From 5cb2e6250c26b63969e209b8bd3ab1a0fe3a95af Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Fri, 7 Dec 2012 16:14:37 -0800 Subject: Import rssh_2.3.4.orig.tar.gz [dgit import orig rssh_2.3.4.orig.tar.gz] --- AUTHORS | 1 + CHROOT | 237 ++ COPYING | 29 + ChangeLog | 131 + INSTALL | 89 + LICENSE | 27 + Makefile.am | 30 + Makefile.in | 743 ++++++ NEWS | 1 + README | 32 + SECURITY | 198 ++ TODO | 5 + aclocal.m4 | 862 +++++++ argvec.c | 135 + argvec.h | 37 + conf_convert.sh | 45 + config.h.in | 94 + configure | 6711 ++++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 211 ++ depcomp | 423 ++++ install-sh | 251 ++ log.c | 196 ++ log.h | 41 + main.c.in | 273 ++ missing | 336 +++ mkchroot.sh | 173 ++ mkinstalldirs | 99 + pathnames.h.in | 49 + rssh.1 | 315 +++ rssh.conf.5 | 160 ++ rssh.conf.5.in | 160 ++ rssh.conf.default | 51 + rssh.h | 51 + rssh.spec | 46 + rssh.spec.in | 46 + rssh_chroot_helper.c | 270 ++ rsshconf.c | 1065 ++++++++ rsshconf.h | 55 + util.c | 364 +++ util.h | 45 + 40 files changed, 14087 insertions(+) create mode 100644 AUTHORS create mode 100644 CHROOT create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 INSTALL create mode 100644 LICENSE create mode 100644 Makefile.am create mode 100644 Makefile.in create mode 100644 NEWS create mode 100644 README create mode 100644 SECURITY create mode 100644 TODO create mode 100644 aclocal.m4 create mode 100644 argvec.c create mode 100644 argvec.h create mode 100755 conf_convert.sh create mode 100644 config.h.in create mode 100755 configure create mode 100644 configure.ac create mode 100755 depcomp create mode 100755 install-sh create mode 100644 log.c create mode 100644 log.h create mode 100644 main.c.in create mode 100755 missing create mode 100755 mkchroot.sh create mode 100755 mkinstalldirs create mode 100644 pathnames.h.in create mode 100644 rssh.1 create mode 100644 rssh.conf.5 create mode 100644 rssh.conf.5.in create mode 100644 rssh.conf.default create mode 100644 rssh.h create mode 100644 rssh.spec create mode 100644 rssh.spec.in create mode 100644 rssh_chroot_helper.c create mode 100644 rsshconf.c create mode 100644 rsshconf.h create mode 100644 util.c create mode 100644 util.h diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..b9d6f87 --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Derek Martin < rssh-discuss at lists dot sourceforge dot net > diff --git a/CHROOT b/CHROOT new file mode 100644 index 0000000..e42f856 --- /dev/null +++ b/CHROOT @@ -0,0 +1,237 @@ +Setting up a chroot jail for rssh +--------------------------------- + +This document is intended to provide some hints for setting up a chroot jail +for rssh v2.1 and later. It is virtually impossible to provide exact +instructions for this, due to differences in things like the libraries on +different systems, whether or not the binaries are statically linked, etc. + +IMPORTANT NOTE ABOUT wordexp() IMPLEMENTATIONS: rssh requires a working +implementation of the wordexp() library function, specified by POSIX.2 (or +whatever they're calling it these days). A number of vendors ship a version +of wordexp() that execvp()'s the system shell in order to expand the +arguments. This means that if you are using such a platform, you'll need to +copy their system shell into the chroot jail, along with all the other +necessary files. The symptoms of this problem are: + + 1. When a user logs in, they immediately get "Connection closed." + 2. In the system logs, rssh reports "error expanding arguments for user ..." + +For Solaris 9, the required shell is /bin/ksh. For AIX 5.2, you need +/usr/bin/ksh93. FreeBSD also has this problem, but I don't know what the +default system shell is on FreeBSD. Other platforms will probably also +experience this problem. If you need help determining which shell to include, +try running rssh with strace or truss, whichever your system has. See the +relevant manpages for details. + +NOTE: There is now a shell script provided with rssh which should create +working chroot jails, at least on Red Hat linux systems, and probably on most +derivatives of Red Hat (like Fedora, etc.). It will probably also work with +other Linux distributions, and may work on other platforms, with some minor +modifications. + +N.B.: if you are not installing from the official Red Hat RPM provided on the +Sourceforge page, you may need to edit the script to modify some of the paths +before it will work for you. This includes cases