aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2008-05-26 17:04:44 +0000
committerDimitri Sokolyuk <demon@dim13.org>2008-05-26 17:04:44 +0000
commit003b3a63ec8f357f9bc59a274622efe28ab63764 (patch)
tree4100034d76eb1e669a5f76abc7017223bbcd0a77
parent6cc1e2a7d776c263424266f7ef2800f270fbfe3a (diff)
anoncvs shell unpacked
-rw-r--r--Makefile9
-rw-r--r--README372
-rw-r--r--anoncvssh.c234
3 files changed, 615 insertions, 0 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..7c9f7be
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,9 @@
+#CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs
+PROG= anoncvssh
+BINOWN= root
+BINMODE=4111
+BINDIR=/open
+NOMAN=
+
+.include <bsd.prog.mk>
+
diff --git a/README b/README
new file mode 100644
index 0000000..cb729c1
--- /dev/null
+++ b/README
@@ -0,0 +1,372 @@
+
+ So, you want to run an anoncvs server.
+
+ A summary of the steps you'll need to do is:
+
+1) Find enough disk space to hold the anoncvs tree, and mount it in an
+ appropriate place.
+
+2) Compile and install anoncvssh, the shell used for the anoncvs user.
+ ( If you aren't using OpenBSD you'll probably need to compile a sup
+ client as well. The easier path is to use OpenBSD ;).
+
+3) Add the anoncvs user to the password file, with no password, and
+ anoncvssh as it's shell. Decide on a user that will run sup to maintain
+ the archive (this is a different user, NOT the anoncvs user).
+
+4) Make a home directory for the anoncvs user. The anoncvs user's
+ home directory is a chroot jail in which the anoncvssh processes
+ run when servicing anoncvs requests. The jail must contain the
+ cvs binary as well as whatever shared libraries and support files
+ are needed to run them unless you compile and link everything
+ statically. This example shows what is needed for OpenBSD. If you
+ use another platform you'll need to be familiar with what needs
+ to go in a chroot jail for your platform.
+
+5) Get permission to use sup to obtain the cvs tree from a server.
+
+6) Set up sup to retrieve the cvs tree from an appropriate place.
+ (If you aren't using OpenBSD you will need to compile and install
+ a sup client).
+
+7) Run sup to retrieve the distribution from the server.
+
+8) Once you get the distribution in, set up a cron job to run sup
+ periodically to keep your server up to date.
+
+**********************************************************************
+STEP 1) find enough disk space.
+ You need roughly 2GB.
+ Mount it on /open.
+ If you are not able to mount it as /open, substitute it's location
+ throughout the rest of this description.
+
+**********************************************************************
+STEP 2) compile the anoncvssh binary.
+ In the Makefile, change the variable CVSROOT.
+ Install the binary setuid-root in /open/anoncvssh.
+
+**********************************************************************
+STEP 3) Create the anoncvs account and decide who will run "sup"
+ to maintain the archive. The anoncvs account should *NOT* be the one
+ running sup to maintain the archive.
+
+create an account similar to:
+
+ anoncvs::32766:32766::0:0:Anonymous CVS User:/open/anoncvs:/open/anoncvssh
+
+Yes, that is right - the account has no password. Be sure that the
+uid and gid are unique for your system, if the ones above aren't,
+pick different values.
+
+Decide who will run sup to maintain the archive. Call that user
+$SUPUSER. Oh, and in case it hasn't been previously mentioned,
+$SUPUSER should *NOT* be the anoncvs user :).
+
+Set "PermitEmptyPasswords yes" option in /etc/ssh/sshd_config and
+restart your sshd daemon.
+
+**********************************************************************
+STEP 4) Build the anoncvs user's home directory chroot jail. This
+ example assumes that you're using OpenBSD. If you're not you
+ may need different files in the chroot.
+
+mkdir /open/anoncvs
+mkdir /open/anoncvs/cvs
+mkdir /open/anoncvs/sup
+chown -R $SUPUSER /open/anoncvs/cvs /open/anoncvs/sup /open/anoncvs
+
+Start filling the account up with nice stuff. You are building a chroot
+jail for anoncvs in /open/anoncvs.
