added the svn_read_credential option
This commit is contained in:
parent
3a77aa79e3
commit
6d243590d8
@ -338,6 +338,15 @@ svn_tag_property = "codepot:tag"
|
|||||||
;------------------------------------------------------------------------------
|
;------------------------------------------------------------------------------
|
||||||
svn_read_access = "member"
|
svn_read_access = "member"
|
||||||
|
|
||||||
|
;------------------------------------------------------------------------------
|
||||||
|
; Grant subversin read access to public repository if the user id and the
|
||||||
|
; password match this special credential configured. The value must be
|
||||||
|
; a userid and a password separated by a colon. For example,
|
||||||
|
; anonymous:aab08d13-942c-49bc-b6a7-5ca4408b08d6
|
||||||
|
; This credentical takes precedence over non-anonymous svn_read_access mode.
|
||||||
|
;------------------------------------------------------------------------------
|
||||||
|
svn_read_credential = ""
|
||||||
|
|
||||||
;------------------------------------------------------------------------------
|
;------------------------------------------------------------------------------
|
||||||
; The length of a commit message must be as long as this value.
|
; The length of a commit message must be as long as this value.
|
||||||
;------------------------------------------------------------------------------
|
;------------------------------------------------------------------------------
|
||||||
|
|||||||
@ -76,7 +76,8 @@ sub get_config
|
|||||||
database_driver => $cfg->param('database_driver'),
|
database_driver => $cfg->param('database_driver'),
|
||||||
database_prefix => $cfg->param('database_prefix'),
|
database_prefix => $cfg->param('database_prefix'),
|
||||||
|
|
||||||
svn_read_access => $cfg->param ('svn_read_access')
|
svn_read_access => $cfg->param('svn_read_access'),
|
||||||
|
svn_read_credential => $cfg->param('svn_read_credential')
|
||||||
};
|
};
|
||||||
|
|
||||||
return $config;
|
return $config;
|
||||||
@ -307,6 +308,7 @@ sub is_read_method
|
|||||||
$method eq "OPTIONS" || $method eq "REPORT" ||
|
$method eq "OPTIONS" || $method eq "REPORT" ||
|
||||||
$method eq "PROPFIND";
|
$method eq "PROPFIND";
|
||||||
}
|
}
|
||||||
|
|
||||||
sub __handler
|
sub __handler
|
||||||
{
|
{
|
||||||
my ($r, $cfg, $dbh) = @_;
|
my ($r, $cfg, $dbh) = @_;
|
||||||
@ -375,6 +377,15 @@ sub __handler
|
|||||||
}
|
}
|
||||||
return Apache2::Const::OK;
|
return Apache2::Const::OK;
|
||||||
}
|
}
|
||||||
|
elsif (defined($cfg->{svn_read_credential}) && $cfg->{svn_read_credential} ne '')
|
||||||
|
{
|
||||||
|
# security loop hole here.
|
||||||
|
my ($c_user, $c_pass) = split(/:/, $cfg->{svn_read_credential});
|
||||||
|
if ($c_user ne '' && $c_pass ne '' && $c_user eq $userid && $c_pass eq $password)
|
||||||
|
{
|
||||||
|
return Apache2::Const::OK;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -53,8 +53,8 @@ class DbLoginModel extends LoginModel
|
|||||||
$result = $query->result ();
|
$result = $query->result ();
|
||||||
if (empty($result))
|
if (empty($result))
|
||||||
{
|
{
|
||||||
$this->setErrorMessage ('invalid credential'); // no such user name
|
|
||||||
$this->db->trans_rollback ();
|
$this->db->trans_rollback ();
|
||||||
|
$this->setErrorMessage ('No such user');
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -10,8 +10,7 @@ class LdapLoginModel extends LoginModel
|
|||||||
|
|
||||||
function authenticate ($userid, $password)
|
function authenticate ($userid, $password)
|
||||||
{
|
{
|
||||||
//$ldap = @ldap_connect (
|
//$ldap = @ldap_connect (CODEPOT_LDAP_SERVER_HOST, CODEPOT_LDAP_SERVER_PORT);
|
||||||
// CODEPOT_LDAP_SERVER_HOST, CODEPOT_LDAP_SERVER_PORT);
|
|
||||||
$ldap = @ldap_connect(CODEPOT_LDAP_SERVER_URI);
|
$ldap = @ldap_connect(CODEPOT_LDAP_SERVER_URI);
|
||||||
if ($ldap === FALSE)
|
if ($ldap === FALSE)
|
||||||
{
|
{
|
||||||
@ -57,8 +56,8 @@ class LdapLoginModel extends LoginModel
|
|||||||
|
|
||||||
if ($ec <= 0)
|
if ($ec <= 0)
|
||||||
{
|
{
|
||||||
$this->setErrorMessage ('No such user');
|
|
||||||
ldap_close ($ldap);
|
ldap_close ($ldap);
|
||||||
|
$this->setErrorMessage ('No such user');
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -82,6 +82,7 @@ class LoginModel extends Model
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// big security loophole - implement a different way of session management
|
||||||
$this->session->set_userdata (
|
$this->session->set_userdata (
|
||||||
array (
|
array (
|
||||||
'userid' => $userid,
|
'userid' => $userid,
|
||||||
|
|||||||
@ -34,6 +34,7 @@ function load_ini ($file)
|
|||||||
|
|
||||||
array ('signin_compulsory', 'boolean', FALSE),
|
array ('signin_compulsory', 'boolean', FALSE),
|
||||||
array ('code_read_access', 'string', 'anonymous'),
|
array ('code_read_access', 'string', 'anonymous'),
|
||||||
|
array ('code_read_credential', 'string', ''),
|
||||||
array ('file_read_access', 'string', 'anonymous'),
|
array ('file_read_access', 'string', 'anonymous'),
|
||||||
|
|
||||||
array ('https_compulsory', 'boolean', FALSE),
|
array ('https_compulsory', 'boolean', FALSE),
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user