--- rssh-2.1.1/Makefile.in 2003-07-20 15:27:29.000000000 -0400 +++ rssh-2.1.1/Makefile.in 2003-11-10 01:11:50.886512168 -0500 @@ -80,6 +80,7 @@ install_sh = @install_sh@ scp_path = @scp_path@ sftp_path = @sftp_path@ +cvs_path = @cvs_path@ static = @static@ AUTOMAKE_OPTIONS = nostdinc ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" --- rssh-2.1.1/configure 2003-07-20 15:27:28.000000000 -0400 +++ rssh-2.1.1/configure 2003-11-10 01:34:57.379733160 -0500 @@ -310,7 +310,7 @@ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE LN_S CPP EGREP LIBOBJS scp_path sftp_path static defcflags CHROOT_HELPER LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO AMTAR install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM AWK SET_MAKE CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path static defcflags CHROOT_HELPER LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -857,6 +857,7 @@ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-scp specify path to scp binary --with-sftp-server specify path to sftp-server binary + --with-cvs specify path to cvs binary Some influential environment variables: CC C compiler command @@ -4704,6 +4705,67 @@ echo "$as_me: WARNING: specified sftp-server binary does not exist" >&2;} fi +# Check for cvs binary + + +# Check whether --with-cvs or --without-cvs was given. +if test "${with_cvs+set}" = set; then + withval="$with_cvs" + cvs_path="$withval" +else + cvs_path="" +fi; + +# Extract the first word of "cvs", so it can be a program name with args. +set dummy cvs; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_cvs_path+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $cvs_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_cvs_path="$cvs_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_cvs_path="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +cvs_path=$ac_cv_path_cvs_path + +if test -n "$cvs_path"; then + echo "$as_me:$LINENO: result: $cvs_path" >&5 +echo "${ECHO_T}$cvs_path" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +if test -z "$cvs_path"; then + { { echo "$as_me:$LINENO: error: can't find cvs - please specify with --with-cvs" >&5 +echo "$as_me: error: can't find cvs - please specify with --with-cvs" >&2;} + { (exit 1); exit 1; }; } +fi + +if ! test -x "$cvs_path"; then + { echo "$as_me:$LINENO: WARNING: specified cvs binary does not exist" >&5 +echo "$as_me: WARNING: specified cvs binary does not exist" >&2;} +fi + # disable static configuration # Check whether --enable-static or --disable-static was given. @@ -5419,6 +5481,7 @@ s,@LIBOBJS@,$LIBOBJS,;t t s,@scp_path@,$scp_path,;t t s,@sftp_path@,$sftp_path,;t t +s,@cvs_path@,$cvs_path,;t t s,@static@,$static,;t t s,@defcflags@,$defcflags,;t t s,@CHROOT_HELPER@,$CHROOT_HELPER,;t t --- rssh-2.1.1/configure.ac 2003-07-20 11:28:36.000000000 -0400 +++ rssh-2.1.1/configure.ac 2003-11-10 01:21:32.605077504 -0500 @@ -115,6 +115,21 @@ AC_MSG_WARN([specified sftp-server binary does not exist]) fi +# Check for cvs binary + +AC_ARG_WITH(cvs, +[ --with-cvs specify path to cvs binary], +[cvs_path="$withval"], [cvs_path=""]) + +AC_PATH_PROG(cvs_path, cvs, [], []) +if test -z "$cvs_path"; then + AC_MSG_ERROR([can't find cvs - please specify with --with-cvs]) +fi + +if ! test -x "$cvs_path"; then + AC_MSG_WARN([specified cvs binary does not exist]) +fi + # disable static configuration AC_ARG_ENABLE(static, @@ -142,6 +157,7 @@ AC_SUBST(scp_path) AC_SUBST(sftp_path) +AC_SUBST(cvs_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) --- rssh-2.1.1/main.c.in 2003-07-02 12:44:23.000000000 -0400 +++ rssh-2.1.1/main.c.in 2003-11-10 00:45:44.100699816 -0500 @@ -189,6 +189,8 @@ argvec[1] = root; if ( !(strcmp(*cmd, PATH_SCP)) ) argvec[2] = "1"; + else if ( !(strcmp(*cmd, PATH_CVS)) ) + argvec[2] = "3"; else argvec[2] = "2"; if ( !