From 986d637b38d0b1211a2c9a8c957498ed90d1b3ab Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Sat, 15 Nov 2003 22:19:25 +0000 Subject: NULL --> (char *)NULL in execle --- anoncvs.shar | 131 ++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 75 insertions(+), 56 deletions(-) diff --git a/anoncvs.shar b/anoncvs.shar index d7fb7a0..0f5d372 100644 --- a/anoncvs.shar +++ b/anoncvs.shar @@ -24,55 +24,55 @@ END-of-Makefile echo x - README sed 's/^X//' >README << 'END-of-README' X -X So, you want to run an anoncvs server. +X So, you want to run an anoncvs server. X X A summary of the steps you'll need to do is: X -X1) Find enough disk space to hold the anoncvs tree, and mount it in an +X1) Find enough disk space to hold the anoncvs tree, and mount it in an X appropriate place. X X2) Compile and install anoncvssh, the shell used for the anoncvs user. X ( If you aren't using OpenBSD you'll probably need to compile a sup -X client as well. The easier path is to use OpenBSD ;) +X client as well. The easier path is to use OpenBSD ;). X X3) Add the anoncvs user to the password file, with no password, and X anoncvssh as it's shell. Decide on a user that will run sup to maintain -X the archive (this is a different user, NOT the anoncvs user) +X the archive (this is a different user, NOT the anoncvs user). X X4) Make a home directory for the anoncvs user. The anoncvs user's X home directory is a chroot jail in which the anoncvssh processes X run when servicing anoncvs requests. The jail must contain the X cvs binary as well as whatever shared libraries and support files X are needed to run them unless you compile and link everything -X staticly. This example shows what is needed for OpenBSD. If you +X statically. This example shows what is needed for OpenBSD. If you X use another platform you'll need to be familiar with what needs X to go in a chroot jail for your platform. X X5) Get permission to use sup to obtain the cvs tree from a server. X -X6) Set up sup to retrieve the cvs tree from an appropriate place. +X6) Set up sup to retrieve the cvs tree from an appropriate place. X (If you aren't using OpenBSD you will need to compile and install X a sup client). X -X7) Run sup to retrieve the distribution from the server +X7) Run sup to retrieve the distribution from the server. X -X8) Once you get the distribution in, set up a cron job to run sup +X8) Once you get the distribution in, set up a cron job to run sup X periodically to keep your server up to date. X X********************************************************************** XSTEP 1) find enough disk space. -X You need roughly 1.6GB. +X You need roughly 2GB. X Mount it on /open. X If you are not able to mount it as /open, substitute it's location -X throughout the rest of this description. +X throughout the rest of this description. X X********************************************************************** -XSTEP 2) compile the anoncvssh binary -X In the Makefile, change the variable CVSROOT +XSTEP 2) compile the anoncvssh binary. +X In the Makefile, change the variable CVSROOT. X Install the binary setuid-root in /open/anoncvssh. X X********************************************************************** -XSTEP 3) Create the anoncvs account. and decide who will run "sup" +XSTEP 3) Create the anoncvs account and decide who will run "sup" X to maintain the archive. The anoncvs account should *NOT* be the one X running sup to maintain the archive. X @@ -80,13 +80,16 @@ Xcreate an account similar to: X X anoncvs::32766:32766:Anonymous CVS User:/open/anoncvs:/open/anoncvssh X -XYes, that is right. the account has no password. Be sure that the +XYes, that is right - the account has no password. Be sure that the Xuid and gid are unique for your system, if the ones above aren't, Xpick different values. -X -XDecide who will run sup to maintain the archive. call that user +X +XDecide who will run sup to maintain the archive. Call that user X$SUPUSER. Oh, and in case it hasn't been previously mentioned, -X$SUPUSER should *NOT* be the anoncvs user :) +X$SUPUSER should *NOT* be the anoncvs user :). +X +XSet "PermitEmptyPasswords yes" option in /etc/ssh/sshd_config and +Xrestart your sshd daemon. X X********************************************************************** XSTEP 4) Build the anoncvs user's home directory chroot jail. This @@ -106,7 +109,7 @@ X touch .hushlogin X touch .profile X XPut a message like the following in .plan: -X To use anonymous CVS