Annotation of www/anoncvs.shar, Revision 1.7
1.1 deraadt 1: # This is a shell archive. Save it in a file, remove anything before
2: # this line, and then unpack it by entering "sh file". Note, it may
3: # create directories; files and directories will be owned by you and
4: # have default permissions.
5: #
6: # This archive contains:
7: #
1.6 deraadt 8: # Makefile
1.1 deraadt 9: # README
10: # anoncvssh.c
11: #
1.6 deraadt 12: echo x - Makefile
13: sed 's/^X//' >Makefile << 'END-of-Makefile'
14: X#CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs
15: XPROG= anoncvssh
16: XBINOWN= root
17: XBINMODE=4111
18: XBINDIR=/open
19: XNOMAN=
20: X
21: X.include <bsd.prog.mk>
22: X
23: END-of-Makefile
1.1 deraadt 24: echo x - README
25: sed 's/^X//' >README << 'END-of-README'
26: X
1.7 ! beck 27: X So, you want to run an anoncvs server.
! 28: X
! 29: X A summary of the steps you'll need to do is:
! 30: X
! 31: X1) Find enough disk space to hold the anoncvs tree, and mount it in an
! 32: Xappropriate place.
! 33: X
! 34: X2) Compile and install anoncvssh, the shell used for the anoncvs user.
! 35: X ( If you aren't using OpenBSD you'll probably need to compile a sup
! 36: X client as well. The easier path is to use OpenBSD ;)
! 37: X
! 38: X3) Add the anoncvs user to the password file, with no password, and
! 39: Xanoncvssh as it's shell. Decide on a user that will run sup to maintain
! 40: Xthe archive (this is a different user, NOT the anoncvs user)
! 41: X
! 42: X4) Make a home directory for the anoncvs user. The anoncvs user's home
! 43: Xdirectory is a chroot jail in which the anoncvssh processes run when
! 44: Xservicing anoncvs requests. The jail must contain the cvs binary and
! 45: Xrelated programs (rcs, etc) as well as whatever shared libraries and
! 46: Xsupport files are needed to run them unless you compile and link
! 47: Xeverything staticly. This example shows what is needed for OpenBSD. If
! 48: Xyou use another platform you'll need to be familiar with what needs
! 49: Xto go in a chroot jail for your platform.
! 50: X
! 51: X5) Get permission to use sup to obtain the cvs tree from a server.
1.1 deraadt 52: X
1.7 ! beck 53: X6) Set up sup to retrieve the cvs tree from an appropriate place.
! 54: X (If you aren't using OpenBSD you will need to compile and install
! 55: X a sup client).
1.6 deraadt 56: X
1.7 ! beck 57: X7) Run sup to retrieve the distribution from the server
1.3 deraadt 58: X
1.7 ! beck 59: X8) Once you get the distribution in, set up a cron job to run sup
! 60: X periodically to keep your server up to date.
1.6 deraadt 61: X
1.7 ! beck 62: X**********************************************************************
! 63: XSTEP 1) find enough disk space.
! 64: X you need roughly 500MB.
! 65: X mount it on /open
! 66: X if you are not able to mount it as /open, substitute it's location
! 67: X throughout the rest of this description
1.6 deraadt 68: X
1.7 ! beck 69: X**********************************************************************
! 70: XSTEP 2) compile the anoncvssh binary
! 71: X in the Makefile, change the variable CVSROOT
! 72: X install the binary setuid-root in /open/anoncvssh.
1.1 deraadt 73: X
1.7 ! beck 74: X**********************************************************************
! 75: XSTEP 3) Create the anoncvs account. and decide who will run "sup"
! 76: Xto maintain the archive. The anoncvs account should *NOT* be the one
! 77: Xrunning sup to maintain the archive.
1.1 deraadt 78: X
1.7 ! beck 79: Xcreate an account:
! 80: X anoncvs::32766:32766:Anonymous CVS User:/open/anoncvs:/open/anoncvssh
! 81: Xyes, that is right. the account has no password.
1.4 deraadt 82: X
1.7 ! beck 83: Xdecide on who will run sup to maintain the archive. call that user $SUPUSER.