(homedir = extract_root(root, uinfo.pw_dir)) ) --- rssh-2.1.1/pathnames.h.in 2003-02-13 01:20:32.000000000 -0500 +++ rssh-2.1.1/pathnames.h.in 2003-11-05 20:51:07.000000000 -0500 @@ -33,6 +33,7 @@ #define PATH_SFTP_SERVER "@sftp_path@" #define PATH_SCP "@scp_path@" +#define PATH_CVS "@cvs_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG --- rssh-2.1.1/rssh.conf 2003-07-07 13:35:31.000000000 -0400 +++ rssh-2.1.1/rssh.conf 2003-11-05 21:12:30.000000000 -0500 @@ -7,6 +7,7 @@ # users out completely... #allowscp #allowsftp +#allowcvs # set the default umask umask = 022 --- rssh-2.1.1/rssh.conf.5.in 2003-07-20 10:10:25.000000000 -0400 +++ rssh-2.1.1/rssh.conf.5.in 2003-11-10 01:09:45.937507304 -0500 @@ -35,6 +35,12 @@ Tells the shell that sftp is allowed. .RE .P +.B allowcvs +.RS +Tells the shell that cvs is allowed. +.RE +.P + .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is --- rssh-2.1.1/rssh.h 2003-07-06 09:08:46.000000000 -0400 +++ rssh-2.1.1/rssh.h 2003-11-05 20:39:42.000000000 -0500 @@ -43,6 +43,7 @@ #define RSSH_ALLOW_SCP (1 << 0) #define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_USE_CHROOT (1 << 2) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_USE_CHROOT (1 << 3) #endif /* _rssh_h */ --- rssh-2.1.1/rssh_chroot_helper.c 2003-06-07 00:29:39.000000000 -0400 +++ rssh-2.1.1/rssh_chroot_helper.c 2003-11-10 01:19:41.230009088 -0500 @@ -147,6 +147,9 @@ case 2: argv[3] = PATH_SFTP_SERVER; break; + case 3: + argv[3] = PATH_CVS; + break; default: log_msg("invalid command specified"); exit(2); --- rssh-2.1.1/rsshconf.c 2003-07-07 13:39:28.000000000 -0400 +++ rssh-2.1.1/rsshconf.c 2003-11-05 20:37:38.000000000 -0500 @@ -67,6 +67,7 @@ "#", /* start a comment */ "allowscp", "allowsftp", + "allowcvs", "chrootpath", "logfacility", "umask", @@ -92,6 +93,9 @@ int process_allow_sftp( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_cvs( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -184,22 +188,27 @@ if ( !(process_allow_sftp(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 3: + case 3: + /* allow cvs */ + if ( !(process_allow_cvs(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 4: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 4: + case 5: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 5: + case 6: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 6: + case 7: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -425,7 +434,27 @@ opts->shell_flags |= RSSH_ALLOW_SFTP; return TRUE; } - +/* + * process_allow_cvs() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, the + * line is ok, so opts are set to allow scp, and TRUE is + * returned. + */ +int process_allow_cvs( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + if ( !eat_comment(line) ){ + log_msg("line %d: syntax error parsing config file", lineno); + return FALSE; + } + log_set_priority(LOG_INFO); + log_msg("allowing cvs to all users"); + opts->shell_flags |= RSSH_ALLOW_CVS; + return TRUE; +} int process_chroot_path( ShellOptions_t *opts, const char *line, --- rssh-2.1.1/util.c 2003-07-07 14:41:29.000000000 -0400 +++ rssh-2.1.1/util.c 2003-11-10 00:41:47.011742816 -0500 @@ -105,13 +105,24 @@ log_set_priority(LOG_ERR); /* determine which commands are usable for error message */ - if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == - (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) ) - cmd = " to scp or sftp"; + if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP | RSSH_ALLOW_CVS)) == + (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP | RSSH_ALLOW_CVS) ) + cmd = " to scp, sftp or cvs"; + else if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == + (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) ) + cmd = " to scp or sftp"; + else if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_CVS)) == + (RSSH_ALLOW_SCP | RSSH_ALLOW_CVS) ) + cmd = " to scp or cvs"; + else if ( (flags & (RSSH_ALLOW_CVS | RSSH_ALLOW_SFTP)) == + (RSSH_ALLOW_CVS | RSSH_ALLOW_SFTP) ) + cmd = " to cvs or sftp"; else if ( flags & RSSH_ALLOW_SCP ) cmd = " to scp only"; else if ( flags & RSSH_ALLOW_SFTP ) cmd = " to sftp only"; + else if ( flags & RSSH_ALLOW_CVS ) + cmd = " to cvs only"; else cmd = ""; /* print error message to user and log attempt */ @@ -160,6 +171,12 @@ opts->shell_flags & RSSH_ALLOW_SCP ){ return PATH_SCP; } + if ( !(strncmp(cl, "cvs", len)) && + (isspace(cl[len])) && + opts->shell_flags & RSSH_ALLOW_CVS ){ + return PATH_CVS; + } + return NULL; }