
# Be more aggressive about checking --allow-root; can now be used for
# limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
# Original patch by Tim Riker <Tim@Rikers.org>, slightly cleaned up
diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
--- cvs-1.12.13-old/src/cvs.h	2008-04-07 14:38:12.000000000 +0100
+++ cvs-1.12.13/src/cvs.h	2008-04-07 15:03:17.000000000 +0100
@@ -399,8 +399,7 @@
 extern int noexec;		/* Don't modify disk anywhere */
 extern int readonlyfs;		/* fail on all write locks; succeed all read locks */
 extern int logoff;		/* Don't write history entry */
-
-
+extern int allowed_root_req;    /* Should we limit to a specified root? */
 
 #define LOGMSG_REREAD_NEVER 0	/* do_verify - never  reread message */
 #define LOGMSG_REREAD_ALWAYS 1	/* do_verify - always reread message */
diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
--- cvs-1.12.13-old/src/main.c	2008-04-07 14:38:12.000000000 +0100
+++ cvs-1.12.13/src/main.c	2008-04-07 15:04:51.000000000 +0100
@@ -45,6 +45,7 @@
 int noexec = 0;
 int readonlyfs = 0;
 int logoff = 0;
+int allowed_root_req = 0;
 char *PasswordFileName = NULL;
 
 /***
@@ -648,6 +649,7 @@
 	    case 3:
 		/* --allow-root */
 		root_allow_add (optarg, gConfigPath);
+                allowed_root_req = 1;
 		break;
 #endif /* SERVER_SUPPORT */
 	    case 5:
diff -ruN cvs-1.12.13-old/src/root.c cvs-1.12.13/src/root.c
--- cvs-1.12.13-old/src/root.c	2008-04-07 14:38:11.000000000 +0100
+++ cvs-1.12.13/src/root.c	2008-04-07 15:39:49.000000000 +0100
@@ -293,6 +293,12 @@
     dellist (&root_allow);
 }
 
+int
+root_allow_used ()
+{
+    return (root_allow != NULL);
+}
+
 bool
 root_allow_ok (const char *arg)
 {
diff -ruN cvs-1.12.13-old/src/root.h cvs-1.12.13/src/root.h
--- cvs-1.12.13-old/src/root.h	2005-09-25 01:38:29.000000000 +0100
+++ cvs-1.12.13/src/root.h	2008-04-07 15:40:04.000000000 +0100
@@ -64,6 +64,7 @@
 void root_allow_add (const char *, const char *configPath);
 void root_allow_free (void);
 bool root_allow_ok (const char *);
+int root_allow_used ();
 struct config *get_root_allow_config (const char *arg, const char *configPath);
 const char *primary_root_translate (const char *root_in);
 const char *primary_root_inverse_translate (const char *root_in);
diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
--- cvs-1.12.13-old/src/server.c	2008-04-07 14:38:12.000000000 +0100
+++ cvs-1.12.13/src/server.c	2008-04-07 15:43:01.000000000 +0100
@@ -801,6 +801,14 @@
 	return;
     }
 
+    if (root_allow_used() && !root_allow_ok(arg))
+    {
+	if (alloc_pending (80 + strlen (arg)))
+	    sprintf (pending_error_text,
+		     "E Bad root %s", arg);
+	return;
+    }
+
     /* Set original_parsed_root here, not because it can be changed in the
      * client Redirect sense, but so we don't have to switch in code that
      * runs in both modes to decide which to print.