! 84: XOh, and in case it hasn't been previously mentioned, $SUPUSER should *NOT*
! 85: Xbe the anoncvs user :)
! 86: X
! 87: X**********************************************************************
! 88: XSTEP 4) Build the anoncvs user's home directory chroot jail. This example
! 89: Xassumes that you're using OpenBSD. If you're not you may need different
! 90: Xfiles in the chroot.
1.4 deraadt 91: X
1.1 deraadt 92: Xmkdir /open/anoncvs
93: Xmkdir /open/anoncvs/cvs
1.6 deraadt 94: Xmkdir /open/anoncvs/sup
95: Xchown -R $SUPUSER /open/anoncvs/cvs /open/anoncvs/sup /open/anoncvs
1.1 deraadt 96: X
1.7 ! beck 97: Xstart filling the account up with nice stuff. You are building a chroot
! 98: Xjail for anoncvs in /open/anoncvs.
! 99: X
1.1 deraadt 100: X cd /open/anoncvs
101: X touch .hushlogin
102: X touch .profile
103: X
104: Xput a message like the following in .plan:
1.6 deraadt 105: X To use anonymous CVS install the latest version of CVS on your local
106: X machine.
1.1 deraadt 107: X Then set your CVSROOT environment variable to the following value:
108: X anoncvs@anoncvs.openbsd.org:/cvs
109: X
110: X chown root.wheel .hushlogin .profile .plan
111: X
112: X mkdir bin dev tmp usr var etc
113: X cp /bin/{cat,pwd,rm,sh} bin/
114: X
115: Xusing mknod, make a dev/null that has the same major/minor numbers as
116: X your /dev/null, and make it mode 666.
117: X
118: Xsome shared library systems require a dev/zero created in the same way
119: X
120: Xfill etc space for the account
121: X cp /etc/{group,hosts,passwd,protocols} etc/
122: X cp /etc/{pwd.db,resolv.conf,services,ttys} etc/
123: X modify these files to suit your idea of system security
124: X
1.3 deraadt 125: Xanoncvssh (by setting the environment variable CVSREADONLYFS) uses an
126: Xtiny extension provided in the openbsd cvs server code which permits
127: Xthe use of read-only cvs repositories. therefore you MUST compile the
128: Xopenbsd version of cvs. luckily this is not a problem on a
129: Xnon-openbsd machine since the cvs sources are imported verbatim into
130: Xthe openbsd tree. they are in gnu/usr.bin/cvs. The sources are
131: Xintegrated such that Makefile.bsd-wrapper knows how to build the
132: Xsources on an OpenBSD machine, using obj directories.
1.1 deraadt 133: X
134: Xcreate tmp space for the account
135: X cd var; ln -s ../tmp tmp
136: X chmod a+rwx tmp
137: X
138: X mkdir usr/{bin,lib}
139: X cp /usr/bin/{ci,co,cvs,diff,diff3,gzip,rcs,rcsclean} usr/bin/
140: X cp /usr/bin/{rcsdiff,rcsfreeze,rcsmerge,rlog,sdiff,zdiff} usr/bin/
1.6 deraadt 141: X cp /usr/bin/grep usr/bin
1.1 deraadt 142: X
143: Xif your system has ld.so in /usr/libexec,
144: X mkdir usr/libexec
145: X cp /usr/libexec/ld.so usr/libexec/
146: X
147: Xif using shared libraries, copy the shared libs you might need:
148: X cp /usr/lib/lib*.so.* usr/lib/
149: X
150: Xas a final pass, make sure that all the files you have just created are
1.7 ! beck 151: Xnot world writable (except dev/null)
1.1 deraadt 152: X
1.7 ! beck 153: XFor :pserver: support (optional)
! 154: X - Create an entry in /etc/services
! 155: X cvspserver 2401/tcp # CVS client/server operations
! 156: X - Create an entry in /etc/inetd.conf
! 157: X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver
! 158: X
! 159: XSee the example layout below for full details.
! 160: X
! 161: X**********************************************************************
! 162: XSTEP 5): Get sup permission.
! 163: Xsend mail to sup@openbsd.org
! 164: X1) to have sup permissions granted on an appropriate machine for you
! 165: X to sup from.
1.3 deraadt 166: X2) to have an anoncvsN.COUNTRY.openbsd.org alias created
167: X3) to have your site mentioned in the http://www.openbsd.org page.
