Re: [PATCH] svnserve --user, use svn+ssh but avoid system accounts

Greg Hudson wrote:
>> > * It should merely override the username computed for EXTERNAL.
>>I don't understand the design well enough to really see what you mean.
>>Can you be more explicit; where is the computation you refer to?
> Look in serve.c:auth() for the handling of the "EXTERNAL" case (inside
> #if APR_HAS_USER). The --tunnel-user argument should override the
> username computed there.
>
> (Ideally, EXTERNAL authentication would be offered in the presence of a
> --tunel-user argument even if APR_HAS_USER is not true. But I'm not
> entirely sure how to arrange for that, and you don't need to worry about
> it.)

But if I just make the --tunnel-user override the value in mecharg,
won't this strcmp (against the unix username) then fail 100% of the
time?

       if (*mecharg && strcmp(mecharg, b->user) != 0)
         return svn_ra_svn_write_tuple(conn, pool, "w(c)", "failure",
                                       "Requested username does not match");

According to my understanding, your suggestion would mean:

alice on hostA runs "svn co svn+ssh://shareduser@hostB/path",
svn runs "ssh asmith@hostB svnserve -t /path"

hostB authenticates alice via ~shareduser/.ssh/authorized_keys,
which restricts alice to running only
"svnserve -t --tunnel-user=alice /path"

--tunnel-user overrides mecharg to be "alice", but b->user is still
the real unix user, "shareduser". The strcmp fails and svnserve
refuses to work.

My suggestion (overriding b->user with --tunnel-user) would make
the last stage be:

--tunnel-user overrides b->user to be "alice", and mecharg is "alice",
so svnserve allows the operation to continue.

Is there something I am missing?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Feb 20 17:53:26 2004