Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Tony Hoyle wrote: > Brian Smith wrote: > set the repository root during authentication. AFAIK, pserver is the > >> only protocol that sets the repository root during authentication. I > > > All protocols except 'ext' and 'gserver' send the root during > authentication, for precisely this reason (and gserver only for > historical reasons). I looked at the code for :ntserver: and it does send/receive the root as part of authentication. The MIT :gserver:, the sspi :gserver:, and the :sspi: protocols do not send/receive the root as part of authentication. I remember looking at this with a packet sniffer, and I also just inspected the code for all of them. I admit I could be mistaken but I just don't see my mistake. > In many (most, probably) cases you don't want all the users of a > system to be able to log onto the repository. The passwd file is the > most obvious way to achieve this. Well, the authentication part is there so that the server knows who the user is. But whether or not the user can access the repository in what way is an authorization issue that can be controlled by file permissions and/or the "readers" and "writers" files in the individual repositories. It seems dangerous to me to have non-pserver protocols use the passwd file because it makes it too easy to allow pserver access when you don't want to (if you don't have a passwd file, nobody can use pserver). I believe that traditionally (on unix), :gserver: and :kserver: modes have never sent the root in the authentication request because they have never used the passwd file, so they never needed to tell the server what repository root to use. My understanding is that the original intention was that only :pserver: would use the passwd file. In fact, I attempted to make a patch for you that moved check_password, check_repository_password, etc. out of server.c and put it in pserver_protocol.dll. The only reason I didn't submit it was because it required rearranging the contents of a lot of files due to a lot of cross-file dependencies. - Brian _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs