cvsweb authentication implementation

Thiago Lacerda Zago tzago at timbrasil.com.br
Tue Aug 28 10:54:34 PDT 2007 

Hi,

 

I’m implementing let me say sort of authentication in cvsweb so that only our permitted staff could use this tool through our intranet.

 

I’m doing so reading php session that the starting page  that calls cvsweb.cgi. and using PHP::Session to retrieve the user provided data. Then I’m propagating the session id through all cvsweb.cgi links through method get and cgi param().

 

I almost done with this task but now I am facing a problem that I was not able to solve yet.

 

When I click in the link that follows the icon to show the revisions graphically, the reference link is http://xxx/cgi-bin/ /cvsweb.cgi/dcn_cor/router.db?graph=1;sid=5s4gj964cd4c2j88ljsxz3qopr

Where sid=5s4gj964cd4c2j88ljsxz3qopr in this case is the php session id that I’m sending along the link http://xxx/cgi-bin/ /cvsweb.cgi/dcn_cor/router.db?graph=1 so that the graph page could be authenticated and allowed to be displayed as well.

 

The problem is that I keep getting this error message.


:: Error ::


Error: '/usr/bin/cvsgraph -r /usr/local/rancid/var/CVS -m dcn_cor/configs/ -i -M CvsGraphMap -x x -Omap_branch_href="href=\"./?only_with_tag=%(%t%);sortby=date\"" -Omap_rev_href="href=\"?rev=%(%R%);sortby=date\"" -Omap_diff_href="href=\"%(0.000000%).diff?sid=5s4gj964cd4c2j88ljsxz3qopr;r1=%(%P%);r2=%(%R%);sortby=date\"" -c /etc/cvsgraph.conf router005,v' failed: Insecure dependency in exec while running with -T switch at /usr/lib/perl5/site_perl/5.8.0/IPC/Run.pm line 1272. at /xxx/www/cgi-bin/cvsweb.cgi line 4545 

 

The customized to accomplish this is sub doGraphView()

 

The funny thing is that this error occurs only when I add a ?sid=$id to the array @graph_cmd as shown right below.

 

my @graph_cmd =

    ($CMD{cvsgraph},

     '-r', $cvsroot,

     '-m', $pathname,

     '-i',

     '-M', $mapname,

     '-x', 'x',

     "-Omap_branch_href=\"href=\\\"./?only_with_tag=%(%t%)$notag_query\\\"\"",

     "-Omap_rev_href=\"href=\\\"?rev=%(%R%)$barequery\\\"\"",

     "-Omap_diff_href=\"href=\\\"%(%F%).diff" .

     "?sid=$id;r1=%(%P%);r2=%(%R%)$barequery\\\"\"" ,

     );

 

If I do the same thing but this time manually writing the var ?sid=5s4gj964cd4c2j88ljsxz3qopr it just works fine and no error is issued at all.

 

my @graph_cmd =

    ($CMD{cvsgraph},

     '-r', $cvsroot,

     '-m', $pathname,

     '-i',

     '-M', $mapname,

     '-x', 'x',

     "-Omap_branch_href=\"href=\\\"./?only_with_tag=%(%t%)$notag_query\\\"\"",

     "-Omap_rev_href=\"href=\\\"?rev=%(%R%)$barequery\\\"\"",

     "-Omap_diff_href=\"href=\\\"%(%F%).diff" .

     "?sid=5s4gj964cd4c2j88ljsxz3qopr;r1=%(%P%);r2=%(%R%)$barequery\\\"\"" ,

     );

 

Any hint to how to solve this problem and/or a better solution to implementing a cvsweb authentication?

 

Thanks in advance.

 

Thiago Zago 

 


No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: 27/8/2007 18:20

More information about the freebsd-cvsweb mailing list