+
+ cd /open/anoncvs
+ touch .hushlogin
+ touch .profile
+
+Put a message like the following in .plan:
+ To use anonymous CVS install the latest version of CVS on your local
+ machine.
+ Then set your CVSROOT environment variable to the following value:
+ anoncvs@anoncvs.openbsd.org:/cvs
+
+ chown root:wheel .hushlogin .profile .plan
+
+ mkdir bin dev tmp usr var etc
+ cp /bin/{cat,pwd,rm,sh} bin/
+
+Using mknod, make a dev/null that has the same major/minor numbers as
+ your /dev/null, and make it mode 666.
+
+Some shared library systems require a dev/zero created in the same way.
+
+Fill etc space for the account
+ cp /etc/{group,hosts,passwd,protocols} etc/
+ cp /etc/{pwd.db,resolv.conf,services,ttys} etc/
+ modify these files to suit your idea of system security
+
+anoncvssh (by setting the environment variable CVSREADONLYFS) uses
+a tiny extension provided in the openbsd cvs server code which
+permits the use of read-only cvs repositories, therefore you MUST
+compile the openbsd version of cvs. Luckily this is not a problem
+on a non-openbsd machine, since the cvs sources are imported verbatim
+into the openbsd tree. They are in gnu/usr.bin/cvs. The sources
+are integrated in such way that Makefile.bsd-wrapper knows how to build
+the sources on an OpenBSD machine, using obj directories.
+
+Create tmp space for the account
+ # (cd var && ln -s ../tmp tmp)
+ # chmod a+rwx tmp
+
+ # mkdir usr/{bin,lib}
+ # cp /usr/bin/cvs usr/bin/
+
+If your system has ld.so in /usr/libexec,
+ # mkdir usr/libexec
+ # cp /usr/libexec/ld.so usr/libexec/
+
+If using shared libraries, use ldd to find out which shared libs you need:
+ # ldd /usr/bin/cvs
+ /usr/bin/cvs:
+ Start End Type Ref Name
+ 00000000 00000000 exe 1 /usr/bin/cvs
+ 0015f000 20165000 rlib 1 /usr/lib/libz.so.2.0
+ 0016d000 20172000 rlib 1 /usr/lib/libgssapi.so.2.0
+ 0017f000 2018d000 rlib 1 /usr/lib/libkrb5.so.5.2
+ 00141000 20145000 rlib 1 /usr/lib/libasn1.so.3.1
+ 00089000 200ba000 rlib 1 /usr/lib/libcrypto.so.10.0
+ 00177000 2017c000 rlib 1 /usr/lib/libdes.so.8.0
+ 00169000 2016d000 rlib 1 /usr/lib/libcom_err.so.1.0
+ 00009000 20053000 rlib 1 /usr/lib/libc.so.30.0
+ 00002000 00002000 rtld 1 /usr/libexec/ld.so
+
+ and then copy the required libraries to usr/lib/
+
+As a final pass, make sure that all the files you have just created are
+not world writable (except dev/null).
+
+For :pserver: support (optional)
+ - Create an entry in /etc/services
+ cvspserver 2401/tcp # CVS client/server operations
+ - Create an entry in /etc/inetd.conf
+ cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver
+ - Create a file /open/anoncvs/cvs/CVSROOT/passwd with the following entry
+ anoncvs:AHDysQkJIubEc
+ which would be a password of "anoncvs" (as per anoncvs.html)
+ - Create a file /open/anoncvs/cvs/CVSROOT/readers with a single entry:
+ anoncvs
+ which tells cvs that user "anoncvs" is allowed readonly access.
+ - Create a zero-length file /open/anoncvs/cvs/CVSROOT/writers since you don't
+ want anyone to be able to write to the mirror.
+ % cp /dev/null /open/anoncvs/cvs/CVSROOT/writers
+
+See the example layout below for full details.
+
+**********************************************************************
+STEP 5): Get sup permission.
+send mail to sup@openbsd.org
+1) to have sup permissions granted on an appropriate machine for you
+ to sup from. We will need to know your host's real hostname and
+ IP address.
+2) to have an anoncvsN.COUNTRY.openbsd.org alias created.