168: X
1.7 ! beck 169: X**********************************************************************
! 170: XSTEP 6): Configure sup
! 171: X
! 172: XIf you're running OpenBSD, you already have a sup client in
! 173: X/usr/bin/sup. If not you may need to build it. On an IRIX or other
! 174: XSYSV machine, ensure that your kernel does not allow a user to chown a
! 175: Xfile to another user (You may have heard of this particular brand of
! 176: Xevil referred to as "chown giveaway"). this will cause sup to give
! 177: Xaway the files to root before chmod'ing them
! 178: Xreadable. michaels@openbsd.org knows how to fix this.
! 179: X
! 180: XThe file /open/sup/ss contains a line that tells sup where to get the
! 181: Xcvs tree from. it can contain *one* of:
! 182: X
! 183: X cvs host=anoncvs1.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete
! 184: X cvs host=cvs.openbsd.org hostbase=/ base=/open/anoncvs delete
! 185: X
! 186: X You should ask which one to use when obtaining sup permission.
! 187: X
! 188: XThe file /open/sup/cvs/refuse tells sup what files it should not get.
! 189: XIt should contain the single line:
! 190: X
! 191: X cvs/CVSROOT/history
! 192: X
! 193: Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will
! 194: Xcause you problems.
! 195: X
! 196: X**********************************************************************
! 197: XSTEP 7): Run sup to retrieve the tree for the first time
! 198: X
! 199: XLog in as or become the $SUPUSER, and run
! 200: X
! 201: Xsup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog
! 202: X
! 203: XIf you have sup permission, and have specified the correct host and
! 204: Xhostbase in /open/anoncvs/sup/ss you should see a list of files start
! 205: Xcoming in after a short while. Don't panic if nothing happens
! 206: Ximmediately. Watch for errors (sup can timeout or die). If you can't
! 207: Xaccess files contact the sup server maintainer, If you get a timeout
! 208: Xor if sup dies you can restart and it should continue where it left off.
! 209: X
! 210: XIt can take a good while (and a couple of restarts) to obtain the
! 211: Xwhole tree for the first time.
! 212: X
! 213: X**********************************************************************
! 214: XSTEP 8): Set up cron to keep the tree up to date.
! 215: X
! 216: XYou run sup periodically from the cron by setting up the crontab file
! 217: Xof the $SUPUSER.
! 218: X
! 219: XFor example: To run every three hours 'sup -v supfile', and thrice
! 220: Xweekly 'sup -vo supfile' .. because sup is not reliable ..
! 221: X
! 222: X0 0,3,6,9,12,15,18,21 * * 0,2,4,5 sup -v /open/anoncvs/sup/ss > /dev/null
! 223: X0 0,12,15,18,21 * * 1,3,6 sup -v /open/anoncvs/sup/ss > /dev/null
! 224: X0 3 * * 1,3,6 sup -vo /open/anoncvs/sup/ss > /dev/null
! 225: X
! 226: Xanoncvs5.usa.openbsd.org uses this particular set of entries. A `sup
! 227: X-o' is done every few days because sup is not very robust.
! 228: X
! 229: X**********************************************************************
! 230: XEXAMPLE LAYOUT
! 231: X
! 232: XExample layout for OpenBSD. In this example "deraadt" is the $SUPUSER.
