tmp);
+ pserver_read_line (&username, NULL);
+ gserver_authenticate_connection (username);
+ free (username);
+ return;
+#else
+ error (1, 0, "GSSAPI-U authentication not supported by this server");
+#endif
+ }
else
error (1, 0, "bad auth protocol start: %s", tmp);
@@ -7520,7 +7532,7 @@
* xgethostname() in main().
*/
static void
-gserver_authenticate_connection (void)
+gserver_authenticate_connection (char *username)
{
char *hn;
gss_buffer_desc tok_in, tok_out;
@@ -7608,12 +7620,19 @@
&mechid) != GSS_S_COMPLETE
|| krb5_parse_name (kc, ((gss_buffer_t) &desc)->value, &p) != 0
|| krb5_aname_to_localname (kc, p, sizeof buf, buf) != 0
- || krb5_kuserok (kc, p, buf) != TRUE)
+ || krb5_kuserok (kc, p, (username ? username : buf)) != TRUE)
{
error (1, 0, "access denied");
}
krb5_free_principal (kc, p);
krb5_free_context (kc);
+
+#if AUTH_SERVER_SUPPORT
+ /* Update our CVS_Username to be our kerberos principal */
+ if (CVS_Username != NULL)
+ free (CVS_Username);
+ CVS_Username = xstrdup (buf);
+#endif
}
if (tok_out.length != 0)
@@ -7628,6 +7647,9 @@
error (1, errno, "fwrite failed");
}
+ if (username)
+ switch_to_user ("GSSAPI-U", username);
+ else
switch_to_user ("GSSAPI", buf);
if (credbuf != buf)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Cvs-cvs] ccvs ChangeLog NEWS doc/ChangeLog doc/cvs.texin...,
Mark D. Baushke <=