aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2003-06-08 05:09:07 +0000
committerDimitri Sokolyuk <demon@dim13.org>2003-06-08 05:09:07 +0000
commita59ad5c2114d7f6e01a4a6c5fafb007ae7f8e4a1 (patch)
tree5452ca7de20a0fcb969429779de3a304c985c3be
anonymous CVS server from OpenBSD
-rw-r--r--anoncvs.shar634
1 files changed, 634 insertions, 0 deletions
diff --git a/anoncvs.shar b/anoncvs.shar
new file mode 100644
index 0000000..d7fb7a0
--- /dev/null
+++ b/anoncvs.shar
@@ -0,0 +1,634 @@
+# This is a shell archive. Save it in a file, remove anything before
+# this line, and then unpack it by entering "sh file". Note, it may
+# create directories; files and directories will be owned by you and
+# have default permissions.
+#
+# This archive contains:
+#
+# Makefile
+# README
+# anoncvssh.c
+#
+echo x - Makefile
+sed 's/^X//' >Makefile << 'END-of-Makefile'
+X#CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs
+XPROG= anoncvssh
+XBINOWN= root
+XBINMODE=4111
+XBINDIR=/open
+XNOMAN=
+X
+X.include <bsd.prog.mk>
+X
+END-of-Makefile
+echo x - README
+sed 's/^X//' >README << 'END-of-README'
+X
+X So, you want to run an anoncvs server.
+X
+X A summary of the steps you'll need to do is:
+X
+X1) Find enough disk space to hold the anoncvs tree, and mount it in an
+X appropriate place.
+X
+X2) Compile and install anoncvssh, the shell used for the anoncvs user.
+X ( If you aren't using OpenBSD you'll probably need to compile a sup
+X client as well. The easier path is to use OpenBSD ;)
+X
+X3) Add the anoncvs user to the password file, with no password, and
+X anoncvssh as it's shell. Decide on a user that will run sup to maintain
+X the archive (this is a different user, NOT the anoncvs user)
+X
+X4) Make a home directory for the anoncvs user. The anoncvs user's
+X home directory is a chroot jail in which the anoncvssh processes
+X run when servicing anoncvs requests. The jail must contain the
+X cvs binary as well as whatever shared libraries and support files
+X are needed to run them unless you compile and link everything
+X staticly. This example shows what is needed for OpenBSD. If you
+X use another platform you'll need to be familiar with what needs
+X to go in a chroot jail for your platform.
+X
+X5) Get permission to use sup to obtain the cvs tree from a server.
+X
+X6) Set up sup to retrieve the cvs tree from an appropriate place.
+X (If you aren't using OpenBSD you will need to compile and install
+X a sup client).
+X
+X7) Run sup to retrieve the distribution from the server
+X
+X8) Once you get the distribution in, set up a cron job to run sup
+X periodically to keep your server up to date.
+X
+X**********************************************************************
+XSTEP 1) find enough disk space.
+X You need roughly 1.6GB.
+X Mount it on /open.
+X If you are not able to mount it as /open, substitute it's location
+X throughout the rest of this description.
+X
+X**********************************************************************
+XSTEP 2) compile the anoncvssh binary
+X In the Makefile, change the variable CVSROOT
+X Install the binary setuid-root in /open/anoncvssh.
+X
+X**********************************************************************
+XSTEP 3) Create the anoncvs account. and decide who will run "sup"
+X to maintain the archive. The anoncvs account should *NOT* be the one
+X running sup to maintain the archive.
+X
+Xcreate an account similar to:
+X
+X anoncvs::32766:32766:Anonymous CVS User:/open/anoncvs:/open/anoncvssh
+X
+XYes, that is right. the account has no password. Be sure that the
+Xuid and gid are unique for your system, if the ones above aren't,
+Xpick different values.
+X
+XDecide who will run sup to maintain the archive. call that user
+X$SUPUSER. Oh, and in case it hasn't been previously mentioned,
+X$SUPUSER should *NOT* be the anoncvs user :)
+X
+X**********************************************************************
+XSTEP 4) Build the anoncvs user's home directory chroot jail. This
+X example assumes that you're using OpenBSD. If you're not you
+X may need different files in the chroot.
+X
+Xmkdir /open/anoncvs
+Xmkdir /open/anoncvs/cvs
+Xmkdir /open/anoncvs/sup
+Xchown -R $SUPUSER /open/anoncvs/cvs /open/anoncvs/sup /open/anoncvs
+X
+XStart filling the account up with nice stuff. You are building a chroot
+Xjail for anoncvs in /open/anoncvs.