1.3 deraadt 233: X
234: X[eap open 5 ]> cd /open
235: X[eap open 6 ]> ls -alF
236: Xtotal 46
237: Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ./
238: Xdrwxr-xr-x 17 root wheel 512 Jun 14 14:05 ../
239: Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 anoncvs/
240: X---s--x--x 1 root bin 16384 Nov 30 1995 anoncvssh*
241: Xlrwxr-xr-x 1 root wheel 11 Jan 3 21:52 cvs@ -> anoncvs/cvs
242: Xdrwxr-xr-x 5 root wheel 512 Feb 22 13:22 ftp/
243: Xdrwxrwxrwt 2 anoncvs wheel 1024 Jan 1 13:18 lost+found/
244: Xdrwxr-xr-x 4 root wheel 512 Nov 30 1995 src/
245: Xdrwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 sup/
246: X[eap open 7 ]> cd anoncvs
247: X[eap anoncvs 8 ]> ls -alF
248: Xtotal 20
249: Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ./
250: Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
251: X-r--r--r-- 1 root wheel 0 Nov 30 1995 .hushlogin
252: X-r--r--r-- 1 root wheel 188 Nov 30 1995 .plan
253: X-r--r--r-- 1 root wheel 0 Nov 29 1995 .profile
254: Xdrwxrwxrwx 2 deraadt wheel 512 Nov 29 1995 bin/
255: Xdrwxrwxr-x 6 deraadt cvs 512 Jun 16 20:28 cvs/
256: Xdrwxr-xr-x 2 root wheel 512 Nov 30 1995 dev/
257: Xdrwxr-xr-x 2 root wheel 512 Nov 29 1995 etc/
258: Xdrwxrwxrwx 3 root wheel 512 Jun 22 07:42 tmp/
259: Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 usr/
260: Xdrwxr-xr-x 2 root wheel 512 Jan 3 21:55 var/
261: X[eap anoncvs 8 ]> ls -alFR bin usr tmp etc dev
262: Xbin:
263: Xtotal 948
264: Xdrwxrwxrwx 2 deraadt wheel 512 Nov 29 1995 ./
265: Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
266: X--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 cat*
267: X--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 pwd*
268: X--wx--x--x 1 deraadt wheel 122880 Jun 18 09:45 rm*
269: X--wx--x--x 1 deraadt wheel 262144 Jun 18 09:45 sh*
270: X
271: Xdev:
272: Xtotal 4
273: Xdrwxr-xr-x 2 root wheel 512 Nov 30 1995 ./
274: Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
275: Xcrw-rw-rw- 1 root wheel 2, 2 Nov 30 1995 null
276: X
277: Xetc:
278: Xtotal 112
279: Xdrwxr-xr-x 2 root wheel 512 Nov 29 1995 ./
280: Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
281: X-rw-r--r-- 1 root wheel 252 Nov 29 1995 group
282: X-rw-r--r-- 1 root wheel 296 Nov 29 1995 hosts
283: X-rw-r--r-- 1 root wheel 540 Nov 29 1995 passwd
284: X-rw-r--r-- 1 root wheel 1094 Nov 29 1995 protocols
285: X-rw-r--r-- 1 root wheel 40960 Nov 29 1995 pwd.db
286: X-rw-r--r-- 1 root wheel 89 Nov 29 1995 resolv.conf
287: X-rw-r--r-- 1 root wheel 5529 Nov 29 1995 services
288: X-rw-r--r-- 1 root wheel 1361 Nov 29 1995 ttys
289: X
290: Xusr:
291: Xtotal 10
292: Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ./
293: Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
294: Xdrwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 bin/
295: Xdrwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 lib/
296: Xdrwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 libexec/
297: X
298: Xusr/bin:
299: Xtotal 1968
300: Xdrwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 ./
301: Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
302: X--wx--x--x 1 deraadt wheel 73728 Jun 18 09:46 ci*
303: X--wx--x--x 1 deraadt wheel 73728 Jun 18 09:46 co*
304: X--wx--x--x 1 deraadt wheel 317787 Jun 18 09:46 cvs*
305: X--wx--x--x 1 deraadt wheel 73728 Jun 18 09:46 diff*
306: X--wx--x--x 1 deraadt wheel 24576 Jun 18 09:46 diff3*
307: X--wx--x--x 1 deraadt wheel 90112 Jun 18 09:46 gzip*
308: X--wx--x--x 1 deraadt wheel 73728 Jun 18 09:46 rcs*
309: X--wx--x--x 1 deraadt wheel 65536 Jun 18 09:46 rcsclean*
310: X--wx--x--x 1 deraadt wheel 57344 Jun 18 09:46 rcsdiff*
311: X--wx--x--x 1 deraadt wheel 3228 Jun 18 09:46 rcsfreeze*
312: X--wx--x--x 1 deraadt wheel 57344 Jun 18 09:46 rcsmerge*
313: X--wx--x--x 1 deraadt wheel 57344 Jun 18 09:46 rlog*