where you are installing +from source. The script expects to find rssh_chroot_helper in /usr/libexec, +but installing from source may leave it elsewhere, depending on what options +you gave to the ./configure script. + +Even if you plan to use the script, please read the rest of this document so +that you understand what it is doing, in case things go wrong. To run the +script, you just need to give it the directory you want to use as your chroot +jail: + + /mkchroot.sh /my/chroot/jail + +There are a few other options, which will not be needed by most users. For +details, have a look at the shell script. It's pretty well commented, and +should be self-explanatory. + + +Setting up the jail manually +---------------------------- + +The important things to note about building a chroot jail is that you must +duplicate parts of the root file system: those parts containing the libraries +needed for whatever binaries you will be using, the configuration files for +those binaries, /etc/passwd, and possibly other things. So if your chroot +jail is /usr/chroot, you'll need to copy those items into the same locations +relative to /usr/chroot. For example, you will need to copy /etc/passwd to +/usr/chroot/etc/passwd. + +You will also need to copy the binaries for rssh_chroot_helper, scp, and +sftp-server into your chroot jail, in the same locations as they were +configured by rssh, but relative to the chroot jail. For example, by default +on Red Hat systems (my development platform), the binaries you need to use +rssh are usually installed in the following locations: + + /usr/bin/scp + /usr/libexec/openssh/sftp-server + /usr/local/bin/rssh_chroot_helper + +(assuming you did not specify a --prefix when you configured rssh). + +Presumably, rssh detected the scp and sftp-server binaries in those locations, +and will be looking for them in those locations, RELATIVE TO THE ROOT OF THE +CHROOT JAIL. So you will need to copy these files into the chroot jail: + + # cp /usr/bin/scp /usr/chroot/usr/bin/scp + # cp /usr/libexec/openssh/sftp-server /usr/chroot/usr/libexec/openssh/sftp-server + # cp /usr/local/bin/rssh_chroot_helper /usr/chroot/usr/local/bin/rssh_chroot_helper + +[Before you copy the files, you obviously need to create the directory +structure to copy them into.] + +Next, you will need copies of the libraries these programs are linked against. +This can be difficult to determine on some systems, which may require the use +of the ldd program, and/or the use of strace or truss. On Red Hat systems, +ldd shows that the following libraries are needed for scp: + + $ ldd `which scp` + libresolv.so.2 => /lib/libresolv.so.2 (0x40029000) + libutil.so.1 => /lib/libutil.so.1 (0x4003c000) + libz.so.1 => /usr/lib/libz.so.1 (0x4003f000) + libnsl.so.1 => /lib/libnsl.so.1 (0x4004d000) + libcrypto.so.2 => /lib/libcrypto.so.2 (0x40062000) + libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x40136000) + libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x40193000) + libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x401a4000) + libc.so.6 => /lib/i686/libc.so.6 (0x42000000) + libdl.so.2 => /lib/libdl.so.2 (0x401a6000) + /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) + +You need to copy each of these in turn into the chroot jail, or else rssh will +not be able to execv() the binary. The error message logged will likely be +something to the effect of "no such file or directory", in such a case. +Following our example above, you would use the following commands: + + # cp /lib/libresolv.so.2 /usr/chroot/lib/libresolv.so.2 + # cp /lib/libutil.so.1 /usr/chroot/lib/libutil.so.1 + # cp /usr/lib/libz.so.1 /usr/chroot/usr/lib/libz.so.1 + (etc.) + +You need to make sure that you do this for sftp-server as well, in case the +libraries required are different. If rssh is linked statically, you should not +need to worry about what libraries it is linked against. Otherwise, it may be +required. + +Note that the last two libraries in this example are used by the dynamic +linker. If any of the binaries in question are linked dynamically (and in +most cases, this will be true), you need to also copy any configuration files +for the dynamic linker into your chroot jail. On Linux, you want the files +/etc/ld.so* to be copied. + +Config files +------------ + +You should not need to copy the config file for rssh, since it will already be +done being read before the call to chroot(). You will