head	1.1;
access;
symbols
	new_line:1.1.0.4
	TIGRIS_1_0_8_1:1.1
	TIGRIS_1_0_8_0:1.1
	TIGRIS_1_0_4:1.1
	USE_AUTHENTICATION_PROCESSOR:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2001.03.08.19.41.56;	author kfogel;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2001.03.08.19.46.18;	author kfogel;	state Exp;
branches;
next	1.1.2.2;

1.1.2.2
date	2001.03.08.19.50.05;	author kfogel;	state Exp;
branches;
next	1.1.2.3;

1.1.2.3
date	2001.03.08.22.00.34;	author kfogel;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Briefly describe what's here.
@
text
@     Oh Most High and Puissant Emacs, please be in -*- text -*- mode!

This directory contains CollabNet's version of mainline CVS.  We've
added an authentication system to work with the SourceCast MySQL
database schema.

[Thom, describe more here?]

More recently, Thom has written a generic authentication protocol
mechanism for CVS.  One side is built into CVS, and the other talks to
the Sourcecast schema.  This should make future extensions a lot
easier to handle.  To get those changes, move to Thom's branch:

   cvs up -r USE_AUTHENTICATION_PROCESSOR

-Karl
@


1.1.2.1
log
@Briefly describe the new plan here.
@
text
@d7 10
a16 6
This branch, USE_AUTHENTICATION_PROCESSOR, contains Thom's rewrite of
that system.  Instead of CVS making queries directly into the database
(bad!), CVS will speak an authentication protocol (good!).  One side
of the protocol lives in CVS and is not even Sourcecast-specific; the
other side is responsible for understanding the Sourcecast schema.
This should make future extensions a lot easier for us.
@


1.1.2.2
log
@Fill in more details of the new plan.
@
text
@a12 145

See these files

   src/src/pcheck.test
   src/src/pcheck.pl
   src/src/local_auth.c

-*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- 

From: Thom Wood <thom@@collab.net>
Subject: Re: the recent CVS perm changes
To: kfogel@@collab.net
Cc: chris@@collab.net, jrobbins@@collab.net
Date: Tue, 6 Mar 2001 14:52:23 -0800

Root        =: pserver:<user>@@cvs.tigris.org:/cvs
Repository  =: releng/rpm/tigris-vc
Branch      =: USE_AUTHENTICATION_PROCESSOR


Request:
   <session id=[0-9]+>
Meaning:
   Start a session with id = xxxx
Responce: none
Note: this request Must be the first request 

Request:
   <login session=[0-9]+>
   <user>[a-zA-Z]+</user>
   <password>.*</password>
   <repository>.*</repository>
   </login>
Responce:
    [-+][a-zA-Z]+
Meaning:
   login to this session by user for repository (CVSROOT)
Note: if the first char is '+' then login passed
      if '-' then failed
      the rest will match the <user> field value
      this Must precede all check requests

Request:
    <root session=[0-9]+>.*</root>
Responce: none
Meaning:
    change the cvs root to value

Request:
    <trace session=[0-9]+>on</trace>
Responce: none
Meaning:
     tell the process to send trace messages

Request:
    <trace session=[0-9]+>off</trace>
Responce: none
Meaning:
     tell the process to not send trace messages

Request:
    <action session=[0-9]+>[a-zA-Z]+</action>
Responce: none
Meaning:
     tell the process that action check will be requested


Request:
    <check session=[0-9]+>
    <user>[a-zA-Z]+</user>
    <action>[a-zA-Z]+</action>
    <root>.*</root>
    <project>[a-zA-Z]+</project>
    </check>
Responce:
    [-+][a-zA-Z]+
Meaning:
    check to see if user has <action> access to <project>
Note: if the first char is '+' then access granted
      if '-' then access denied
      the rest will match the <project> field value


Request:
      <check session=[0-9]+>
      <user>[a-zA-Z]+</user>
      <action>[a-zA-Z]+</action>
      <root>.*</root>
      <project>[a-zA-Z]+</project>
      <path>.*</path>
      </check>
Request:
    <check session=[0-9]+>
    <user>[a-zA-Z]+</user>
    <action>[a-zA-Z]+</action>
    <root>.*</root>
    <project>[a-zA-Z]+</project>
    </check>
Responce:
    [-+][a-zA-Z]+
Meaning:
    check to see if user has <action> access to <path> in <project>
Note: if the first char is '+' then access granted
      if '-' then access denied
      the rest will match the <path> field value


Request:
    </session>
Meaning:
    close down the current session
Responce:
    +DONE
Note: this Must be the last messeage to the process
  unless an 'F' responce was recieved



Other Responces:
   for any request any number of the following can be returned.

