aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2003-11-15 22:19:25 +0000
committerDimitri Sokolyuk <demon@dim13.org>2003-11-15 22:19:25 +0000
commit986d637b38d0b1211a2c9a8c957498ed90d1b3ab (patch)
treea773ce82db6da73ee9c499ea9475713002df41ef
parenta59ad5c2114d7f6e01a4a6c5fafb007ae7f8e4a1 (diff)
NULL --> (char *)NULL in execle
-rw-r--r--anoncvs.shar131
1 files changed, 75 insertions, 56 deletions
diff --git a/anoncvs.shar b/anoncvs.shar
index d7fb7a0..0f5d372 100644
--- a/anoncvs.shar
+++ b/anoncvs.shar
@@ -24,55 +24,55 @@ END-of-Makefile
echo x - README
sed 's/^X//' >README << 'END-of-README'
X
-X So, you want to run an anoncvs server.
+X So, you want to run an anoncvs server.
X
X A summary of the steps you'll need to do is:
X
-X1) Find enough disk space to hold the anoncvs tree, and mount it in an
+X1) Find enough disk space to hold the anoncvs tree, and mount it in an
X appropriate place.
X
X2) Compile and install anoncvssh, the shell used for the anoncvs user.
X ( If you aren't using OpenBSD you'll probably need to compile a sup
-X client as well. The easier path is to use OpenBSD ;)
+X client as well. The easier path is to use OpenBSD ;).
X
X3) Add the anoncvs user to the password file, with no password, and
X anoncvssh as it's shell. Decide on a user that will run sup to maintain
-X the archive (this is a different user, NOT the anoncvs user)
+X the archive (this is a different user, NOT the anoncvs user).
X
X4) Make a home directory for the anoncvs user. The anoncvs user's
X home directory is a chroot jail in which the anoncvssh processes
X run when servicing anoncvs requests. The jail must contain the
X cvs binary as well as whatever shared libraries and support files
X are needed to run them unless you compile and link everything
-X staticly. This example shows what is needed for OpenBSD. If you
+X statically. This example shows what is needed for OpenBSD. If you
X use another platform you'll need to be familiar with what needs
X to go in a chroot jail for your platform.
X
X5) Get permission to use sup to obtain the cvs tree from a server.
X
-X6) Set up sup to retrieve the cvs tree from an appropriate place.
+X6) Set up sup to retrieve the cvs tree from an appropriate place.
X (If you aren't using OpenBSD you will need to compile and install
X a sup client).
X
-X7) Run sup to retrieve the distribution from the server
+X7) Run sup to retrieve the distribution from the server.
X
-X8) Once you get the distribution in, set up a cron job to run sup
+X8) Once you get the distribution in, set up a cron job to run sup
X periodically to keep your server up to date.
X
X**********************************************************************
XSTEP 1) find enough disk space.
-X You need roughly 1.6GB.
+X You need roughly 2GB.
X Mount it on /open.
X If you are not able to mount it as /open, substitute it's location
-X throughout the rest of this description.
+X throughout the rest of this description.
X
X**********************************************************************
-XSTEP 2) compile the anoncvssh binary
-X In the Makefile, change the variable CVSROOT
+XSTEP 2) compile the anoncvssh binary.
+X In the Makefile, change the variable CVSROOT.
X Install the binary setuid-root in /open/anoncvssh.
X
X**********************************************************************
-XSTEP 3) Create the anoncvs account. and decide who will run "sup"
+XSTEP 3) Create the anoncvs account and decide who will run "sup"
X to maintain the archive. The anoncvs account should *NOT* be the one
X running sup to maintain the archive.
X
@@ -80,13 +80,16 @@ Xcreate an account similar to:
X
X anoncvs::32766:32766:Anonymous CVS User:/open/anoncvs:/open/anoncvssh
X
-XYes, that is right. the account has no password. Be sure that the
+XYes, that is right - the account has no password. Be sure that the
Xuid and gid are unique for your system, if the ones above aren't,
Xpick different values.
-X
-XDecide who will run sup to maintain the archive. call that user
+X
+XDecide who will run sup to maintain the archive. Call that user
X$SUPUSER. Oh, and in case it hasn't been previously mentioned,
-X$SUPUSER should *NOT* be the anoncvs user :)
+X$SUPUSER should *NOT* be the anoncvs user :).
+X
+XSet "PermitEmptyPasswords yes" option in /etc/ssh/sshd_config and
+Xrestart your sshd daemon.
X
X**********************************************************************
XSTEP 4) Build the anoncvs user's home directory chroot jail. This
@@ -106,7 +109,7 @@ X touch .hushlogin
X touch .profile
X
XPut a message like the following in .plan:
-X To use anonymous CVS install the latest version of CVS on your local
+X To use anonymous CVS install the latest version of CVS on your local
X machine.
X Then set your CVSROOT environment variable to the following value:
X anoncvs@anoncvs.openbsd.org:/cvs
@@ -119,7 +122,7 @@ X
XUsing mknod, make a dev/null that has the same major/minor numbers as
X your /dev/null, and make it mode 666.