+3) to have your site mentioned in the http://www.openbsd.org page.
+
+**********************************************************************
+STEP 6): Configure sup.
+
+If you're running OpenBSD, you already have a sup client in
+/usr/bin/sup. If not you may need to build it. On an IRIX or other
+SYSV machine, ensure that your kernel does not allow a user to chown
+a file to another user (you may have heard of this particular brand
+of evil referred to as "chown giveaway"). This will cause sup to
+give away the files to root before chmod'ing them readable.
+michaels@openbsd.org knows how to fix this.
+
+The file /open/anoncvs/sup/ss contains a line that tells sup where
+to get the cvs tree from. It will normally contain:
+
+ cvs host=anoncvs.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete
+
+The file /open/anoncvs/sup/cvs/refuse tells sup what files it should not get.
+It should contain the following lines:
+
+ cvs/CVSROOT/history
+ cvs/CVSROOT/readers
+ cvs/CVSROOT/writers
+ cvs/CVSROOT/passwd
+
+If you ever fetch the file cvs/CVSROOT/history, delete it. It will
+cause you problems.
+
+**********************************************************************
+STEP 7): Run sup to retrieve the tree for the first time.
+
+Log in as or become the $SUPUSER, and run
+
+sup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog
+
+If you have sup permission, and have specified the correct host and
+hostbase in /open/anoncvs/sup/ss you should see a list of files start
+coming in after a short while. Don't panic if nothing happens
+immediately. Watch for errors (sup can timeout or die). If you can't
+access files contact the sup server maintainer. If you get a timeout
+or if sup dies you can restart and it should continue where it left off.
+
+It can take a good while (and a couple of restarts) to obtain the
+whole tree for the first time.
+
+**********************************************************************
+STEP 8): Set up cron to keep the tree up to date.
+
+You run sup periodically from the cron by setting up the crontab file
+of the $SUPUSER.
+
+For example: To run every three hours 'sup -v supfile', and thrice
+weekly 'sup -vo supfile' .. because sup is not reliable ..
+
+0 0,3,6,9,12,15,18,21 * * 0,2,4,5 sup -v /open/anoncvs/sup/ss > /dev/null
+0 0,12,15,18,21 * * 1,3,6 sup -v /open/anoncvs/sup/ss > /dev/null
+0 3 * * 1,3,6 sup -vo /open/anoncvs/sup/ss > /dev/null
+
+anoncvs5.usa.openbsd.org uses this particular set of entries. A `sup
+-o' is done every few days because sup is not very robust.
+
+**********************************************************************
+EXAMPLE LAYOUT
+
+Example layout for OpenBSD. In this example "deraadt" is the $SUPUSER.
+
+[eap open 5 ]> cd /open
+[eap open 6 ]> ls -alF
+total 46
+drwxr-xr-x 7 root wheel 512 Feb 20 09:58 ./
+drwxr-xr-x 17 root wheel 512 Jun 14 14:05 ../
+drwxr-xr-x 9 root wheel 512 Jan 3 21:55 anoncvs/
+---s--x--x 1 root bin 16384 Nov 30 1995 anoncvssh*
+lrwxr-xr-x 1 root wheel 11 Jan 3 21:52 cvs@ -> anoncvs/cvs
+drwxr-xr-x 5 root wheel 512 Feb 22 13:22 ftp/
+drwxrwxrwt 2 anoncvs wheel 1024 Jan 1 13:18 lost+found/
+drwxr-xr-x 4 root wheel 512 Nov 30 1995 src/
+drwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 sup/
+[eap open 7 ]> cd anoncvs
+[eap anoncvs 8 ]> ls -alF
+total 20
+drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ./
+drwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
+-r--r--r-- 1 root wheel 0 Nov 30 1995 .hushlogin