   
Responce:
   E[^\n]*
Meaning:
   return this message to the user thur stderr
Note:
   this maybe used for a mult-line fatal error message
   or for trace output.

Responce:
   F[^\n]*
Meaning:
   return this message to the user thur stderr
   and close the connection
Note:
   a fatal error

Responce:
   M[^\n]*
Meaning:
   return this message to the user thur stdout
Note:
   infor the user of some event.

@


1.1.2.3
log
@Rudimentary protocol documentation.
@
text
@d14 1
a14 2
See the functions verify_* (declared in cvs.h), and take a look at
these files
a18 1
   src/src/server.c
a20 2
Here's Thom's email to me describing the protocol.  This should really
be turned into a formal protocol document, though...
d22 76
a97 20
   From: Thom Wood <thom@@collab.net>
   Subject: Re: the recent CVS perm changes
   To: kfogel@@collab.net
   Cc: chris@@collab.net, jrobbins@@collab.net
   Date: Tue, 6 Mar 2001 14:52:23 -0800
   
   Root        =: pserver:<user>@@cvs.tigris.org:/cvs
   Repository  =: releng/rpm/tigris-vc
   Branch      =: USE_AUTHENTICATION_PROCESSOR
   
   
   Request:
      <session id=[0-9]+>
   Meaning:
      Start a session with id = xxxx
   Responce: none
   Note: this request Must be the first request 
   
   Request:
      <login session=[0-9]+>
d99 35
a133 11
      <password>.*</password>
      <repository>.*</repository>
      </login>
   Responce:
       [-+][a-zA-Z]+
   Meaning:
      login to this session by user for repository (CVSROOT)
   Note: if the first char is '+' then login passed
         if '-' then failed
         the rest will match the <user> field value
         this Must precede all check requests
d135 23
a157 102
   Request:
       <root session=[0-9]+>.*</root>
   Responce: none
   Meaning:
       change the cvs root to value
   
   Request:
       <trace session=[0-9]+>on</trace>
   Responce: none
   Meaning:
        tell the process to send trace messages
   
   Request:
       <trace session=[0-9]+>off</trace>
   Responce: none
   Meaning:
        tell the process to not send trace messages
   
   Request:
       <action session=[0-9]+>[a-zA-Z]+</action>
   Responce: none
   Meaning:
        tell the process that action check will be requested
   
   
   Request:
       <check session=[0-9]+>
       <user>[a-zA-Z]+</user>
       <action>[a-zA-Z]+</action>
       <root>.*</root>
       <project>[a-zA-Z]+</project>
       </check>
   Responce:
       [-+][a-zA-Z]+
   Meaning:
       check to see if user has <action> access to <project>
   Note: if the first char is '+' then access granted
         if '-' then access denied
         the rest will match the <project> field value
   
   
   Request:
         <check session=[0-9]+>
         <user>[a-zA-Z]+</user>
         <action>[a-zA-Z]+</action>
         <root>.*</root>
         <project>[a-zA-Z]+</project>
         <path>.*</path>
         </check>
   Request:
       <check session=[0-9]+>
       <user>[a-zA-Z]+</user>
       <action>[a-zA-Z]+</action>
       <root>.*</root>
       <project>[a-zA-Z]+</project>
       </check>
   Responce:
       [-+][a-zA-Z]+
   Meaning:
       check to see if user has <action> access to <path> in <project>
   Note: if the first char is '+' then access granted
         if '-' then access denied
         the rest will match the <path> field value
   
   
   Request:
       </session>
   Meaning:
       close down the current session
   Responce:
       +DONE
   Note: this Must be the last messeage to the process
     unless an 'F' responce was recieved
   
   
   
   Other Responces:
      for any request any number of the following can be returned.
   
      
   Responce:
      E[^\n]*
   Meaning:
      return this message to the user thur stderr
   Note:
      this maybe used for a mult-line fatal error message
      or for trace output.
   
   Responce:
      F[^\n]*
   Meaning:
      return this message to the user thur stderr
      and close the connection
   Note:
      a fatal error
   
   Responce:
      M[^\n]*
   Meaning:
      return this message to the user thur stdout
   Note:
      infor the user of some event.
@


