svn:author with single kerberos account

[Dennis Shpakov <ds...@fnal.gov>]

I am setting up a subversion repository on a server that only allows 
kerberized ssh access. In general, developers are not allowed to have 
real accounts on the server but are supposed to come in as a generic 
user called svnuser via the .k5login file mechanism.

I replaced the login shell of the svnuser account by a script that 
eventually hands execution over to svnserve -t. To implement per-project 
access control under the condition that the hook scripts run in the 
sterile environment, I made the login shell script extract the kerberos 
principal name from the credentials cache file (a user without a 
forwardable ticket is therefore denied access) and store it in a file 
with a name based on a process id. The start-commit hook then checks for 
the parent process id, reads the principal name from the corresponding 
file, and checks it against an access control list.

Everything looks fine except that the svn:author property is always set 
to svnuser (which is expected, of course), while one would naturally 
want to have it set to the kerberos principal name of the author 
committing the change. Is there a simple way to do it in one of the hook 
scripts using the same identification scheme as in start-commit?

Thank you,

       Dennis Shpakov

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: svn:author with single kerberos account

[John Rouillard <ro...@renesys.com>]

On Jul 20, 2006, at 00:43, Dennis Shpakov wrote:
 
>I am setting up a subversion repository on a server that only  
>allows kerberized ssh access. [...]
>
>I replaced the login shell of the svnuser account by a script that  
>eventually hands execution over to svnserve -t. To implement per- 
>project access control under the condition that the hook scripts  
>run in the sterile environment, I made the login shell script  
>extract the kerberos principal name from the credentials cache file  
>[...]
>Everything looks fine except that the svn:author property is always  
>set to svnuser (which is expected, of course), while one would  
>naturally want to have it set to the kerberos principal name of the  
>author committing the change. Is there a simple way to do it in one  
>of the hook scripts using the same identification scheme as in  
>start-commit?

Can you have your script that invokes svnserve -t use the principle
name as in:

    svnserver -t --tunnel-user <principle>

that should set the svn:author for you and the hook scripts can see
that using svnlook.

--
				-- rouilj

John Rouillard
System Administrator
Renesys Corporation
603-643-9300 x 111

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: svn:author with single kerberos account

[Dennis Shpakov <ds...@fnal.gov>]

I finally figured it out: passing "--tunnel-user <kerberos_principal>" 
to svnserve solved the problem.

Thanks,

       Dennis

Dennis Shpakov wrote:
> Ryan Schmidt wrote:
>>
>> On Jul 20, 2006, at 00:43, Dennis Shpakov wrote:
>>
>>> I am setting up a subversion repository on a server that only allows 
>>> kerberized ssh access. In general, developers are not allowed to 
>>> have real accounts on the server but are supposed to come in as a 
>>> generic user called svnuser via the .k5login file mechanism.
>>>
>>> I replaced the login shell of the svnuser account by a script that 
>>> eventually hands execution over to svnserve -t. To implement 
>>> per-project access control under the condition that the hook scripts 
>>> run in the sterile environment, I made the login shell script 
>>> extract the kerberos principal name from the credentials cache file 
>>> (a user without a forwardable ticket is therefore denied access) and 
>>> store it in a file with a name based on a process id. The 
>>> start-commit hook then checks for the parent process id, reads the 
>>> principal name from the corresponding file, and checks it against an 
>>> access control list.
>>>
>>> Everything looks fine except that the svn:author property is always 
>>> set to svnuser (which is expected, of course), while one would 
>>> naturally want to have it set to the kerberos principal name of the 
>>> author committing the change. Is there a simple way to do it in one 
>>> of the hook scripts using the same identification scheme as in 
>>> start-commit?
>>
>> I don't know if the situation you're experiencing is the expected 
>> one, because I've never tried to set Subversion up like that.
> It is expected because the unix user that owns the svnserve process is 
> always svnuser.
>
>> But yes, you can modify revision properties in for example the 
>> pre-commit or post-commit hook.
> How should I do that? If I run something like
>
> /usr/bin/svn propset svn:author dshpakov -r12 --revprop
>
> in post-commit, I get the error message saying "svn: '.' is not a 
> working copy".
>
> Thanks again,
>
>       Dennis
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: svn:author with single kerberos account

[Dennis Shpakov <ds...@fnal.gov>]

Ryan Schmidt wrote:
>
> On Jul 20, 2006, at 00:43, Dennis Shpakov wrote:
>
>> I am setting up a subversion repository on a server that only allows 
>> kerberized ssh access. In general, developers are not allowed to have 
>> real accounts on the server but are supposed to come in as a generic 
>> user called svnuser via the .k5login file mechanism.
>>
>> I replaced the login shell of the svnuser account by a script that 
>> eventually hands execution over to svnserve -t. To implement 
>> per-project access control under the condition that the hook scripts 
>> run in the sterile environment, I made the login shell script extract 
>> the kerberos principal name from the credentials cache file (a user 
>> without a forwardable ticket is therefore denied access) and store it 
>> in a file with a name based on a process id. The start-commit hook 
>> then checks for the parent process id, reads the principal name from 
>> the corresponding file, and checks it against an access control list.
>>
>> Everything looks fine except that the svn:author property is always 
>> set to svnuser (which is expected, of course), while one would 
>> naturally want to have it set to the kerberos principal name of the 
>> author committing the change. Is there a simple way to do it in one 
>> of the hook scripts using the same identification scheme as in 
>> start-commit?
>
> I don't know if the situation you're experiencing is the expected one, 
> because I've never tried to set Subversion up like that.
It is expected because the unix user that owns the svnserve process is 
always svnuser.

> But yes, you can modify revision properties in for example the 
> pre-commit or post-commit hook.
How should I do that? If I run something like

/usr/bin/svn propset svn:author dshpakov -r12 --revprop

in post-commit, I get the error message saying "svn: '.' is not a 
working copy".

Thanks again,

       Dennis

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: svn:author with single kerberos account

[Ryan Schmidt <su...@ryandesign.com>]

On Jul 20, 2006, at 00:43, Dennis Shpakov wrote:

> I am setting up a subversion repository on a server that only  
> allows kerberized ssh access. In general, developers are not  
> allowed to have real accounts on the server but are supposed to  
> come in as a generic user called svnuser via the .k5login file  
> mechanism.
>
> I replaced the login shell of the svnuser account by a script that  
> eventually hands execution over to svnserve -t. To implement per- 
> project access control under the condition that the hook scripts  
> run in the sterile environment, I made the login shell script  
> extract the kerberos principal name from the credentials cache file  
> (a user without a forwardable ticket is therefore denied access)  
> and store it in a file with a name based on a process id. The start- 
> commit hook then checks for the parent process id, reads the  
> principal name from the corresponding file, and checks it against  
> an access control list.
>
> Everything looks fine except that the svn:author property is always  
> set to svnuser (which is expected, of course), while one would  
> naturally want to have it set to the kerberos principal name of the  
> author committing the change. Is there a simple way to do it in one  
> of the hook scripts using the same identification scheme as in  
> start-commit?

I don't know if the situation you're experiencing is the expected  
one, because I've never tried to set Subversion up like that.

But yes, you can modify revision properties in for example the pre- 
commit or post-commit hook.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org