From 83a017f8845abcc88b98eed27e4532b819f77a21 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@sita-lt.atc.tcs.com>
Date: Sun, 14 Feb 2010 09:51:51 +0530
Subject: [PATCH] htpassword: disallow empty passwords

[TODO: allow a callback for a password checking function, such as
"passwd_policy_check".  Question is where the function would go.
~/.gitolite.rc is the only possible place among the current set of files
but I'd rather leave that as a list of simple name=value lines for all
sorts of reasons.  So maybe something like ~/.gitolite.pm (analogous to
the "gitolite.pm" in the sources I supply), which would get "require'd"
if found, and would contain all user-defined functions like this one...
needs some thinking about]
---
 src/gitolite.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/gitolite.pm b/src/gitolite.pm
index 5638d05..6f8025c 100644
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@ -457,6 +457,7 @@ EOFhtp
 
     my $password = <>;
     $password =~ s/[\n\r]*$//;
+    die "empty passwords are not allowed\n" unless $password;
     my $rc = system("htpasswd", "-b", $HTPASSWD_FILE, $ENV{GL_USER}, $password);
     die "htpasswd command seems to have failed with $rc return code...\n" if $rc;
 }