aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-05-31 11:50:52 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-05-31 11:50:52 +0200
commit2a5b5ab1809f1685e2071834be4755e32078c59a (patch)
tree7811f35d0ddff48e4575c88fd8d989bf1233a3b4
parentc0d8cea31c4dfc3ccc2bc1d42e38b480e0e5315b (diff)
Sync from https://www.openbsd.org/anoncvs.shar
-rw-r--r--anoncvs.shar79
1 files changed, 16 insertions, 63 deletions
diff --git a/anoncvs.shar b/anoncvs.shar
index a388dcf..bcdc2b5 100644
--- a/anoncvs.shar
+++ b/anoncvs.shar
@@ -60,7 +60,7 @@ X periodically to keep your server up to date.
X
X**********************************************************************
XSTEP 1) find enough disk space.
-X You need roughly 2GB.
+X You need roughly 6GB.
X Mount it on /open, make sure it doesn't have nosuid and nodev flags.
X If you are not able to mount it as /open, substitute it's location
X throughout the rest of this description.
@@ -95,6 +95,7 @@ X PermitEmptyPasswords yes
X AllowTcpForwarding no
X AllowAgentForwarding no
X X11Forwarding no
+X PermitTTY no
X
X**********************************************************************
XSTEP 4) Build the anoncvs user's home directory chroot jail. This
@@ -111,13 +112,6 @@ X
X cd /open/anoncvs
X touch .hushlogin
X touch .profile
-X
-XPut a message like the following in .plan:
-X To use anonymous CVS install the latest version of CVS on your local
-X machine.
-X Then set your CVSROOT environment variable to the following value:
-X anoncvs@anoncvs.openbsd.org:/cvs
-X
X mkdir bin dev tmp usr var etc
X cp /bin/{cat,pwd,rm,sh} bin/
X
@@ -156,12 +150,8 @@ X # ldd /usr/bin/cvs
X /usr/bin/cvs:
X Start End Type Open Ref GrpRef Name
X 1c000000 3c01f000 exe 1 0 0 /usr/bin/cvs
-X 0f802000 2f80a000 rlib 0 1 0 /usr/lib/libz.so.4.1
-X 020f3000 220f8000 rlib 0 1 0 /usr/lib/libgssapi.so.5.0
-X 0530c000 2531c000 rlib 0 1 0 /usr/lib/libkrb5.so.17.0
-X 03801000 23841000 rlib 0 1 0 /usr/lib/libcrypto.so.18.0
-X 0a8fb000 2a900000 rlib 0 1 0 /usr/lib/libdes.so.9.0
-X 094d2000 2950b000 rlib 0 1 0 /usr/lib/libc.so.51.0
+X 0f802000 2f80a000 rlib 0 1 0 /usr/lib/libz.so.5.0
+X 094d2000 2950b000 rlib 0 1 0 /usr/lib/libc.so.84.2
X 094ca000 094ca000 rtld 0 1 0 /usr/libexec/ld.so
X
X and then copy the required libraries to usr/lib/
@@ -333,12 +323,8 @@ Xusr/lib:
Xtotal 42344
Xdrwxr-xr-x 2 root wheel 512 Jun 3 01:56 ./
Xdrwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../
-X-r--r--r-- 1 root wheel 4605409 Jun 3 01:56 libc.so.50.1
-X-r--r--r-- 1 root wheel 9659802 Jun 3 01:56 libcrypto.so.18.0
-X-r--r--r-- 1 root wheel 190814 Jun 3 01:56 libdes.so.9.0
-X-r--r--r-- 1 root wheel 1593303 Jun 3 01:55 libgssapi.so.5.0
-X-r--r--r-- 1 root wheel 5337583 Jun 3 01:56 libkrb5.so.16.0
-X-r--r--r-- 1 root wheel 182556 Jun 3 01:55 libz.so.4.1
+X-r--r--r-- 1 root wheel 4605409 Jun 3 01:56 libc.so.84.2
+X-r--r--r-- 1 root wheel 182556 Jun 3 01:55 libz.so.5.0
X
Xusr/libexec:
Xtotal 120
@@ -438,8 +424,9 @@ X#ifndef PSERVER_SUPPORT
X#define PSERVER_SUPPORT
X#endif
X
+X
X/*
-X * Define USE_SYSLOG if you want anoncvssh to log pserver connections
+X * Define USE_SYSLOG if you want anoncvssh to log pserver connections
X * using syslog()
X */
X#define USE_SYSLOG
@@ -459,12 +446,6 @@ X * anyone other than root or ANONCVS_USER.
X */
X/* #define ANONCVS_USER USERNAME */
X
-X/*
-X * If you want to be able to run an alternate OpenCVS binary on your
-X * anoncvs server, define OPENCVS_USER as the user who will invoke it.
-X */
-X#define OPENCVS_USER "opencvs"
-X
Xint main __P((int, char *[]));
X
Xchar * const env[] = {
@@ -485,9 +466,6 @@ X struct passwd *pw;
X#ifdef DEBUG
X int i;
X#endif /* DEBUG */
-X#if defined(OPENCVS_USER)
-X int opencvs;
-X#endif
X
X pw = getpwuid(getuid());
X if (pw == NULL) {
@@ -502,17 +480,17 @@ X
X#ifdef USE_SYSLOG
X openlog("anoncvssh", LOG_PID | LOG_NDELAY, LOG_FACILITY);
X#endif /* USE_SYSLOG */
-X
+X
X#ifdef ANONCVS_USER
-X /*
+X /*
X * I love lusers who have to test every setuid binary on my machine.
X */
X if (getuid() != 0 && (strcmp (pw->pw_name, ANONCVS_USER) != 0)) {
-X fprintf(stderr, "You're not supposed to be running me!\n");
+X fprintf(stderr, "You're not supposed to be running me!\n");
X#ifdef USE_SYSLOG
X syslog(LOG_NOTICE,
X "User %s(%d) invoked anoncvssh - Possible twink?",
-X pw->pw_name, pw->pw_uid);
+X pw->pw_name, pw->pw_uid);
X#endif /* USE_SYSLOG */
X exit(1);
X }
@@ -527,12 +505,8 @@ X }
X chdir("/");
X setuid(pw->pw_uid);
X
-X#if defined(OPENCVS_USER)
-X if (!strcmp(pw->pw_name, OPENCVS_USER))
-X opencvs = 1;
-X else
-X opencvs = 0;
-X#endif
+X if (pledge("stdio inet exec", NULL) == -1)
+X err(1, "pledge");
X
X /*
X * program now "safe"
@@ -546,14 +520,6 @@ X int slen;
X struct sockaddr_in my_sa, peer_sa;
X char *us, *them;
X
-X#if defined(OPENCVS_USER)
-X if (opencvs == 1) {
-X fprintf(stderr, "OpenCVS does not support pserver\n");
-X sleep(10);
-X exit(1);
-X }
-X#endif
-X
X slen = sizeof(my_sa);
X if (getsockname(0, (struct sockaddr *) &my_sa, &slen)
X != 0) {
@@ -576,7 +542,7 @@ X if (them == NULL) {
X fprintf(stderr, "malloc failed\n");
X exit(1);
X }
-X syslog(LOG_PRIO,
+X syslog(LOG_PRIO,
X "pserver connection from %s:%d to %s:%d\n",
X them, ntohs(peer_sa.sin_port),
X us, ntohs(my_sa.sin_port));
@@ -590,7 +556,7 @@ X /* NOTREACHED */
X }
X#endif
X
-X if (argc != 3 ||
+X if (argc != 3 ||
X strcmp("anoncvssh", argv[0]) != 0 ||
X strcmp("-c", argv[1]) != 0 ||
X (strcmp("cvs server", argv[2]) != 0 &&
@@ -599,10 +565,6 @@ X fprintf(stderr, "\nTo use anonymous CVS install the latest ");
X fprintf(stderr,"version of CVS on your local machine.\n");
X fprintf(stderr,"Then set your CVSROOT environment variable ");
X fprintf(stderr,"to the following value:\n");
-X#if defined(OPENCVS_USER)
-X fprintf(stderr, "\t%s@%s:%s for OpenCVS\n", OPENCVS_USER,
-X HOSTNAME, LOCALROOT);
-X#endif
X fprintf(stderr,"\t%s\n\n", CVSROOT);
X#ifdef DEBUG
X fprintf(stderr, "argc = %d\n", argc);
@@ -613,16 +575,7 @@ X sleep(10);
X exit(0);
X }
X
-X#if defined(OPENCVS_USER)
-X if (opencvs == 1) {
-X execle("/usr/bin/opencvs", "opencvs",
-X "server", (char *)NULL, env);
-X } else {
-X#endif
X execle("/usr/bin/cvs", "cvs", "server", (char *)NULL, env);
-X#if defined(OPENCVS_USER)
-X }
-X#endif
X
X perror("execle: cvs");
X fprintf(stderr, "unable to exec CVS server!\n");