likely need to copy +/etc/passwd, so that the system can identify the user using the program. Some +programs may fail if the user can not be identified. In my testing, scp +errored out if the username could not be determined. If you need to copy the +password file, the following will suffice. + + # cp /etc/passwd /usr/chroot/etc/passwd + +You probably will also need to copy the files related to the dynamic linker, +for example on Red Hat Linux: + + # cp /etc/ld.so* /usr/chroot/etc/ + + +Authentication concerns +----------------------- + +You may need to copy additional libraries, if your system depends upon them +for authentication. For example, in my testing, I needed to copy +/lib/libnss_files.so.? into the chroot jail. Without it, the scp command +failed, complaining that my user ID was an unknown user. If you use LDAP +authentication on the server, you will probably need to also copy +libnss_ldap.so.? into your chroot jail. Similar requirements likely exist for +other authentication methods... + + +Logging +------- + +On most systems, the syslog() library function works by writing messages into +a FIFO, such as for example /dev/log. Once the chroot() system call is +executed, the program will no longer have access to /dev/log. Many systems +have a syslogd that will allow you to specify additional FIFOs which syslogd +will listen to. On Linux systems, this is generally done with the -a option +to syslogd. In order for logging to continue to work properly once inside the +chroot jail, you will need to modify your start-up scripts to start syslog +with an additional FIFO inside the jail, something like this: + + /sbin/syslogd -a /usr/chroot/dev/log + +You will need to make sure the directory /usr/chroot/dev exists. + + +User details +------------ + +You probably want to have a home area inside the chroot jail, with home +directories for users inside the chroot. The /etc/passwd file should contain +the full path to the user's home directories. For example, if the user's home +directory is /usr/chroot/home/joe, then that is the directory that should be +specified in /etc/passwd. The directory specified in the copy of the passwd +file inside the chroot jail is not ever used, so it does not matter if you +change it to the path relative to the root of the chroot jail (i.e. /home/joe, +in this case). + +When it executes, rssh_chroot_helper will determine if the user's home +directory is contained within the chroot jail, and automatically put the user +in it if it is. If it is not, the helper program will leave the user in the +root of the chroot jail. You should take care to make sure that you are +getting the behavior that you want before putting a chrooted rssh into +production. + +Individual jails for different users +------------------------------------ + +Since v2.1, you are now able to specify the location of different chroot jails +for different users, whether or not to chroot individual users, etc. You +might be tempted to create individual jails for each different user, and you +can do that, BUT... it's probably a very bad idea. + +There are several reasons for this. First, it uses lots of disk space, +because you need to copy the libraries and such into each one (though in some +circumstances, you might be able to get away with creating hard links and/or +symbolic links -- maybe). Another reason is that in order to log chroot +activity, you need to create a socket for syslog to log to (i.e. /dev/log, see +above) in each of the chroot jails. However, the number of sockets syslog can +listen to is generally limited. On most Linux systems, that limit is a +maximum of 20, though it can be changed by editing the source code to syslogd. +On other platforms, this may not even be possible. So if you go with +individual chroot jails, you either need to be satisfied without logging for +most of your users, or recompile syslogd and manually configure it to open a +socket in each of your users' jails. And while I haven't done it, I suspect +creating large numbers of sockets for syslogd to listen to will make logging +to syslog somewhat painful. + +My recommendation is, if you really really really need individual chroot +jails, use them. But if you can, configure a single jail where the majority +of your users will live, but control their access carefully via file +permissions. Only provide separate jails for very sensitive or troublesome +users (or in the latter case, just