install the latest version of CVS on your local +X To use anonymous CVS install the latest version of CVS on your local X machine. X Then set your CVSROOT environment variable to the following value: X anoncvs@anoncvs.openbsd.org:/cvs @@ -119,7 +122,7 @@ X XUsing mknod, make a dev/null that has the same major/minor numbers as X your /dev/null, and make it mode 666. X -XSome shared library systems require a dev/zero created in the same way +XSome shared library systems require a dev/zero created in the same way. X XFill etc space for the account X cp /etc/{group,hosts,passwd,protocols} etc/ @@ -127,16 +130,16 @@ X cp /etc/{pwd.db,resolv.conf,services,ttys} etc/ X modify these files to suit your idea of system security X Xanoncvssh (by setting the environment variable CVSREADONLYFS) uses -Xan tiny extension provided in the openbsd cvs server code which -Xpermits the use of read-only cvs repositories. therefore you MUST -Xcompile the openbsd version of cvs. luckily this is not a problem -Xon a non-openbsd machine since the cvs sources are imported verbatim -Xinto the openbsd tree. they are in gnu/usr.bin/cvs. The sources -Xare integrated such that Makefile.bsd-wrapper knows how to build +Xa tiny extension provided in the openbsd cvs server code which +Xpermits the use of read-only cvs repositories, therefore you MUST +Xcompile the openbsd version of cvs. Luckily this is not a problem +Xon a non-openbsd machine, since the cvs sources are imported verbatim +Xinto the openbsd tree. They are in gnu/usr.bin/cvs. The sources +Xare integrated in such way that Makefile.bsd-wrapper knows how to build Xthe sources on an OpenBSD machine, using obj directories. X XCreate tmp space for the account -X # cd var; ln -s ../tmp tmp +X # (cd var && ln -s ../tmp tmp) X # chmod a+rwx tmp X X # mkdir usr/{bin,lib} @@ -148,16 +151,18 @@ X # cp /usr/libexec/ld.so usr/libexec/ X XIf using shared libraries, use ldd to find out which shared libs you need: X # ldd /usr/bin/cvs -X /usr/bin/cvs: -X -lz.1 => /usr/lib/libz.so.1.4 (0x40097000) -X -lgssapi.1 => /usr/lib/libgssapi.so.1.0 (0x400a4000) -X -lkrb.10 => /usr/lib/libkrb.so.10.0 (0x400ae000) -X -lkrb5.4 => /usr/lib/libkrb5.so.4.0 (0x400c8000) -X -lasn1.2 => /usr/lib/libasn1.so.2.0 (0x400ff000) -X -lcrypto.6 => /usr/lib/libcrypto.so.6.0 (0x4011d000) -X -ldes.7 => /usr/lib/libdes.so.7.0 (0x40203000) -X -lkafs.10 => /usr/lib/libkafs.so.10.0 (0x4020d000) -X -lc.28 => /usr/lib/libc.so.28.5 (0x40210000) +X /usr/bin/cvs: +X Start End Type Ref Name +X 00000000 00000000 exe 1 /usr/bin/cvs +X 0015f000 20165000 rlib 1 /usr/lib/libz.so.2.0 +X 0016d000 20172000 rlib 1 /usr/lib/libgssapi.so.2.0 +X 0017f000 2018d000 rlib 1 /usr/lib/libkrb5.so.5.2 +X 00141000 20145000 rlib 1 /usr/lib/libasn1.so.3.1 +X 00089000 200ba000 rlib 1 /usr/lib/libcrypto.so.10.0 +X 00177000 2017c000 rlib 1 /usr/lib/libdes.so.8.0 +X 00169000 2016d000 rlib 1 /usr/lib/libcom_err.so.1.0 +X 00009000 20053000 rlib 1 /usr/lib/libc.so.30.0 +X 00002000 00002000 rtld 1 /usr/libexec/ld.so X X and then copy the required libraries to usr/lib/ X @@ -166,43 +171,43 @@ Xnot world writable (except dev/null). X XFor :pserver: support (optional) X - Create an entry in /etc/services -X cvspserver 2401/tcp # CVS client/server operations +X cvspserver 2401/tcp # CVS client/server operations X - Create an entry in /etc/inetd.conf -X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver +X cvspserver stream tcp nowait anoncvs /open/anoncvssh anoncvssh pserver X - Create a file /open/anoncvs/cvs/CVSROOT/passwd with the following entry -X anoncvs:AHDysQkJIubEc +X anoncvs:AHDysQkJIubEc X which would be a password of "anoncvs" (as per anoncvs.html) X - Create a file /open/anoncvs/cvs/CVSROOT/readers with a single entry: -X anoncvs +X anoncvs X which tells cvs that user "anoncvs" is allowed readonly access. X - Create a zero-length file /open/anoncvs/cvs/CVSROOT/writers since you don't X want anyone to be able to write to the mirror. -X % cp /dev/null /open/anoncvs/cvs/CVSROOT/writers +X % cp /dev/null /open/anoncvs/cvs/CVSROOT/writers X XSee the example layout below for full details. X X********************************************************************** -XSTEP 5): Get sup permission. +XSTEP 5): Get sup permission. Xsend mail to sup@openbsd.org X1) to have sup permissions granted on an appropriate machine for you X to sup from. We will need to know your host's real hostname and X IP address. -X2) to have an anoncvsN.COUNTRY.openbsd.org