X
-XSome shared library systems require a dev/zero created in the same way
+XSome shared library systems require a dev/zero created in the same way.
X
XFill etc space for the account
X cp /etc/{group,hosts,passwd,protocols} etc/
@@ -127,16 +130,16 @@ X cp /etc/{pwd.db,resolv.conf,services,ttys} etc/
X modify these files to suit your idea of system security
X
Xanoncvssh (by setting the environment variable CVSREADONLYFS) uses
-Xan tiny extension provided in the openbsd cvs server code which
-Xpermits the use of read-only cvs repositories. therefore you MUST
-Xcompile the openbsd version of cvs. luckily this is not a problem
-Xon a non-openbsd machine since the cvs sources are imported verbatim
-Xinto the openbsd tree. they are in gnu/usr.bin/cvs. The sources
-Xare integrated such that Makefile.bsd-wrapper knows how to build
+Xa tiny extension provided in the openbsd cvs server code which
+Xpermits the use of read-only cvs repositories, therefore you MUST
+Xcompile the openbsd version of cvs. Luckily this is not a problem
+Xon a non-openbsd machine, since the cvs sources are imported verbatim
+Xinto the openbsd tree. They are in gnu/usr.bin/cvs. The sources
+Xare integrated in such way that Makefile.bsd-wrapper knows how to build
Xthe sources on an OpenBSD machine, using obj directories.
X
XCreate tmp space for the account
-X # cd var; ln -s ../tmp tmp
+X # (cd var && ln -s ../tmp tmp)
X # chmod a+rwx tmp
X
X # mkdir usr/{bin,lib}
@@ -148,16 +151,18 @@ X # cp /usr/libexec/ld.so usr/libexec/
X
XIf using shared libraries, use ldd to find out which shared libs you need:
X # ldd /usr/bin/cvs
-X /usr/bin/cvs:
-X -lz.1 => /usr/lib/libz.so.1.4 (0x40097000)
-X -lgssapi.1 => /usr/lib/libgssapi.so.1.0 (0x400a4000)
-X -lkrb.10 => /usr/lib/libkrb.so.10.0 (0x400ae000)
-X -lkrb5.4 => /usr/lib/libkrb5.so.4.0 (0x400c8000)
-X -lasn1.2 => /usr/lib/libasn1.so.2.0 (0x400ff000)
-X -lcrypto.6 => /usr/lib/libcrypto.so.6.0 (0x4011d000)
-X -ldes.7 => /usr/lib/libdes.so.7.0 (0x40203000)
-X -lkafs.10 => /usr/lib/libkafs.so.10.0 (0x4020d000)
-X -lc.28 => /usr/lib/libc.so.28.5 (0x40210000)
+X /usr/bin/cvs:
+X Start End Type Ref Name
+X 00000000 00000000 exe 1 /usr/bin/cvs
+X 0015f000 20165000 rlib 1 /usr/lib/libz.so.2.0
+X 0016d000 20172000 rlib 1 /usr/lib/libgssapi.so.2.0
+X 0017f000 2018d000 rlib 1 /usr/lib/libkrb5.so.5.2
+X 00141000 20145000 rlib 1 /usr/lib/libasn1.so.3.1
+X 00089000 200ba000 rlib 1 /usr/lib/libcrypto.so.10.0
+X 00177000 2017c000 rlib 1 /usr/lib/libdes.so.8.0
+X 00169000 2016d000 rlib 1 /usr/lib/libcom_err.so.1.0
+X 00009000 20053000 rlib 1 /usr/lib/libc.so.30.0
+X 00002000 00002000 rtld 1 /usr/libexec/ld.so
X
X and then copy the required libraries to usr/lib/
X
@@ -166,43 +171,43 @@ Xnot world writable (except dev/null).
X
XFor :pserver: support (optional)
X - Create an entry in /etc/services
-X cvspserver 2401/tcp # CVS client/server operations
+X cvspserver 2401/tcp # CVS client/server operations
X - Create an entry in /etc/inetd.conf
-X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver
+X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver
X - Create a file /open/anoncvs/cvs/CVSROOT/passwd with the following entry
-X anoncvs:AHDysQkJIubEc
+X anoncvs:AHDysQkJIubEc
X which would be a password of "anoncvs" (as per anoncvs.html)
X - Create a file /open/anoncvs/cvs/CVSROOT/readers with a single entry:
-X anoncvs
+X anoncvs
X which tells cvs that user "anoncvs" is allowed readonly access.
X - Create a zero-length file /open/anoncvs/cvs/CVSROOT/writers since you don't
X want anyone to be able to write to the mirror.
-X % cp /dev/null /open/anoncvs/cvs/CVSROOT/writers
+X % cp /dev/null /open/anoncvs/cvs/CVSROOT/writers
X
XSee the example layout below for full details.
X
X**********************************************************************
-XSTEP 5): Get sup permission.