disable their account and be done with +it... =8^) + +Conclusion +---------- + +Setting up a proper chroot jail can be difficult, and it is always a very +environment-specific operation. Because of this, I can not and will not +provide any sort of support for setting up chroot jails. However, there is a +mailing list for rssh, where you can ask questions. See the rssh homepage for +details. + +If you are having problems, make sure that you have logging set up properly, +if nothing else. Doing so will help you determine what kind of problems you +are experiencing, as error messages will be logged to syslog. + +Good luck! + +-DM + diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..32ecd35 --- /dev/null +++ b/COPYING @@ -0,0 +1,29 @@ +The following copyright applies to all source code in this software +distribution, unless expressly stated otherwise: + +Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). + +The software can be redistributed under the terms of the modified Berkely +software license, as follows: + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..853cd99 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,131 @@ +2.3.4 + - Fixed several problems with argument validation + - Added -Wall and cleaned up compiler output + - Installing rssh.conf as rssh.conf.default + +2.3.3 + + - Fixed escalation problem when not enough permission bits are specified. As a + side effect of this, you now MUST have a config file. + - Fixed the bug in rssh_chroot_helper where, if parsing the config file fails, + and logging is turned off, rssh_chroot_helper segfaults + +2.3.2 + + - fixed segfault due to checking the length of variables that I forgot to + remove from build_arg_vector() since the chroot root exploit fix in 2.3.0 + +2.3.1 + + - fixed stupid bug that caused rssh not to allow rsync and rdist + +2.3.0 + + - modified chroot_helper to parse the config file, to avoid arbitrary + chroot() (and thus root compromise) + - numerous documentation updates + - fix for va_start()/va_end()-related segfault on 64-bit architecture + - small bit of code cleanup + +2.2.3 + + - added checks for command execution arguments to scp, rdist, rsync + +2.2.2 + + - string formatting bug fixed in log.c + - small bug processing chroot path fixed in rsshconf.c + - -v now outputs pre-configured paths of important files + - extra debugging messages + - documentation updates for the wordexp() shell problem + +2.2.1 + + - added missing code for parsing per-user options + +2.2.0 + + - fixed a security hole where chrooted users could enumerate files outside + the jail + - fixed a bug handling sftp-server checking + - added support for cvs, rdist, and rsync + - documentation clarifications and updates. + - added conf_convert.sh to convert old rssh.conf files to new format + - added mkchroot.sh to set up a chroot jail (mostly for Red Hat systems) + - reversed the direction of the ChangeLog file... :) + +2.1.1 + + - updated build environment to facilitate building RPMs + +2.1.0 + + - added per-user configuration + - fixed a number of heretofore unnoticed bugs in the parser and elsewhere + - added examples to the config file + - updated documentation + +2.0.4 + + - fixed quote processing in config file parser + - fixed command line argvec building for args with spaces + - cleaned up a number of other little verbiage things, etc. + - changed default shell opts to allow only scp if config file doesn't exist + +2.0.3 + + - added SECURITY file to the distribution + - removed references to scpsh and sftpsh from README + - changed strcmp in main.c to use PATH_SCP rather than scp + - made rssh_chroot_helper check # of args, plus minor log mods to support + - minor fixes in CHROOT hints file + - actually called umask() to set the umask... + - added patches to configure.ac for compiling on non-GNU platforms + +2.0.2 + + - another bug with scp + +2.0.1 + + - fixed bug preventing scp from working + - documentation update for using chroot jails + - updated the INSTALL file with hints for Solaris + +2.0.0 + +Some code clean-up, and added config file, with support for: + + - setting default umask + - configuring whether scp and/or sftp are allowed + - setting the syslog facility to which to log + - support for chroot jails + +...and there was much rejoicing. All configuration options are currently +global. In the next major release of rssh, they will be configurable on a +per-user basis (which will