=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/anoncvs.shar,v retrieving revision 1.3 retrieving revision 1.4 diff -c -r1.3 -r1.4 *** www/anoncvs.shar 1996/06/22 13:30:06 1.3 --- www/anoncvs.shar 1996/09/14 22:16:56 1.4 *************** *** 36,41 **** --- 36,51 ---- Xthe file /open/sup/ss contains X cvs host=cvs.openbsd.org hostbase=/ base=/open/anoncvs delete X + Xthe file /open/sup/cvs/refuse should contain the single line + X cvs/CVSROOT/history + Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will + Xcause you problems. + X + Xon an IRIX or other SYSV machine, ensure that your kernel does not allow + Xa user to chown a file to another user. this will cause sup to give away + Xthe files to root before chmod'ing them readable. michaels@openbsd.org + Xknows how to fix this. + X Xmkdir /open/ Xmkdir /open/anoncvs Xmkdir /open/anoncvs/cvs *************** *** 99,105 **** X2) to have an anoncvsN.COUNTRY.openbsd.org alias created X3) to have your site mentioned in the http://www.openbsd.org page. X - X XExample layout. In this example "deraadt" is the $SUPUSER. X X[eap open 5 ]> cd /open --- 109,114 ---- *************** *** 262,276 **** X * anoncvssh X */ X - X#ifndef CVSROOT - X#define CVSROOT "anoncvs@anoncvs1.usa.openbsd.org:/cvs" - X#endif - X X#include ! X#include X#include X#include X Xint Xmain(argc, argv) Xint argc; --- 271,358 ---- X * anoncvssh X */ X X#include ! X#include ! X#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) ! X#include ! X#endif X#include + X#include X#include X + X#ifndef __CONCAT + X#if defined(__STDC__) || defined(__cplusplus) + X#define __CONCAT(x,y) x ## y + X#else + X#define __CONCAT(x,y) x/**/y + X#endif + X#endif + X + X#ifndef __CONCAT3 + X#if defined(__STDC__) || defined(__cplusplus) + X#define __CONCAT3(x,y,z) x ## y ## z + X#else + X#define __CONCAT3(x,y,z) x/**/y/**/z + X#endif + X#endif + X + X#ifndef __P + X#if defined(__STDC__) || defined(__cplusplus) + X#define __P(protos) protos /* full-blown ANSI C */ + X#else + X#define __P(protos) () /* traditional C preprocessor */ + X#endif + X#endif + X + X/* + X * You may need to change this path to ensure that RCS, CVS and diff + X * can be found + X */ + X#ifndef _PATH_DEFPATH + X#define _PATH_DEFPATH "/bin:/usr/bin" + X#endif + X + X/* + X * This should not normally have to be changed + X */ + X#ifndef _PATH_BSHELL + X#define _PATH_BSHELL "/bin/sh" + X#endif + X + X/* + X * Location of CVS tree, relative to the anonymous CVS user's + X * home directory + X */ + X#ifndef LOCALROOT + X#define LOCALROOT "/cvs" + X#endif + X + X/* + X * Account and host name to be used when accessing the + X * CVS repository remotely + X */ + X#ifndef HOSTNAME + X#define HOSTNAME "anoncvs@anoncvs1.usa.openbsd.org" + X#endif + X + X/* + X * $CVSROOT is created based on HOSTNAME and LOCALROOT above + X */ + X#ifndef CVSROOT + X#define CVSROOT __CONCAT3(HOSTNAME,":",LOCALROOT) + X#endif + X + Xint main __P((int, char *[])); + X + Xchar * const env[] = { + X __CONCAT("PATH=",_PATH_DEFPATH), + X __CONCAT("SHELL=",_PATH_BSHELL), + X __CONCAT("CVSROOT=",LOCALROOT), + X "HOME=/", + X "CVSREADONLYFS=1", + X NULL + X}; + X Xint Xmain(argc, argv) Xint argc; *************** *** 293,299 **** X exit (1); X } X chdir("/"); ! X seteuid(getuid()); X X /* X * program now "safe" --- 375,381 ---- X exit (1); X } X chdir("/"); ! X setuid(getuid()); X X /* X * program now "safe" *************** *** 313,329 **** X exit(0); X } X ! X /* ! X * since the only things in annocvs's bin entire chroot space will ! X * be "safe commands", this is not a big deal ! X */ ! X putenv("SHELL=/bin/sh"); ! X putenv("CVSROOT=/cvs"); ! X putenv("HOME=/"); ! X putenv("CVSREADONLYFS="); ! X ! X execl("/usr/bin/cvs", "cvs", "server", NULL); ! X perror("execl: cvs"); X fprintf(stderr, "unable to exec CVS server!\n"); X exit(1); X} --- 395,402 ---- X exit(0); X } X ! X execle("/usr/bin/cvs", "cvs", "server", NULL, env); ! X perror("execle: cvs"); X fprintf(stderr, "unable to exec CVS server!\n"); X exit(1); X}