+X
+X cd /open/anoncvs
+X touch .hushlogin
+X touch .profile
+X
+XPut a message like the following in .plan:
+X To use anonymous CVS install the latest version of CVS on your local
+X machine.
+X Then set your CVSROOT environment variable to the following value:
+X anoncvs@anoncvs.openbsd.org:/cvs
+X
+X chown root:wheel .hushlogin .profile .plan
+X
+X mkdir bin dev tmp usr var etc
+X cp /bin/{cat,pwd,rm,sh} bin/
+X
+XUsing mknod, make a dev/null that has the same major/minor numbers as
+X your /dev/null, and make it mode 666.
+X
+XSome shared library systems require a dev/zero created in the same way
+X
+XFill etc space for the account
+X cp /etc/{group,hosts,passwd,protocols} etc/
+X cp /etc/{pwd.db,resolv.conf,services,ttys} etc/
+X modify these files to suit your idea of system security
+X
+Xanoncvssh (by setting the environment variable CVSREADONLYFS) uses
+Xan tiny extension provided in the openbsd cvs server code which
+Xpermits the use of read-only cvs repositories. therefore you MUST
+Xcompile the openbsd version of cvs. luckily this is not a problem
+Xon a non-openbsd machine since the cvs sources are imported verbatim
+Xinto the openbsd tree. they are in gnu/usr.bin/cvs. The sources
+Xare integrated such that Makefile.bsd-wrapper knows how to build
+Xthe sources on an OpenBSD machine, using obj directories.
+X
+XCreate tmp space for the account
+X # cd var; ln -s ../tmp tmp
+X # chmod a+rwx tmp
+X
+X # mkdir usr/{bin,lib}
+X # cp /usr/bin/cvs usr/bin/
+X
+XIf your system has ld.so in /usr/libexec,
+X # mkdir usr/libexec
+X # cp /usr/libexec/ld.so usr/libexec/
+X
+XIf using shared libraries, use ldd to find out which shared libs you need:
+X # ldd /usr/bin/cvs
+X /usr/bin/cvs:
+X -lz.1 => /usr/lib/libz.so.1.4 (0x40097000)
+X -lgssapi.1 => /usr/lib/libgssapi.so.1.0 (0x400a4000)
+X -lkrb.10 => /usr/lib/libkrb.so.10.0 (0x400ae000)
+X -lkrb5.4 => /usr/lib/libkrb5.so.4.0 (0x400c8000)
+X -lasn1.2 => /usr/lib/libasn1.so.2.0 (0x400ff000)
+X -lcrypto.6 => /usr/lib/libcrypto.so.6.0 (0x4011d000)
+X -ldes.7 => /usr/lib/libdes.so.7.0 (0x40203000)
+X -lkafs.10 => /usr/lib/libkafs.so.10.0 (0x4020d000)
+X -lc.28 => /usr/lib/libc.so.28.5 (0x40210000)
+X
+X and then copy the required libraries to usr/lib/
+X
+XAs a final pass, make sure that all the files you have just created are
+Xnot world writable (except dev/null).
+X
+XFor :pserver: support (optional)
+X - Create an entry in /etc/services
+X cvspserver 2401/tcp # CVS client/server operations
+X - Create an entry in /etc/inetd.conf
+X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver
+X - Create a file /open/anoncvs/cvs/CVSROOT/passwd with the following entry
+X anoncvs:AHDysQkJIubEc
+X which would be a password of "anoncvs" (as per anoncvs.html)
+X - Create a file /open/anoncvs/cvs/CVSROOT/readers with a single entry:
+X anoncvs
+X which tells cvs that user "anoncvs" is allowed readonly access.
+X - Create a zero-length file /open/anoncvs/cvs/CVSROOT/writers since you don't
+X want anyone to be able to write to the mirror.
+X % cp /dev/null /open/anoncvs/cvs/CVSROOT/writers
+X
+XSee the example layout below for full details.
+X
+X**********************************************************************
+XSTEP 5): Get sup permission.
+Xsend mail to sup@openbsd.org
+X1) to have sup permissions granted on an appropriate machine for you
+X to sup from. We will need to know your host's real hostname and
+X IP address.
+X2) to have an anoncvsN.COUNTRY.openbsd.org alias created
+X3) to have your site mentioned in the http://www.openbsd.org page.