+-r--r--r-- 1 root wheel 188 Nov 30 1995 .plan
+-r--r--r-- 1 root wheel 0 Nov 29 1995 .profile
+drwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 bin/
+drwxrwxr-x 6 deraadt cvs 512 Jun 16 20:28 cvs/
+drwxr-xr-x 2 root wheel 512 Nov 30 1995 dev/
+drwxr-xr-x 2 root wheel 512 Nov 29 1995 etc/
+drwxrwxrwx 3 root wheel 512 Jun 22 07:42 tmp/
+drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 usr/
+drwxr-xr-x 2 root wheel 512 Jan 3 21:55 var/
+[eap anoncvs 8 ]> ls -alFR bin usr tmp etc dev
+bin:
+total 948
+drwxrwxr-x 2 deraadt wheel 512 Nov 29 1995 ./
+drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 cat*
+--wx--x--x 1 deraadt wheel 40960 Jun 18 09:45 pwd*
+--wx--x--x 1 deraadt wheel 122880 Jun 18 09:45 rm*
+--wx--x--x 1 deraadt wheel 262144 Jun 18 09:45 sh*
+
+dev:
+total 4
+drwxr-xr-x 2 root wheel 512 Nov 30 1995 ./
+drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+crw-rw-rw- 1 root wheel 2, 2 Nov 30 1995 null
+
+etc:
+total 112
+drwxr-xr-x 2 root wheel 512 Nov 29 1995 ./
+drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+-rw-r--r-- 1 root wheel 252 Nov 29 1995 group
+-rw-r--r-- 1 root wheel 296 Nov 29 1995 hosts
+-rw-r--r-- 1 root wheel 540 Nov 29 1995 passwd
+-rw-r--r-- 1 root wheel 1094 Nov 29 1995 protocols
+-rw-r--r-- 1 root wheel 40960 Nov 29 1995 pwd.db
+-rw-r--r-- 1 root wheel 89 Nov 29 1995 resolv.conf
+-rw-r--r-- 1 root wheel 5529 Nov 29 1995 services
+-rw-r--r-- 1 root wheel 1361 Nov 29 1995 ttys
+
+usr:
+total 10
+drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ./
+drwxr-xr-x 9 root wheel 512 Jan 3 21:55 ../
+drwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 bin/
+drwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 lib/
+drwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 libexec/
+
+usr/bin:
+total 1968
+drwxr-xr-x 2 deraadt wheel 512 Nov 30 1995 ./
+drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
+--wx--x--x 1 deraadt wheel 317787 Jun 18 09:46 cvs*
+
+usr/lib:
+total 5594
+drwxr-xr-x 2 deraadt wheel 1024 Jun 18 09:50 ./
+drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
+-rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libasn1.so.2.0
+-rw-r--r-- 1 deraadt wheel 351730 Jun 18 09:50 libc.so.28.5
+-rw-r--r-- 1 deraadt wheel 16608 Jun 18 09:50 libcrypto.so.6.0
+-rw-r--r-- 1 deraadt wheel 44424 Jun 18 09:50 libdes.so.7.0
+-rw-r--r-- 1 deraadt wheel 16665 Jun 18 09:50 libgssapi.so.1.0
+-rw-r--r-- 1 deraadt wheel 86198 Jun 18 09:50 libkafs.so.10.0
+-rw-r--r-- 1 deraadt wheel 42254 Jun 18 09:50 libkrb.so.10.0
+-rw-r--r-- 1 deraadt wheel 66099 Jun 18 09:50 libkrb5.so.4.0
+-rw-r--r-- 1 deraadt wheel 387976 Jun 18 09:50 libz.so.1.4
+
+usr/libexec:
+total 100
+drwxr-xr-x 2 deraadt wheel 512 Nov 29 1995 ./
+drwxr-xr-x 5 deraadt wheel 512 Nov 30 1995 ../
+-rwxr-xr-x 1 deraadt wheel 49152 Jun 18 09:47 ld.so*
+
+[eap anoncvs 14 ]> ls cvs
+CVSROOT/ src/ sup/ www/
+[eap anoncvs 15 ]> cd /open
+[eap anoncvs 16 ]> ls -alF sup
+total 8
+drwxrwxr-x 3 deraadt wheel 512 Dec 4 1995 ./
+drwxr-xr-x 7 root wheel 512 Feb 20 09:58 ../
+drwxr-xr-x 2 deraadt wheel 512 Jun 22 06:05 cvs/
+-rw-rw-r-- 1 deraadt wheel 54 Dec 4 1995 ss
+
+
+***************************************************************
+NOTES FOR OTHER PLATFORMS:
+
+If you're not that familiar with your other platform (i.e. you haven't
+built a chroot jail for a server on it) you may be better off
+finding an OpenBSD machine to use and duplicating the example above.