314: X--wx--x--x 1 deraadt wheel 24576 Jun 18 09:46 sdiff*
315: X--wx--x--x 1 deraadt wheel 2006 Jun 18 09:46 zdiff*
316: X
317: Xusr/lib:
318: Xtotal 5594
319: Xdrwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 ./
320: Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
321: X-rw-r--r-- 1 deraadt wheel 16665 Jun 18 09:50 libacl.so.4.0
322: X-rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libc.so.12.3
323: X-rw-r--r-- 1 deraadt wheel 377359 Jun 18 09:50 libc.so.12.6
324: X-rw-r--r-- 1 deraadt wheel 16608 Jun 18 09:50 libcrypt.so.0.0
325: X-rw-r--r-- 1 deraadt wheel 16465 Jun 18 09:50 libcrypt.so.1.0
326: X-rw-r--r-- 1 deraadt wheel 44424 Jun 18 09:50 libcurses.so.2.1
327: X-rw-r--r-- 1 deraadt wheel 86198 Jun 18 09:50 libcurses.so.3.0
328: X-rw-r--r-- 1 deraadt wheel 42254 Jun 18 09:50 libdes.so.4.1
329: X-rw-r--r-- 1 deraadt wheel 66099 Jun 18 09:50 libedit.so.0.0
330: X-rw-r--r-- 1 deraadt wheel 43131 Jun 18 09:50 libform.so.0.0
331: X-rw-r--r-- 1 deraadt wheel 387976 Jun 18 09:50 libg++.so.2.0
332: X-rw-r--r-- 1 deraadt wheel 305738 Jun 18 09:50 libg++.so.27.1
333: X-rw-r--r-- 1 deraadt wheel 25544 Jun 18 09:50 libgnumalloc.so.0.0
334: X-rw-r--r-- 1 deraadt wheel 42696 Jun 18 09:50 libiberty.so.0.0
335: X-rw-r--r-- 1 deraadt wheel 25282 Jun 18 09:50 libkadm.so.4.0
336: X-rw-r--r-- 1 deraadt wheel 16610 Jun 18 09:50 libkafs.so.4.0
337: X-rw-r--r-- 1 deraadt wheel 25539 Jun 18 09:50 libkdb.so.4.0
338: X-rw-r--r-- 1 deraadt wheel 59943 Jun 18 09:50 libkrb.so.4.0
339: X-rw-r--r-- 1 deraadt wheel 25328 Jun 18 09:50 libkvm.so.4.0
340: X-rw-r--r-- 1 deraadt wheel 102104 Jun 18 09:50 libm.so.0.1
341: X-rw-r--r-- 1 deraadt wheel 26540 Jun 18 09:50 libmenu.so.0.0
342: X-rw-r--r-- 1 deraadt wheel 44424 Jun 18 09:50 libocurses.so.2.1
343: X-rw-r--r-- 1 deraadt wheel 16881 Jun 18 09:50 libpanel.so.0.0
344: X-rw-r--r-- 1 deraadt wheel 60222 Jun 18 09:50 libpcap.so.0.0
345: X-rw-r--r-- 1 deraadt wheel 25060 Jun 18 09:50 libresolv.so.1.0
346: X-rw-r--r-- 1 deraadt wheel 16465 Jun 18 09:50 libresolv.so.2.0
347: X-rw-r--r-- 1 deraadt wheel 33538 Jun 18 09:50 libskey.so.0.0
348: X-rw-r--r-- 1 deraadt wheel 25764 Jun 18 09:50 libss.so.4.0
349: X-rw-r--r-- 1 deraadt wheel 277954 Jun 18 09:50 libstdc++.so.27.1
350: X-rw-r--r-- 1 deraadt wheel 16835 Jun 18 09:50 libtelnet.so.1.0
351: X-rw-r--r-- 1 deraadt wheel 16691 Jun 18 09:50 libtermcap.so.0.0
352: X-rw-r--r-- 1 deraadt wheel 16691 Jun 18 09:50 libtermlib.so.0.0
353: X-rw-r--r-- 1 deraadt wheel 75039 Jun 18 09:50 libtermlib.so.1.0
354: X-rw-r--r-- 1 deraadt wheel 16625 Jun 18 09:50 libutil.so.3.1
355: X-rw-r--r-- 1 deraadt wheel 25628 Jun 18 09:50 libutil.so.3.2
356: X
357: Xusr/libexec:
358: Xtotal 100
359: Xdrwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 ./
360: Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
361: X-rwxr-xr-x 1 deraadt wheel 49152 Jun 18 09:47 ld.so*
362: X
363: X[eap anoncvs 14 ]> ls cvs
364: XCVSROOT/ src/ sup/ www/
1.6 deraadt 365: X[eap anoncvs 15 ]> cd /open
1.3 deraadt 366: X[eap anoncvs 16 ]> ls -alF sup
367: Xtotal 8
368: Xdrwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 ./
369: Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
370: Xdrwxr-xr-x 2 deraadt wheel 512 Jun 22 06:05 cvs/
371: X-rw-rw-r-- 1 deraadt wheel 54 Dec 4 1995 ss
372: X
373: X
1.7 ! beck 374: X***************************************************************
! 375: XNOTES FOR OTHER PLATFORMS:
! 376: X
! 377: XIf you're not that familiar with your other platform (i.e. you haven't
! 378: Xbuilt a chroot jail for a server on it) You may be better off
! 379: Xfinding an OpenBSD machine to use. (and duplicating the example above)
! 380: X
! 381: X**SunOS 5)
! 382: XBob Beck <beck@panopticon.ucs.ualberta.ca> has done this. E-mail for
! 383: Xhelp if you need it.