+X
+X**********************************************************************
+XSTEP 6): Configure sup
+X
+XIf you're running OpenBSD, you already have a sup client in
+X/usr/bin/sup. If not you may need to build it. On an IRIX or other
+XSYSV machine, ensure that your kernel does not allow a user to chown
+Xa file to another user (You may have heard of this particular brand
+Xof evil referred to as "chown giveaway"). this will cause sup to
+Xgive away the files to root before chmod'ing them readable.
+Xmichaels@openbsd.org knows how to fix this.
+X
+XThe file /open/anoncvs/sup/ss contains a line that tells sup where
+Xto get the cvs tree from. it will normally contain:
+X
+X cvs host=anoncvs.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete
+X
+XThe file /open/anoncvs/sup/cvs/refuse tells sup what files it should not get.
+XIt should contain the following lines:
+X
+X cvs/CVSROOT/history
+X cvs/CVSROOT/readers
+X cvs/CVSROOT/writers
+X cvs/CVSROOT/passwd
+X
+Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will
+Xcause you problems.
+X
+X**********************************************************************
+XSTEP 7): Run sup to retrieve the tree for the first time
+X
+XLog in as or become the $SUPUSER, and run
+X
+Xsup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog
+X
+XIf you have sup permission, and have specified the correct host and
+Xhostbase in /open/anoncvs/sup/ss you should see a list of files start
+Xcoming in after a short while. Don't panic if nothing happens
+Ximmediately. Watch for errors (sup can timeout or die). If you can't
+Xaccess files contact the sup server maintainer, If you get a timeout
+Xor if sup dies you can restart and it should continue where it left off.
+X
+XIt can take a good while (and a couple of restarts) to obtain the
+Xwhole tree for the first time.
+X
+X**********************************************************************
+XSTEP 8): Set up cron to keep the tree up to date.
+X
+XYou run sup periodically from the cron by setting up the crontab file
+Xof the $SUPUSER.
+X
+XFor example: To run every three hours 'sup -v supfile', and thrice
+Xweekly 'sup -vo supfile' .. because sup is not reliable ..
+X
+X0 0,3,6,9,12,15,18,21 * * 0,2,4,5 sup -v /open/anoncvs/sup/ss > /dev/null
+X0 0,12,15,18,21 * * 1,3,6 sup -v /open/anoncvs/sup/ss > /dev/null
+X0 3 * * 1,3,6 sup -vo /open/anoncvs/sup/ss > /dev/null
+X
+Xanoncvs5.usa.openbsd.org uses this particular set of entries. A `sup
+X-o' is done every few days because sup is not very robust.
+X
+X**********************************************************************
+XEXAMPLE LAYOUT
+X
+XExample layout for OpenBSD. In this example "deraadt" is the $SUPUSER.
+X
+X[eap open 5 ]> cd /open
+X[eap open 6 ]> ls -alF
+Xtotal 46
+Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ./
+Xdrwxr-xr-x 17 root wheel 512 Jun 14 14:05 ../
+Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 anoncvs/
+X---s--x--x 1 root bin 16384 Nov 30 1995 anoncvssh*
+Xlrwxr-xr-x 1 root wheel 11 Jan 3 21:52 cvs@ -> anoncvs/cvs
+Xdrwxr-xr-x 5 root wheel 512 Feb 22 13:22 ftp/
+Xdrwxrwxrwt 2 anoncvs wheel 1024 Jan 1 13:18 lost+found/
+Xdrwxr-xr-x 4 root wheel 512 Nov 30 1995 src/
+Xdrwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 sup/
+X[eap open 7 ]> cd anoncvs
+X[eap anoncvs 8 ]> ls -alF
+Xtotal 20
+Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ./
+Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
+X-r--r--r-- 1 root wheel 0 Nov 30 1995 .hushlogin
+X-r--r--r-- 1 root wheel 188 Nov 30 1995 .plan
+X-r--r--r-- 1 root wheel 0 Nov 29 1995 .profile
+Xdrwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 bin/
+Xdrwxrwxr-x 6 deraadt cvs 512 Jun 16 20:28 cvs/
+Xdrwxr-xr-x 2 root wheel 512 Nov 30 1995 dev/
+Xdrwxr-xr-x 2 root wheel 512 Nov 29 1995 etc/
+Xdrwxrwxrwx 3 root wheel 512 Jun 22 07:42 tmp/
+Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 usr/
+Xdrwxr-xr-x 2 root wheel 512 Jan 3 21:55 var/
+X[eap anoncvs 8 ]> ls -alFR bin usr tmp etc dev
+Xbin:
+Xtotal 948
+Xdrwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 ./
+Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+X--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 cat*
+X--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 pwd*
+X--wx--x--x 1 deraadt wheel 122880 Jun 18 09:45 rm*
+X--wx--x--x 1 deraadt wheel 262144 Jun 18 09:45 sh*
+X
+Xdev:
+Xtotal 4
+Xdrwxr-xr-x 2 root wheel 512 Nov 30 1995 ./
+Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+Xcrw-rw-rw- 1 root wheel 2, 2 Nov 30 1995 null
+X
+Xetc:
+Xtotal 112
+Xdrwxr-xr-x 2 root wheel 512 Nov 29 1995 ./
+Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+X-rw-r--r-- 1 root wheel 252 Nov 29 1995 group
+X-rw-r--r-- 1 root wheel 296 Nov 29 1995 hosts
+X-rw-r--r-- 1 root wheel 540 Nov 29 1995 passwd
+X-rw-r--r-- 1 root wheel 1094 Nov 29 1995 protocols
+X-rw-r--r-- 1 root wheel 40960 Nov 29 1995 pwd.db
+X-rw-r--r-- 1 root wheel 89 Nov 29 1995 resolv.conf
+X-rw-r--r-- 1 root wheel 5529 Nov 29 1995 services
+X-rw-r--r-- 1 root wheel 1361 Nov 29 1995 ttys
+X
+Xusr:
+Xtotal 10
+Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ./
+Xdrwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+Xdrwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 bin/
+Xdrwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 lib/
+Xdrwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 libexec/
+X
+Xusr/bin:
+Xtotal 1968
+Xdrwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 ./
+Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
+X--wx--x--x 1 deraadt wheel 317787 Jun 18 09:46 cvs*
+X
+Xusr/lib:
+Xtotal 5594
+Xdrwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 ./
+Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
+X-rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libasn1.so.2.0
+X-rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libc.so.28.5
+X-rw-r--r-- 1 deraadt wheel 16608 Jun 18 09:50 libcrypto.so.6.0
+X-rw-r--r-- 1 deraadt wheel 44424 Jun 18 09:50 libdes.so.7.0
+X-rw-r--r-- 1 deraadt wheel 16665 Jun 18 09:50 libgssapi.so.1.0
+X-rw-r--r-- 1 deraadt wheel 86198 Jun 18 09:50 libkafs.so.10.0
+X-rw-r--r-- 1 deraadt wheel 42254 Jun 18 09:50 libkrb.so.10.0
+X-rw-r--r-- 1 deraadt wheel 66099 Jun 18 09:50 libkrb5.so.4.0
+X-rw-r--r-- 1 deraadt wheel 387976 Jun 18 09:50 libz.so.1.4
+X
+Xusr/libexec:
+Xtotal 100
+Xdrwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 ./
+Xdrwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
+X-rwxr-xr-x 1 deraadt wheel 49152 Jun 18 09:47 ld.so*
+X
+X[eap anoncvs 14 ]> ls cvs
+XCVSROOT/ src/ sup/ www/
+X[eap anoncvs 15 ]> cd /open
+X[eap anoncvs 16 ]> ls -alF sup
+Xtotal 8
+Xdrwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 ./
+Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
+Xdrwxr-xr-x 2 deraadt wheel 512 Jun 22 06:05 cvs/
+X-rw-rw-r-- 1 deraadt wheel 54 Dec 4 1995 ss
+X
+X
+X***************************************************************
+XNOTES FOR OTHER PLATFORMS:
+X
+XIf you're not that familiar with your other platform (i.e. you haven't
+Xbuilt a chroot jail for a server on it) you may be better off
+Xfinding an OpenBSD machine to use. (and duplicating the example above)
+X
+X**SunOS 5)
+XBob Beck <Bob.Beck@ualberta.ca> has done this. E-mail for
+Xhelp if you need it.
+X
+X**OSF 1)
+XFrom Todd Fries <toddf@acm.org> to the adventurous.
+XA note for those installing anoncvs on non-OpenBSD operating systems.
+XYou are in for some fun.
+X
+XFor OSF1, on a DEC alpha, I had to do the following in addition to the
+Xabove:
+X
+X- I do not know how to setup dynamic libraries on osf1 and as a result
+X everything had to be compiled statically.
