Patch for non-anonymouse CVS access

Kasparek Tomas kasparek at fit.vutbr.cz
Tue Dec 14 07:08:13 PST 2004 

Hello,

I include patch with changes I used to allow accessing of nonanonymous CVS
repository. It run the CGI script with suidperl as root and changes to UID
and GID of authenticated user as soon as possible. This is enough to make
it work, it the just adds the name of the user (via really simple hack).

(the patch i against 3.0.4)

Bye

--   

  Tomas Kasparek, PhD student  E-mail: kasparek at fit.vutbr.cz
  CVT FIT VUT Brno, BI/140a    Web:    http://www.fit.vutbr.cz/~kasparek
  Bozetechova 2, 612 66        Fax:    +420 54114-1270
  Brno, Czech Republic         Phone:  +420 54114-1220

  ICQ: 293092805  jabber:tomas.kasparek at jabber.cz
  GPG: 2F1E 1AAF FD3B CFA3 1537  63BD DCBE 18FF A035 53BC
-------------- next part --------------
--- cvsweb.cgi	2004-11-06 09:47:21.000000000 +0100
+++ cvsweb	2004-12-14 15:58:46.812235616 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -T
+#!/usr/bin/suidperl -T -W
 #
 # cvsweb - a CGI interface to CVS trees.
 #
@@ -88,7 +88,7 @@
   $allow_tar @tar_options @gzip_options @zip_options @cvs_options
   @annotate_options @rcsdiff_options
   $HTML_DOCTYPE $HTML_META $cssurl $CSS $cvshistory_url
-  $allow_enscript @enscript_options %enscript_types
+  $allow_enscript @enscript_options %enscript_types $UID $USER
 );
 
 use Cwd                   qw(abs_path cwd);
@@ -208,6 +208,31 @@
 # Get rid of unsafe environment vars.  Don't do this in BEGIN...
 delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)});
 
+#-------------------------------------------------
+#Added by Si
+
+# Get rid of EUID of root
+
+#is there something reasonable there?
+if ($ENV{REMOTE_USER} =~ /^([a-zA-Z0-9]+)$/) {
+  $UID=getpwnam($1);         # $data now untainted
+} 
+
+if (! defined $UID) {
+  #bad user - use Real UID instead
+  $UID = $<;
+  print "Unknown user $ENV{REMOTE_USER}, using ". getpwuid($UID) . "<br><br>\n";
+}
+
+#set it as EUID - never can get UID of 0 back!
+$USER= getpwuid($UID);
+
+$) = `/usr/bin/id -G $USER </dev/null`;
+$> = $UID;
+
+#End of modification by Si
+#-------------------------------------------------
+
 my ($mydir) = (dirname($0) =~ /(.*)/);    # untaint
 
 # == EDIT this ==
@@ -4294,7 +4319,12 @@
 <title>$title</title>
 $HTML_META$CSS</head>
 <body>
-$l <h1>$title</h1>
+$l <h1>$title</h1><br>
+<CENTER>
+<STRONG>
+Logged in as user: $USER
+</STRONG>
+</CENTER>
 EOH
 }

More information about the freebsd-cvsweb mailing list