1.6 deraadt 384: X
1.7 ! beck 385: X**OSF 1)
1.6 deraadt 386: XFrom Todd Fries <toddf@acm.org> to the adventurous.
387: XA note for those installing anoncvs on non-OpenBSD operating systems.
388: XYou are in for some fun.
389: X
390: XFor OSF1, on a DEC alpha, I had to do the following in addition to the
391: Xabove:
392: X
393: X- I do not know how to setup dynamic libraries on osf1 and as a result
394: X everything had to be compiled statically.
395: X- Therefore, everything but /bin/sh I had to recmpile in order to
396: X get the chroot setup. In order that there be no guesswork
397: X involved, the following packages' binaries must exist in the chroot
398: X environment:
399: X
400: X GNU
401: X cvs (from the OpenBSD source tree)
402: X diff[utils] (unless you're running *BSD, probably better get it from a gnu
403: X mirror...the Makefile doesn't work otherwise)
404: X rcs (from the OpenBSD source tree)
405: X
406: XSome notes on compiling.
407: X
408: X rcs must have diff3 capable of diff3 -m during configure.
409: X OSF doesn't by default, thus I had to compile diffutils first.
410: X
411: X cvs fails to install if you don't have makeinfo ... just search for the
412: X string ' install-info$' with regex and remove it from the Makefile for the
413: X install and you'll be fine, or install 'texinfo', your choice.
1.1 deraadt 414: END-of-README
415: echo x - anoncvssh.c
416: sed 's/^X//' >anoncvssh.c << 'END-of-anoncvssh.c'
417: X/*
418: X * anoncvssh
419: X */
420: X
1.4 deraadt 421: X#include <stdio.h>
422: X#include <stdlib.h>
423: X#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__)
424: X#include <paths.h>
425: X#endif
426: X#include <pwd.h>
427: X#include <unistd.h>
428: X#include <sys/types.h>
429: X
430: X#ifndef __CONCAT
431: X#if defined(__STDC__) || defined(__cplusplus)
432: X#define __CONCAT(x,y) x ## y
433: X#else
434: X#define __CONCAT(x,y) x/**/y
435: X#endif
436: X#endif
437: X
438: X#ifndef __CONCAT3
439: X#if defined(__STDC__) || defined(__cplusplus)
440: X#define __CONCAT3(x,y,z) x ## y ## z
441: X#else
442: X#define __CONCAT3(x,y,z) x/**/y/**/z
443: X#endif
444: X#endif
445: X
446: X#ifndef __P
447: X#if defined(__STDC__) || defined(__cplusplus)
448: X#define __P(protos) protos /* full-blown ANSI C */
449: X#else
450: X#define __P(protos) () /* traditional C preprocessor */
451: X#endif
452: X#endif
453: X
454: X/*
455: X * You may need to change this path to ensure that RCS, CVS and diff
456: X * can be found
457: X */
458: X#ifndef _PATH_DEFPATH
459: X#define _PATH_DEFPATH "/bin:/usr/bin"
460: X#endif
461: X
462: X/*
463: X * This should not normally have to be changed
464: X */
465: X#ifndef _PATH_BSHELL
466: X#define _PATH_BSHELL "/bin/sh"
467: X#endif
468: X
469: X/*
470: X * Location of CVS tree, relative to the anonymous CVS user's
471: X * home directory
472: X */
473: X#ifndef LOCALROOT