+X- Therefore, everything but /bin/sh I had to recmpile in order to
+X get the chroot setup. In order that there be no guesswork
+X involved, the following packages' binaries must exist in the chroot
+X environment:
+X
+X GNU
+X cvs (from the OpenBSD source tree)
+X
+XSome notes on compiling.
+X
+X cvs fails to install if you don't have makeinfo ... just search for the
+X string ' install-info$' with regex and remove it from the Makefile for the
+X install and you'll be fine, or install 'texinfo', your choice.
+END-of-README
+echo x - anoncvssh.c
+sed 's/^X//' >anoncvssh.c << 'END-of-anoncvssh.c'
+X/*
+X * anoncvssh
+X */
+X
+X#include <stdio.h>
+X#include <stdlib.h>
+X#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__)
+X#include <paths.h>
+X#endif
+X#include <pwd.h>
+X#include <unistd.h>
+X#include <sys/types.h>
+X
+X#ifndef __CONCAT
+X#if defined(__STDC__) || defined(__cplusplus)
+X#define __CONCAT(x,y) x ## y
+X#else
+X#define __CONCAT(x,y) x/**/y
+X#endif
+X#endif
+X
+X#ifndef __CONCAT3
+X#if defined(__STDC__) || defined(__cplusplus)
+X#define __CONCAT3(x,y,z) x ## y ## z
+X#else
+X#define __CONCAT3(x,y,z) x/**/y/**/z
+X#endif
+X#endif
+X
+X#ifndef __P
+X#if defined(__STDC__) || defined(__cplusplus)
+X#define __P(protos) protos /* full-blown ANSI C */
+X#else
+X#define __P(protos) () /* traditional C preprocessor */
+X#endif
+X#endif
+X
+X/*
+X * You may need to change this path to ensure that RCS, CVS and diff
+X * can be found
+X */
+X#ifndef _PATH_DEFPATH
+X#define _PATH_DEFPATH "/bin:/usr/bin"
+X#endif
+X
+X/*
+X * This should not normally have to be changed
+X */
+X#ifndef _PATH_BSHELL
+X#define _PATH_BSHELL "/bin/sh"
+X#endif
+X
+X/*
+X * Location of CVS tree, relative to the anonymous CVS user's
+X * home directory
+X */
+X#ifndef LOCALROOT
+X#define LOCALROOT "/cvs"
+X#endif
+X
+X/*
+X * Account and host name to be used when accessing the
+X * CVS repository remotely
+X */
+X#ifndef HOSTNAME
+X#define HOSTNAME "anoncvs@anoncvs1.usa.openbsd.org"
+X#endif
+X
+X/*
+X * $CVSROOT is created based on HOSTNAME and LOCALROOT above
+X */
+X#ifndef CVSROOT
+X#define CVSROOT __CONCAT3(HOSTNAME,":",LOCALROOT)
+X#endif
+X
+X/*
+X * We define PSERVER_SUPPORT to allow anoncvssh to spawn a "cvs pserver".
+X * You may undefine this if you aren't going to be running pserver.
+X */
+X#ifndef PSERVER_SUPPORT
+X#define PSERVER_SUPPORT
+X#endif
+X
+X/*
+X * Define USE_SYSLOG if you want anoncvssh to log pserver connections
+X * using syslog()
+X */
+X#define USE_SYSLOG
+X
+X#ifdef USE_SYSLOG
+X#include <string.h>
+X#include <syslog.h>
+X#include <netinet/in.h>
+X#include <sys/socket.h>
+X#include <arpa/inet.h>
+X#define LOG_FACILITY LOG_DAEMON
+X#define LOG_PRIO LOG_INFO
+X#endif
+X
+X/* Define ANONCVS_USER if you want anoncvssh to complain if invoked by
+X * anyone other than root or ANONCVS_USER.
+X */
+X/* #define ANONCVS_USER "anoncvs" */
+X
+Xint main __P((int, char *[]));
+X
+Xchar * const env[] = {
+X __CONCAT("PATH=",_PATH_DEFPATH),
+X __CONCAT("SHELL=",_PATH_BSHELL),
+X __CONCAT("CVSROOT=",LOCALROOT),
+X "HOME=/",
+X "CVSREADONLYFS=1",
+X NULL
+X};
+X
+Xint
+Xmain(argc, argv)
+Xint argc;
+Xchar *argv[];
+X{
+X struct passwd *pw;
+X#ifdef DEBUG
+X int i;
+X#endif /* DEBUG */
+X
+X pw = getpwuid(getuid());
+X if (pw == NULL) {
+X fprintf(stderr, "no user for uid %d\n", getuid());
+X exit(1);
+X }
+X if (pw->pw_dir == NULL) {
+X fprintf(stderr, "no directory\n");
+X exit(1);
+X }
+X
+X#ifdef USE_SYSLOG
+X openlog("anoncvssh", LOG_PID | LOG_NDELAY, LOG_FACILITY);
+X#endif /* USE_SYSLOG */
+X
+X#ifdef ANONCVS_USER
+X /*
+X * I love lusers who have to test every setuid binary on my machine.
