diff options
| author | Carlo Marcelo Arenas Belón <carenas@gmail.com> | 2021-09-15 11:09:46 +0300 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-09-17 01:06:24 +0300 |
| commit | a7775c7eb8074fcf37f22bdcdc0971448c1aa4d1 (patch) | |
| tree | 012510275785edc16239c7d1618f49e44228ea37 /git-cvsserver.perl | |
| parent | 225bc32a989d7a22fa6addafd4ce7dcd04675dbf (diff) | |
git-cvsserver: use crypt correctly to compare password hashes
c057bad370 (git-cvsserver: use a password file cvsserver pserver,
2010-05-15) adds a way for `git cvsserver` to provide authenticated
pserver accounts without having clear text passwords, but uses the
username instead of the password to the call for crypt(3).
Correct that, and make sure the documentation correctly indicates how
to obtain hashed passwords that could be used to populate this
configuration, as well as correcting the hash that was used for the
tests.
This change will require that any user of this feature updates the
hashes in their configuration, but has the advantage of using a more
similar format than cvs uses, probably also easying any migration.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'git-cvsserver.perl')
| -rwxr-xr-x | git-cvsserver.perl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/git-cvsserver.perl b/git-cvsserver.perl index ed035f32c2..4c93b5d099 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -222,7 +222,7 @@ if ($state->{method} eq 'pserver') { open my $passwd, "<", $authdb or die $!; while (<$passwd>) { if (m{^\Q$user\E:(.*)}) { - if (crypt($user, descramble($password)) eq $1) { + if (crypt(descramble($password), $1) eq $1) { $auth_ok = 1; } }; |