+XSTEP 5): Get sup permission.
Xsend mail to sup@openbsd.org
X1) to have sup permissions granted on an appropriate machine for you
X to sup from. We will need to know your host's real hostname and
X IP address.
-X2) to have an anoncvsN.COUNTRY.openbsd.org alias created
+X2) to have an anoncvsN.COUNTRY.openbsd.org alias created.
X3) to have your site mentioned in the http://www.openbsd.org page.
X
X**********************************************************************
-XSTEP 6): Configure sup
+XSTEP 6): Configure sup.
X
XIf you're running OpenBSD, you already have a sup client in
X/usr/bin/sup. If not you may need to build it. On an IRIX or other
XSYSV machine, ensure that your kernel does not allow a user to chown
-Xa file to another user (You may have heard of this particular brand
-Xof evil referred to as "chown giveaway"). this will cause sup to
+Xa file to another user (you may have heard of this particular brand
+Xof evil referred to as "chown giveaway"). This will cause sup to
Xgive away the files to root before chmod'ing them readable.
Xmichaels@openbsd.org knows how to fix this.
X
XThe file /open/anoncvs/sup/ss contains a line that tells sup where
-Xto get the cvs tree from. it will normally contain:
+Xto get the cvs tree from. It will normally contain:
X
X cvs host=anoncvs.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete
X
@@ -214,13 +219,13 @@ X cvs/CVSROOT/readers
X cvs/CVSROOT/writers
X cvs/CVSROOT/passwd
X
-Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will
+XIf you ever fetch the file cvs/CVSROOT/history, delete it. It will
Xcause you problems.
X
X**********************************************************************
-XSTEP 7): Run sup to retrieve the tree for the first time
+XSTEP 7): Run sup to retrieve the tree for the first time.
X
-XLog in as or become the $SUPUSER, and run
+XLog in as or become the $SUPUSER, and run
X
Xsup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog
X
@@ -228,7 +233,7 @@ XIf you have sup permission, and have specified the correct host and
Xhostbase in /open/anoncvs/sup/ss you should see a list of files start
Xcoming in after a short while. Don't panic if nothing happens
Ximmediately. Watch for errors (sup can timeout or die). If you can't
-Xaccess files contact the sup server maintainer, If you get a timeout
+Xaccess files contact the sup server maintainer. If you get a timeout
Xor if sup dies you can restart and it should continue where it left off.
X
XIt can take a good while (and a couple of restarts) to obtain the
@@ -256,7 +261,7 @@ X
XExample layout for OpenBSD. In this example "deraadt" is the $SUPUSER.
X
X[eap open 5 ]> cd /open
-X[eap open 6 ]> ls -alF
+X[eap open 6 ]> ls -alF
Xtotal 46
Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ./
Xdrwxr-xr-x 17 root wheel 512 Jun 14 14:05 ../
@@ -361,7 +366,7 @@ XNOTES FOR OTHER PLATFORMS:
X
XIf you're not that familiar with your other platform (i.e. you haven't
Xbuilt a chroot jail for a server on it) you may be better off
-Xfinding an OpenBSD machine to use. (and duplicating the example above)
+Xfinding an OpenBSD machine to use and duplicating the example above.
X
X**SunOS 5)
XBob Beck <Bob.Beck@ualberta.ca> has done this. E-mail for
@@ -394,7 +399,21 @@ END-of-README
echo x - anoncvssh.c
sed 's/^X//' >anoncvssh.c << 'END-of-anoncvssh.c'
X/*
-X * anoncvssh
+X * Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+X * Copyright (c) 1997 Bob Beck <beck@obtuse.com>
+X * Copyright (c) 1996 Thorsten Lockert <tholo@sigmasoft.com>
+X *
+X * Permission to use, copy, modify, and distribute this software for any
+X * purpose with or without fee is hereby granted, provided that the above
+X * copyright notice and this permission notice appear in all copies.
+X *
+X * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+X * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+X * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+X * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+X * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+X * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+X * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
X */
X
X#include <stdio.h>
@@ -596,7 +615,7 @@ X them, ntohs(peer_sa.sin_port),
X us, ntohs(my_sa.sin_port));
X#endif /* USE_SYSLOG */
X execle("/usr/bin/cvs", "cvs",
-X __CONCAT("--allow-root=",LOCALROOT), "pserver", NULL, env);
+X __CONCAT("--allow-root=",LOCALROOT), "pserver", (char *)NULL, env);
X perror("execle: cvs");
X fprintf(stderr, "unable to exec CVS pserver!\n");
X exit(1);
@@ -622,7 +641,7 @@ X#endif /* DEBUG */
X sleep(10);
X exit(0);
X }
-X execle("/usr/bin/cvs", "cvs", "server", NULL, env);
+X execle("/usr/bin/cvs", "cvs", "server", (char *)NULL, env);
X perror("execle: cvs");
X fprintf(stderr, "unable to exec CVS server!\n");
X exit(1);