Add a new long flag that causes cvs to ignore the CVSROOT/passwd file.

This is mostly intended for use on freefall where we'd like to provide
a passwd file for easy anoncvs mirroring access, but don't want to open
up the pserver on freefall itself.

While here, some initial tweaks intended for allowing an empty pserver
password.  I'm not sure that this works yet.

1 files changed, 9 insertions, 4 deletions

diff --git a/contrib/cvs/src/server.c b/contrib/cvs/src/server.c
index 2959ac2..e2cc3aa 100644
--- a/contrib/cvs/src/server.c
+++ b/contrib/cvs/src/server.c
@@ -4718,15 +4718,17 @@ check_repository_password (username, password, repository, host_user_ptr)
     /* If found_it != 0, then linebuf contains the information we need. */
     if (found_it)
     {
-	char *found_password, *host_user_tmp;
+	char *found_password, *host_user_tmp = NULL;
 
 	strtok (linebuf, ":");
 	found_password = strtok (NULL, ": \n");
-	host_user_tmp = strtok (NULL, ": \n");
+	if (found_password)
+	    host_user_tmp = strtok (NULL, ": \n");
 	if (host_user_tmp == NULL)
             host_user_tmp = username;
 
-	if (strcmp (found_password, crypt (password, found_password)) == 0)
+	if (found_passwd == NULL || *found_passwd == '\0' ||
+	    strcmp (found_password, crypt (password, found_password)) == 0)
         {
             /* Give host_user_ptr permanent storage. */
             *host_user_ptr = xstrdup (host_user_tmp);
@@ -4764,7 +4766,10 @@ check_password (username, password, repository)
        password file.  If so, that's enough to authenticate with.  If
        not, we'll check /etc/passwd. */
 
-    rc = check_repository_password (username, password, repository,
+    if (require_real_user)
+	rc = 0;		/* "not found" */
+    else
+	rc = check_repository_password (username, password, repository,
 				    &host_user);
 
     if (rc == 2)