alias created +X2) to have an anoncvsN.COUNTRY.openbsd.org alias created. X3) to have your site mentioned in the http://www.openbsd.org page. X X********************************************************************** -XSTEP 6): Configure sup +XSTEP 6): Configure sup. X XIf you're running OpenBSD, you already have a sup client in X/usr/bin/sup. If not you may need to build it. On an IRIX or other XSYSV machine, ensure that your kernel does not allow a user to chown -Xa file to another user (You may have heard of this particular brand -Xof evil referred to as "chown giveaway"). this will cause sup to +Xa file to another user (you may have heard of this particular brand +Xof evil referred to as "chown giveaway"). This will cause sup to Xgive away the files to root before chmod'ing them readable. Xmichaels@openbsd.org knows how to fix this. X XThe file /open/anoncvs/sup/ss contains a line that tells sup where -Xto get the cvs tree from. it will normally contain: +Xto get the cvs tree from. It will normally contain: X X cvs host=anoncvs.ca.openbsd.org hostbase=/usr/OpenBSD base=/open/anoncvs delete X @@ -214,13 +219,13 @@ X cvs/CVSROOT/readers X cvs/CVSROOT/writers X cvs/CVSROOT/passwd X -Xif you ever fetch the file cvs/CVSROOT/history, delete it. it will +XIf you ever fetch the file cvs/CVSROOT/history, delete it. It will Xcause you problems. X X********************************************************************** -XSTEP 7): Run sup to retrieve the tree for the first time +XSTEP 7): Run sup to retrieve the tree for the first time. X -XLog in as or become the $SUPUSER, and run +XLog in as or become the $SUPUSER, and run X Xsup -v /open/anoncvs/sup/ss > /tmp/suplog &; tail -f /tmp/suplog X @@ -228,7 +233,7 @@ XIf you have sup permission, and have specified the correct host and Xhostbase in /open/anoncvs/sup/ss you should see a list of files start Xcoming in after a short while. Don't panic if nothing happens Ximmediately. Watch for errors (sup can timeout or die). If you can't -Xaccess files contact the sup server maintainer, If you get a timeout +Xaccess files contact the sup server maintainer. If you get a timeout Xor if sup dies you can restart and it should continue where it left off. X XIt can take a good while (and a couple of restarts) to obtain the @@ -256,7 +261,7 @@ X XExample layout for OpenBSD. In this example "deraadt" is the $SUPUSER. X X[eap open 5 ]> cd /open -X[eap open 6 ]> ls -alF +X[eap open 6 ]> ls -alF Xtotal 46 Xdrwxr-xr-x 7 root wheel 512 Feb 20 09:58 ./ Xdrwxr-xr-x 17 root wheel 512 Jun 14 14:05 ../ @@ -361,7 +366,7 @@ XNOTES FOR OTHER PLATFORMS: X XIf you're not that familiar with your other platform (i.e. you haven't Xbuilt a chroot jail for a server on it) you may be better off -Xfinding an OpenBSD machine to use. (and duplicating the example above) +Xfinding an OpenBSD machine to use and duplicating the example above. X X**SunOS 5) XBob Beck has done this. E-mail for @@ -394,7 +399,21 @@ END-of-README echo x - anoncvssh.c sed 's/^X//' >anoncvssh.c << 'END-of-anoncvssh.c' X/* -X * anoncvssh +X * Copyright (c) 2002 Todd C. Miller +X * Copyright (c) 1997 Bob Beck +X * Copyright (c) 1996 Thorsten Lockert +X * +X * Permission to use, copy, modify, and distribute this software for any +X * purpose with or without fee is hereby granted, provided that the above +X * copyright notice and this permission notice appear in all copies. +X * +X * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +X * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +X * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +X * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +X * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +X * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +X * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. X */ X X#include @@ -596,7 +615,7 @@ X them, ntohs(peer_sa.sin_port), X us, ntohs(my_sa.sin_port)); X#endif /* USE_SYSLOG */ X execle("/usr/bin/cvs", "cvs", -X __CONCAT("--allow-root=",LOCALROOT), "pserver", NULL, env); +X __CONCAT("--allow-root=",LOCALROOT), "pserver", (char *)NULL, env); X perror("execle: cvs"); X fprintf(stderr, "unable to exec CVS pserver!\n"); X exit(1); @@ -622,7 +641,7 @@ X#endif /* DEBUG */ X sleep(10); X exit(0); X } -X execle("/usr/bin/cvs", "cvs", "server", NULL, env); +X execle("/usr/bin/cvs", "cvs", "server", (char *)NULL, env); X perror("execle: cvs"); X fprintf(stderr, "unable to exec CVS server!\n"); X exit(1); -- cgit v1.2.3