+
+**SunOS 5)
+Bob Beck <Bob.Beck@ualberta.ca> has done this. E-mail for
+help if you need it.
+
+**OSF 1)
+From Todd Fries <toddf@acm.org> to the adventurous.
+A note for those installing anoncvs on non-OpenBSD operating systems.
+You are in for some fun.
+
+For OSF1, on a DEC alpha, I had to do the following in addition to the
+above:
+
+- I do not know how to setup dynamic libraries on osf1 and as a result
+ everything had to be compiled statically.
+- Therefore, everything but /bin/sh I had to recmpile in order to
+ get the chroot setup. In order that there be no guesswork
+ involved, the following packages' binaries must exist in the chroot
+ environment:
+
+ GNU
+ cvs (from the OpenBSD source tree)
+
+Some notes on compiling.
+
+ cvs fails to install if you don't have makeinfo ... just search for the
+ string ' install-info$' with regex and remove it from the Makefile for the
+ install and you'll be fine, or install 'texinfo', your choice.
diff --git a/anoncvssh.c b/anoncvssh.c
new file mode 100644
index 0000000..62af922
--- /dev/null
+++ b/anoncvssh.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1997 Bob Beck <beck@obtuse.com>
+ * Copyright (c) 1996 Thorsten Lockert <tholo@sigmasoft.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__)
+#include <paths.h>
+#endif
+#include <pwd.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#ifndef __P
+#if defined(__STDC__) || defined(__cplusplus)
+#define __P(protos) protos /* full-blown ANSI C */
+#else
+#define __P(protos) () /* traditional C preprocessor */
+#endif
+#endif
+
+/*
+ * You may need to change this path to ensure that RCS, CVS and diff
+ * can be found
+ */
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/bin:/usr/bin"
+#endif
+
+/*
+ * This should not normally have to be changed
+ */
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+/*
+ * Location of CVS tree, relative to the anonymous CVS user's
+ * home directory
+ */
+#ifndef LOCALROOT
+#define LOCALROOT "/cvs"
+#endif
+
+/*
+ * Account and host name to be used when accessing the
+ * CVS repository remotely
+ */
+#ifndef HOSTNAME
+#define HOSTNAME "anoncvs@anoncvs1.usa.openbsd.org"
+#endif
+
+/*
+ * $CVSROOT is created based on HOSTNAME and LOCALROOT above
+ */
+#ifndef CVSROOT
+#define CVSROOT HOSTNAME ":"LOCALROOT
+#endif
+
+/*
+ * We define PSERVER_SUPPORT to allow anoncvssh to spawn a "cvs pserver".
+ * You may undefine this if you aren't going to be running pserver.
+ */
+#ifndef PSERVER_SUPPORT
+#define PSERVER_SUPPORT
+#endif
+
+/*
+ * Define USE_SYSLOG if you want anoncvssh to log pserver connections
+ * using syslog()
+ */
+#define USE_SYSLOG
+
+#ifdef USE_SYSLOG
+#include <string.h>
+#include <syslog.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#define LOG_FACILITY LOG_DAEMON
+#define LOG_PRIO LOG_INFO
+#endif
+
+/* Define ANONCVS_USER if you want anoncvssh to complain if invoked by
+ * anyone other than root or ANONCVS_USER.
+ */
+/* #define ANONCVS_USER "anoncvs" */
+
+int main __P((int, char *[]));
+
+char * const env[] = {
+ "PATH="_PATH_DEFPATH,
+ "SHELL="_PATH_BSHELL,
+ "CVSROOT="LOCALROOT,
+ "HOME=/",
+ "CVSREADONLYFS=1",
+ NULL
+};
+
+int
+main(argc, argv)
+int argc;
+char *argv[];
+{
+ struct passwd *pw;
+#ifdef DEBUG
+ int i;
+#endif /* DEBUG */
+
+ pw = getpwuid(getuid());
+ if (pw == NULL) {
+ fprintf(stderr, "no user for uid %d\n", getuid());
+ exit(1);
+ }
+ if (pw->pw_dir == NULL) {
+ fprintf(stderr, "no directory\n");
+ exit(1);
+ }
+
+#ifdef USE_SYSLOG
+ openlog("anoncvssh", LOG_PID | LOG_NDELAY, LOG_FACILITY);
+#endif /* USE_SYSLOG */
+
+#ifdef ANONCVS_USER
+ /*
+ * I love lusers who have to test every setuid binary on my machine.
+ */
+ if (getuid() != 0 && (strcmp (pw->pw_name, ANONCVS_USER) != 0)) {
+ fprintf(stderr, "You're not supposed to be running me!\n");
+#ifdef USE_SYSLOG
+ syslog(LOG_NOTICE,
+ "User %s(%d) invoked anoncvssh - Possible twink?",
+ pw->pw_name, pw->pw_uid);
+#endif /* USE_SYSLOG */
+ exit(1);
+ }
+#endif /* ANONCVS_USER */
+
+
+ setuid(0);
+ if (chroot(pw->pw_dir) == -1) {
+ perror("chroot");
+ exit (1);
+ }
+ chdir("/");
+ setuid(pw->pw_uid);
+
+ /*
+ * program now "safe"
+ */
+
+#ifdef PSERVER_SUPPORT
+ /* If we want pserver functionality */
+ if ((argc == 2) && (strcmp("pserver", argv[1]) == 0)) {
+#ifdef USE_SYSLOG
+ int slen;
+ struct sockaddr_in my_sa, peer_sa;
+ char *us, *them;
+
+ slen = sizeof(my_sa);
+ if (getsockname(0, (struct sockaddr *) &my_sa, &slen)
+ != 0) {
+ perror("getsockname");
+ exit(1);
+ }
+ us = strdup(inet_ntoa(my_sa.sin_addr));
+ if (us == NULL) {
+ fprintf(stderr, "malloc failed\n");
+ exit(1);
+ }
+ slen = sizeof(peer_sa);
+ if (getpeername(0, (struct sockaddr *) &peer_sa, &slen)
+ != 0) {
+ perror("getpeername");
+ exit(1);
+ }
+ them=strdup(inet_ntoa(peer_sa.sin_addr));
+ if (them == NULL) {
+ fprintf(stderr, "malloc failed\n");
+ exit(1);
+ }
+ syslog(LOG_PRIO,
+ "pserver connection from %s:%d to %s:%d\n",
+ them, ntohs(peer_sa.sin_port),
+ us, ntohs(my_sa.sin_port));
+#endif /* USE_SYSLOG */
+ execle("/usr/bin/cvs", "cvs",
+ "--allow-root="LOCALROOT, "pserver", (char *)NULL, env);
+ perror("execle: cvs");
+ fprintf(stderr, "unable to exec CVS pserver!\n");
+ exit(1);
+ /* NOTREACHED */
+ }
+#endif
+
+ if (argc != 3 ||
+ strcmp("anoncvssh", argv[0]) != 0 ||
+ strcmp("-c", argv[1]) != 0 ||
+ (strcmp("cvs server", argv[2]) != 0 &&
+ strcmp("cvs -d "LOCALROOT" server", argv[2]) != 0)) {
+ fprintf(stderr, "\nTo use anonymous CVS install the latest ");
+ fprintf(stderr,"version of CVS on your local machine.\n");
+ fprintf(stderr,"Then set your CVSROOT environment variable ");
+ fprintf(stderr,"to the following value:\n");
+ fprintf(stderr,"\t%s\n\n", CVSROOT);
+#ifdef DEBUG
+ fprintf(stderr, "argc = %d\n", argc);
+ for (i = 0 ; i < argc ; i++)
+ fprintf(stderr, "argv[%d] = \"%s\"\n", i, argv[i]);
+#endif /* DEBUG */
+ sleep(10);
+ exit(0);
+ }
+ execle("/usr/bin/cvs", "cvs", "server", (char *)NULL, env);
+ perror("execle: cvs");
+ fprintf(stderr, "unable to exec CVS server!\n");
+ exit(1);
+ /* NOTREACHED */
+}
+