Add a new long flag that causes cvs to ignore the CVSROOT/passwd file.

This is mostly intended for use on freefall where we'd like to provide
a passwd file for easy anoncvs mirroring access, but don't want to open
up the pserver on freefall itself.

While here, some initial tweaks intended for allowing an empty pserver
password.  I'm not sure that this works yet.

3 files changed, 17 insertions, 5 deletions

diff --git a/contrib/cvs/src/cvs.h b/contrib/cvs/src/cvs.h
index 713ba79..b194d16 100644
--- a/contrib/cvs/src/cvs.h
+++ b/contrib/cvs/src/cvs.h
@@ -389,6 +389,7 @@ extern int trace;		/* Show all commands */
 extern int noexec;		/* Don't modify disk anywhere */
 extern int readonlyfs;		/* fail on all write locks; succeed all read locks */
 extern int logoff;		/* Don't write history entry */
+extern int require_real_user;	/* skip CVSROOT/passwd, /etc/passwd users only*/
 
 #ifdef AUTH_SERVER_SUPPORT
 extern char *Pserver_Repos;     /* used to check that same repos is
diff --git a/contrib/cvs/src/main.c b/contrib/cvs/src/main.c
index 30358c5..8136f5f 100644
--- a/contrib/cvs/src/main.c
+++ b/contrib/cvs/src/main.c
@@ -41,6 +41,7 @@ int quiet = 0;
 int trace = 0;
 int noexec = 0;
 int readonlyfs = 0;
+int require_real_user = 0;
 int logoff = 0;
 mode_t cvsumask = UMASK_DFLT;
 
@@ -479,7 +480,7 @@ main (argc, argv)
     opterr = 1;
 
     while ((c = getopt_long
-            (argc, argv, "+QqrwtnRlvb:T:e:d:Hfz:s:xa", long_options, &option_index))
+            (argc, argv, "+QqrwtnRlvb:T:e:d:Hfz:s:xaU", long_options, &option_index))
            != EOF)
     {
 	switch (c)
@@ -602,6 +603,11 @@ Copyright (c) 1989-1998 Brian Berliner, david d `zoo' zuhn, \n\
                    We will issue an error later if stream
                    authentication is not supported.  */
 		break;
+	    case 'U':
+#ifdef SERVER_SUPPORT
+		require_real_user = 1;
+#endif
+		break;
 	    case '?':
 	    default:
                 usage (usg);
diff --git a/contrib/cvs/src/server.c b/contrib/cvs/src/server.c
index 2959ac2..e2cc3aa 100644
--- a/contrib/cvs/src/server.c
+++ b/contrib/cvs/src/server.c
@@ -4718,15 +4718,17 @@ check_repository_password (username, password, repository, host_user_ptr)
     /* If found_it != 0, then linebuf contains the information we need. */
     if (found_it)
     {
-	char *found_password, *host_user_tmp;
+	char *found_password, *host_user_tmp = NULL;
 
 	strtok (linebuf, ":");
 	found_password = strtok (NULL, ": \n");
-	host_user_tmp = strtok (NULL, ": \n");
+	if (found_password)
+	    host_user_tmp = strtok (NULL, ": \n");
 	if (host_user_tmp == NULL)
             host_user_tmp = username;
 
-	if (strcmp (found_password, crypt (password, found_password)) == 0)
+	if (found_passwd == NULL || *found_passwd == '\0' ||
+	    strcmp (found_password, crypt (password, found_password)) == 0)
         {
             /* Give host_user_ptr permanent storage. */
             *host_user_ptr = xstrdup (host_user_tmp);
@@ -4764,7 +4766,10 @@ check_password (username, password, repository)
        password file.  If so, that's enough to authenticate with.  If
        not, we'll check /etc/passwd. */
 
-    rc = check_repository_password (username, password, repository,
+    if (require_real_user)
+	rc = 0;		/* "not found" */
+    else
+	rc = check_repository_password (username, password, repository,
 				    &host_user);
 
     if (rc == 2)