+X */
+X if (getuid() != 0 && (strcmp (pw->pw_name, ANONCVS_USER) != 0)) {
+X fprintf(stderr, "You're not supposed to be running me!\n");
+X#ifdef USE_SYSLOG
+X syslog(LOG_NOTICE,
+X "User %s(%d) invoked anoncvssh - Possible twink?",
+X pw->pw_name, pw->pw_uid);
+X#endif /* USE_SYSLOG */
+X exit(1);
+X }
+X#endif /* ANONCVS_USER */
+X
+X
+X setuid(0);
+X if (chroot(pw->pw_dir) == -1) {
+X perror("chroot");
+X exit (1);
+X }
+X chdir("/");
+X setuid(pw->pw_uid);
+X
+X /*
+X * program now "safe"
+X */
+X
+X#ifdef PSERVER_SUPPORT
+X /* If we want pserver functionality */
+X if ((argc == 2) && (strcmp("pserver", argv[1]) == 0)) {
+X#ifdef USE_SYSLOG
+X int slen;
+X struct sockaddr_in my_sa, peer_sa;
+X char *us, *them;
+X
+X slen = sizeof(my_sa);
+X if (getsockname(0, (struct sockaddr *) &my_sa, &slen)
+X != 0) {
+X perror("getsockname");
+X exit(1);
+X }
+X us = strdup(inet_ntoa(my_sa.sin_addr));
+X if (us == NULL) {
+X fprintf(stderr, "malloc failed\n");
+X exit(1);
+X }
+X slen = sizeof(peer_sa);
+X if (getpeername(0, (struct sockaddr *) &peer_sa, &slen)
+X != 0) {
+X perror("getpeername");
+X exit(1);
+X }
+X them=strdup(inet_ntoa(peer_sa.sin_addr));
+X if (them == NULL) {
+X fprintf(stderr, "malloc failed\n");
+X exit(1);
+X }
+X syslog(LOG_PRIO,
+X "pserver connection from %s:%d to %s:%d\n",
+X them, ntohs(peer_sa.sin_port),
+X us, ntohs(my_sa.sin_port));
+X#endif /* USE_SYSLOG */
+X execle("/usr/bin/cvs", "cvs",
+X __CONCAT("--allow-root=",LOCALROOT), "pserver", NULL, env);
+X perror("execle: cvs");
+X fprintf(stderr, "unable to exec CVS pserver!\n");
+X exit(1);
+X /* NOTREACHED */
+X }
+X#endif
+X
+X if (argc != 3 ||
+X strcmp("anoncvssh", argv[0]) != 0 ||
+X strcmp("-c", argv[1]) != 0 ||
+X (strcmp("cvs server", argv[2]) != 0 &&
+X strcmp(__CONCAT3("cvs -d ",LOCALROOT," server"), argv[2]) != 0)) {
+X fprintf(stderr, "\nTo use anonymous CVS install the latest ");
+X fprintf(stderr,"version of CVS on your local machine.\n");
+X fprintf(stderr,"Then set your CVSROOT environment variable ");
+X fprintf(stderr,"to the following value:\n");
+X fprintf(stderr,"\t%s\n\n", CVSROOT);
+X#ifdef DEBUG
+X fprintf(stderr, "argc = %d\n", argc);
+X for (i = 0 ; i < argc ; i++)
+X fprintf(stderr, "argv[%d] = \"%s\"\n", i, argv[i]);
+X#endif /* DEBUG */
+X sleep(10);
+X exit(0);
+X }
+X execle("/usr/bin/cvs", "cvs", "server", NULL, env);
+X perror("execle: cvs");
+X fprintf(stderr, "unable to exec CVS server!\n");
+X exit(1);
+X /* NOTREACHED */
+X}
+X
+END-of-anoncvssh.c
+exit
+