474: X#define LOCALROOT "/cvs"
475: X#endif
476: X
477: X/*
478: X * Account and host name to be used when accessing the
479: X * CVS repository remotely
480: X */
481: X#ifndef HOSTNAME
482: X#define HOSTNAME "anoncvs@anoncvs1.usa.openbsd.org"
483: X#endif
484: X
485: X/*
486: X * $CVSROOT is created based on HOSTNAME and LOCALROOT above
487: X */
1.1 deraadt 488: X#ifndef CVSROOT
1.4 deraadt 489: X#define CVSROOT __CONCAT3(HOSTNAME,":",LOCALROOT)
1.1 deraadt 490: X#endif
491: X
1.4 deraadt 492: Xint main __P((int, char *[]));
493: X
494: Xchar * const env[] = {
495: X __CONCAT("PATH=",_PATH_DEFPATH),
496: X __CONCAT("SHELL=",_PATH_BSHELL),
497: X __CONCAT("CVSROOT=",LOCALROOT),
498: X "HOME=/",
499: X "CVSREADONLYFS=1",
500: X NULL
501: X};
1.1 deraadt 502: X
503: Xint
504: Xmain(argc, argv)
505: Xint argc;
506: Xchar *argv[];
507: X{
508: X struct passwd *pw;
1.5 deraadt 509: X#ifdef DEBUG
510: X int i;
511: X#endif /* DEBUG */
1.1 deraadt 512: X
513: X pw = getpwuid(getuid());
514: X if (pw == NULL) {
515: X fprintf(stderr, "no user for uid %d\n", getuid());
516: X exit(1);
517: X }
518: X if (pw->pw_dir == NULL) {
519: X fprintf(stderr, "no directory\n");
520: X exit(1);
521: X }
522: X seteuid(0);
523: X if (chroot(pw->pw_dir) == -1) {
524: X perror("chroot");
525: X exit (1);
526: X }
527: X chdir("/");
1.4 deraadt 528: X setuid(getuid());
1.1 deraadt 529: X
530: X /*
531: X * program now "safe"
532: X */
1.6 deraadt 533: X
534: X /* If we want pserver functionality */
535: X if (strcmp("pserver", argv[1])) {
536: X execle("/usr/bin/cvs", "cvs", "pserver", NULL, env);
537: X perror("execle: cvs");
538: X fprintf(stderr, "unable to exec CVS pserver!\n");
539: X exit(1);
540: X /* NOTREACHED */
541: X }
1.1 deraadt 542: X
543: X if (argc != 3 ||
544: X strcmp("anoncvssh", argv[0]) != 0 ||
545: X strcmp("-c", argv[1]) != 0 ||
1.5 deraadt 546: X (strcmp("cvs server", argv[2]) != 0 &&
547: X strcmp(__CONCAT3("cvs -d ",LOCALROOT," server"), argv[2]) != 0)) {
1.1 deraadt 548: X
549: X fprintf(stderr, "\nTo use anonymous CVS install the latest ");
550: X fprintf(stderr,"version of CVS on your local machine.\n");
551: X fprintf(stderr,"Then set your CVSROOT environment variable ");
552: X fprintf(stderr,"to the following value:\n");
553: X fprintf(stderr,"\t%s\n\n", CVSROOT);
1.5 deraadt 554: X#ifdef DEBUG
555: X fprintf(stderr, "argc = %d\n", argc);
556: X for (i = 0 ; i < argc ; i++)
557: X fprintf(stderr, "argv[%d] = \"%s\"\n", i, argv[i]);
558: X#endif /* DEBUG */
1.1 deraadt 559: X sleep(10);
560: X exit(0);
561: X }
562: X
1.4 deraadt 563: X execle("/usr/bin/cvs", "cvs", "server", NULL, env);
564: X perror("execle: cvs");
1.1 deraadt 565: X fprintf(stderr, "unable to exec CVS server!\n");
566: X exit(1);
1.5 deraadt 567: X /* NOTREACHED */
1.1 deraadt 568: X}
569: X
570: END-of-anoncvssh.c
571: exit
572: