aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-05-31 11:52:47 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-05-31 11:52:47 +0200
commit2e201c780e72b49fa6d16f27fa559972503acac4 (patch)
treea591370bf298f8b15f95a6b02d802ac04a897db9
parent2a5b5ab1809f1685e2071834be4755e32078c59a (diff)
-rw-r--r--Makefile4
-rw-r--r--README26
-rw-r--r--anoncvssh.c55
3 files changed, 19 insertions, 66 deletions
diff --git a/Makefile b/Makefile
index 3e26750..7c9f7be 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,9 @@
+#CVSROOT=anoncvs@anoncvs1.usa.openbsd.org:/cvs
PROG= anoncvssh
BINOWN= root
BINMODE=4111
-BINDIR=/usr/local/bin
+BINDIR=/open
NOMAN=
-LDSTATIC=${STATIC}
.include <bsd.prog.mk>
diff --git a/README b/README
index ddeb41c..dd05ee4 100644
--- a/README
+++ b/README
@@ -35,7 +35,7 @@
**********************************************************************
STEP 1) find enough disk space.
- You need roughly 2GB.
+ You need roughly 6GB.
Mount it on /open, make sure it doesn't have nosuid and nodev flags.
If you are not able to mount it as /open, substitute it's location
throughout the rest of this description.
@@ -70,6 +70,7 @@ Match User anoncvs
AllowTcpForwarding no
AllowAgentForwarding no
X11Forwarding no
+ PermitTTY no
**********************************************************************
STEP 4) Build the anoncvs user's home directory chroot jail. This
@@ -86,13 +87,6 @@ jail for anoncvs in /open/anoncvs.
cd /open/anoncvs
touch .hushlogin
touch .profile
-
-Put a message like the following in .plan:
- To use anonymous CVS install the latest version of CVS on your local
- machine.
- Then set your CVSROOT environment variable to the following value:
- anoncvs@anoncvs.openbsd.org:/cvs
-
mkdir bin dev tmp usr var etc
cp /bin/{cat,pwd,rm,sh} bin/
@@ -131,12 +125,8 @@ If using shared libraries, use ldd to find out which shared libs you need:
/usr/bin/cvs:
Start End Type Open Ref GrpRef Name
1c000000 3c01f000 exe 1 0 0 /usr/bin/cvs
- 0f802000 2f80a000 rlib 0 1 0 /usr/lib/libz.so.4.1
- 020f3000 220f8000 rlib 0 1 0 /usr/lib/libgssapi.so.5.0
- 0530c000 2531c000 rlib 0 1 0 /usr/lib/libkrb5.so.17.0
- 03801000 23841000 rlib 0 1 0 /usr/lib/libcrypto.so.18.0
- 0a8fb000 2a900000 rlib 0 1 0 /usr/lib/libdes.so.9.0
- 094d2000 2950b000 rlib 0 1 0 /usr/lib/libc.so.51.0
+ 0f802000 2f80a000 rlib 0 1 0 /usr/lib/libz.so.5.0
+ 094d2000 2950b000 rlib 0 1 0 /usr/lib/libc.so.84.2
094ca000 094ca000 rtld 0 1 0 /usr/libexec/ld.so
and then copy the required libraries to usr/lib/
@@ -308,12 +298,8 @@ usr/lib:
total 42344
drwxr-xr-x 2 root wheel 512 Jun 3 01:56 ./
drwxr-xr-x 5 root wheel 512 Jun 3 01:54 ../
--r--r--r-- 1 root wheel 4605409 Jun 3 01:56 libc.so.50.1
--r--r--r-- 1 root wheel 9659802 Jun 3 01:56 libcrypto.so.18.0
--r--r--r-- 1 root wheel 190814 Jun 3 01:56 libdes.so.9.0
--r--r--r-- 1 root wheel 1593303 Jun 3 01:55 libgssapi.so.5.0
--r--r--r-- 1 root wheel 5337583 Jun 3 01:56 libkrb5.so.16.0
--r--r--r-- 1 root wheel 182556 Jun 3 01:55 libz.so.4.1
+-r--r--r-- 1 root wheel 4605409 Jun 3 01:56 libc.so.84.2
+-r--r--r-- 1 root wheel 182556 Jun 3 01:55 libz.so.5.0
usr/libexec:
total 120
diff --git a/anoncvssh.c b/anoncvssh.c
index ba4ffd1..3a59c98 100644
--- a/anoncvssh.c
+++ b/anoncvssh.c
@@ -60,7 +60,7 @@
* Hostname to be used when accessing the remote repository.
*/
#ifndef HOSTNAME
-#define HOSTNAME "dim13.org"
+#define HOSTNAME "anoncvs1.usa.openbsd.org"
#endif
/*
@@ -85,8 +85,9 @@
#define PSERVER_SUPPORT
#endif
+
/*
- * Define USE_SYSLOG if you want anoncvssh to log pserver connections
+ * Define USE_SYSLOG if you want anoncvssh to log pserver connections
* using syslog()
*/
#define USE_SYSLOG
@@ -106,12 +107,6 @@
*/
/* #define ANONCVS_USER USERNAME */
-/*
- * If you want to be able to run an alternate OpenCVS binary on your
- * anoncvs server, define OPENCVS_USER as the user who will invoke it.
- */
-/* #define OPENCVS_USER "opencvs" */
-
int main __P((int, char *[]));
char * const env[] = {
@@ -132,9 +127,6 @@ char *argv[];
#ifdef DEBUG
int i;
#endif /* DEBUG */
-#if defined(OPENCVS_USER)
- int opencvs;
-#endif
pw = getpwuid(getuid());
if (pw == NULL) {
@@ -149,17 +141,17 @@ char *argv[];
#ifdef USE_SYSLOG
openlog("anoncvssh", LOG_PID | LOG_NDELAY, LOG_FACILITY);
#endif /* USE_SYSLOG */
-
+
#ifdef ANONCVS_USER
- /*
+ /*
* I love lusers who have to test every setuid binary on my machine.
*/
if (getuid() != 0 && (strcmp (pw->pw_name, ANONCVS_USER) != 0)) {
- fprintf(stderr, "You're not supposed to be running me!\n");
+ fprintf(stderr, "You're not supposed to be running me!\n");
#ifdef USE_SYSLOG
syslog(LOG_NOTICE,
"User %s(%d) invoked anoncvssh - Possible twink?",
- pw->pw_name, pw->pw_uid);
+ pw->pw_name, pw->pw_uid);
#endif /* USE_SYSLOG */
exit(1);
}
@@ -174,12 +166,8 @@ char *argv[];
chdir("/");
setuid(pw->pw_uid);
-#if defined(OPENCVS_USER)
- if (!strcmp(pw->pw_name, OPENCVS_USER))
- opencvs = 1;
- else
- opencvs = 0;
-#endif
+ if (pledge("stdio inet exec", NULL) == -1)
+ err(1, "pledge");
/*
* program now "safe"
@@ -193,14 +181,6 @@ char *argv[];
struct sockaddr_in my_sa, peer_sa;
char *us, *them;
-#if defined(OPENCVS_USER)
- if (opencvs == 1) {
- fprintf(stderr, "OpenCVS does not support pserver\n");
- sleep(10);
- exit(1);
- }
-#endif
-
slen = sizeof(my_sa);
if (getsockname(0, (struct sockaddr *) &my_sa, &slen)
!= 0) {
@@ -223,7 +203,7 @@ char *argv[];
fprintf(stderr, "malloc failed\n");
exit(1);
}
- syslog(LOG_PRIO,
+ syslog(LOG_PRIO,
"pserver connection from %s:%d to %s:%d\n",
them, ntohs(peer_sa.sin_port),
us, ntohs(my_sa.sin_port));
@@ -237,7 +217,7 @@ char *argv[];
}
#endif
- if (argc != 3 ||
+ if (argc != 3 ||
strcmp("anoncvssh", argv[0]) != 0 ||
strcmp("-c", argv[1]) != 0 ||
(strcmp("cvs server", argv[2]) != 0 &&
@@ -246,10 +226,6 @@ char *argv[];
fprintf(stderr,"version of CVS on your local machine.\n");
fprintf(stderr,"Then set your CVSROOT environment variable ");
fprintf(stderr,"to the following value:\n");
-#if defined(OPENCVS_USER)
- fprintf(stderr, "\t%s@%s:%s for OpenCVS\n", OPENCVS_USER,
- HOSTNAME, LOCALROOT);
-#endif
fprintf(stderr,"\t%s\n\n", CVSROOT);
#ifdef DEBUG
fprintf(stderr, "argc = %d\n", argc);
@@ -260,16 +236,7 @@ char *argv[];
exit(0);
}
-#if defined(OPENCVS_USER)
- if (opencvs == 1) {
- execle("/usr/bin/opencvs", "opencvs",
- "server", (char *)NULL, env);
- } else {
-#endif
execle("/usr/bin/cvs", "cvs", "server", (char *)NULL, env);
-#if defined(OPENCVS_USER)
- }
-#endif
perror("execle: cvs");
fprintf(stderr, "unable to exec CVS server!\n");