override global settings). + +Added rssh_chroot_helper for (hopefully) implementing the chroot jail +securely. + +1.0.4 + +minor bug fix + +1.0.3 + +Uh, I forgot to update this, and I don't remember what I changed... ;-) + +1.0.2 + +Automake support + +1.0.1 + +Added support to configure to check for OpenSSH 3.5, and disables static +compilation if found + +1.0.0 + +Initial release version (non-beta) + diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..6a85252 --- /dev/null +++ b/INSTALL @@ -0,0 +1,89 @@ +rssh installation +----------------- + +If you are upgrading from a previous version of rssh, see the notes in the +last section of this file. Otherwise, to install rssh, the following steps +should suffice: + + $ ./configure + $ make + $ su root + # make install + +If you are already root, make install should suffice; however it is generally +considered bad practice to build software as root. To change where rssh is +installed, use the --prefix option to configure: + + $ ./configure --prefix=/var/rssh + +The configure script will look for the scp and sftp-server binaries in +common locations. If it does not find them, you must set the location manually +using the --with-scp and --with-sftp-server options, like so: + + $ ./configure --with-scp=/path/to/scp --with-sftp-server=/var/lib/sftp-server + +The program will not work properly if the paths for these executables is not +correct. If you are planning to use chroot jails, you need to make sure you +have copies of those binaries at the same configured locations, RELATIVE TO +THE ROOT OF THE CHROOT JAIL. See the file CHROOT for more information about +setting up a chroot jail. + + +STATIC vs. DYNAMIC LINKING +-------------------------- + +Because of the security implications mentioned in the file SECURITY, the +default is to compile rssh statically. Note however that this results in a +very large executable size. If you wish to use shared libraries with rssh, +you can do so by removing the -static from the variable CFLAGS in the first +few lines of the file Makefile. Warning: you should only do this if at least +one of the following is true: + + - you are using rssh with OpenSSH 3.5 or later and have disabled user + environment files + - you have made sure the users' home directories and .ssh director are + non-writable + - you don't care about your users' ability to circumvent rssh. + +Otherwise, your users will be able to execute arbitrary commands and gain +shell access to the system you are trying to restrict with rssh. + +Note that ./configure now detects if you have OpenSSH v3.5 installed, and if +so will use dynamic linking by default. However, it is still up to the system +administrator to be sure to use the PermitUserEnvironment=no option when +configuring sshd. Failing to do so will allow users to circumvent the +protections offered by rssh. + +SOLARIS USERS TAKE NOTE: Due to brain damage in Solaris's C libraries, it is +very difficult to build static binaries (of just about any program) on +Solaris, and even if you succeed, the binaries you build may not work. Make +sure you run the configure script with --disable-static to build dynamically +linked binaries. This implies that you should be running OpenSSH 3.5 or +later, with the option PermitUserEnvironment set to no, for security reasons. +See the file SECURITY and/or the rssh man page for more information. + + +Upgrading from a previous version of rssh +----------------------------------------- + +If you are upgrading to 2.2.x from a previous 2.x.x release, you should note +that the configuration file format has changed. A shell script is provided to +convert between the old format and the new format. The change in formats is +very minor; there are extra digits in the permissions field. The script +initializes any existing entries to all zeros for the new permissions fields. + +If your config file is /etc/rssh.conf, you can invoke the script simply like +this: + + # ./conf_convert.sh + +Otherwise, you must pass the location of the config file on the command line, +like so: + + # ./conf_convert.sh /usr/local/etc/rssh.conf + +The script will save a new copy of your config file with the necessary changes +into .NEW if it is successful. BE VERY CAREFUL! +Depending on if you do any strange quoting in your config file, the restulting +config file may not be usable. It should be fine for most users, however. + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2323109 --- /dev/null +++ b/LICENSE @@ -0,0 +1,27 @@ +/* + * Copyright 2003-2006 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..c5b1a8d --- /dev/null +++ b/Makefile.am @@ -0,0 +1,30 @@ +## Process this file with automake to produce Makefile.in +AUTOMAKE_OPTIONS = nostdinc +ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +ourflags = @defcflags@ @static@ +AM_CFLAGS = $(ourflags) +bin_PROGRAMS = rssh +libexec_PROGRAMS = rssh_chroot_helper +nodist_rssh_SOURCES = main.c pathnames.h config.h +rssh_SOURCES = rssh.h rsshconf.h rsshconf.c log.c log.h util.c util.h argvec.c argvec.h +rssh_chroot_helper_SOURCES = rssh_chroot_helper.c log.c log.h argvec.c argvec.h util.c util.h rsshconf.c rsshconf.h rssh.h +# This is different than PATH_RSSH_CONFIG; it is where the default gets +# installed, whereas PATH_RSSH_CONFIG is where rssh looks for the file. +dist_sysconf_DATA = rssh.conf.default +man_MANS = rssh.1 rssh.conf.5 +EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh +base=`echo @PACKAGE_STRING@|tr " " "-"` + +.c.o: + $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + +install-exec-hook: + chmod u+s $(libexecdir)/rssh_chroot_helper + +rpm: dist + rpmbuild -ta --sign $(base).tar.gz + cp /users/ddm/tmp/RPM/i386/$(base)-1.i386.rpm . + cp /users/ddm/tmp/RPM/$(base)-1.src.rpm . + gpg -ba --default-key ddm@pizzashack.org $(base).tar.gz + mv $(base).tar.gz.asc $(base).tar.gz.sig + diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..937e7ee --- /dev/null +++ b/Makefile.in @@ -0,0 +1,743 @@ +# Makefile.in generated by automake 1.9.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = . +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +bin_PROGRAMS = rssh$(EXEEXT) +libexec_PROGRAMS = rssh_chroot_helper$(EXEEXT) +subdir = . +DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \ + $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(srcdir)/config.h.in $(srcdir)/main.c.in \ + $(srcdir)/pathnames.h.in $(srcdir)/rssh.conf.5.in \ + $(srcdir)/rssh.spec.in $(top_srcdir)/configure AUTHORS COPYING \ + ChangeLog INSTALL NEWS TODO depcomp install-sh missing \ + mkinstalldirs +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno configure.status.lineno +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = main.c pathnames.h rssh.conf.5 rssh.spec +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \ + "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(sysconfdir)" +binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) +am_rssh_OBJECTS = rsshconf.$(OBJEXT) log.$(OBJEXT) util.$(OBJEXT) \ + argvec.$(OBJEXT) +nodist_rssh_OBJECTS = main.$(OBJEXT) +rssh_OBJECTS = $(am_rssh_OBJECTS) $(nodist_rssh_OBJECTS) +rssh_LDADD = $(LDADD) +am_rssh_chroot_helper_OBJECTS = rssh_chroot_helper.$(OBJEXT) \ + log.$(OBJEXT) argvec.$(OBJEXT) util.$(OBJEXT) \ + rsshconf.$(OBJEXT) +rssh_chroot_helper_OBJECTS = $(am_rssh_chroot_helper_OBJECTS) +rssh_chroot_helper_LDADD = $(LDADD) +DEFAULT_INCLUDES = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +SOURCES = $(rssh_SOURCES) $(nodist_rssh_SOURCES) \ + $(rssh_chroot_helper_SOURCES) +DIST_SOURCES = $(rssh_SOURCES) $(rssh_chroot_helper_SOURCES) +man1dir = $(mandir)/man1 +man5dir = $(mandir)/man5 +NROFF = nroff +MANS = $(man_MANS) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +dist_sysconfDATA_INSTALL = $(INSTALL_DATA) +DATA = $(dist_sysconf_DATA) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + { test ! -d $(distdir) \ + || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -fr $(distdir); }; } +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +distuninstallcheck_listfiles = find . -type f -print +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ +AMTAR = @AMTAR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHROOT_HELPER = @CHROOT_HELPER@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_STRIP = @ac_ct_STRIP@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +cvs_path = @cvs_path@ +datadir = @datadir@ +defcflags = @defcflags@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +rdist_path = @rdist_path@ +rsync_path = @rsync_path@ +sbindir = @sbindir@ +scp_path = @scp_path@ +sftp_path = @sftp_path@ +sharedstatedir = @sharedstatedir@ +static = @static@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +AUTOMAKE_OPTIONS = nostdinc +ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +ourflags = @defcflags@ @static@ +AM_CFLAGS = $(ourflags) +nodist_rssh_SOURCES = main.c pathnames.h config.h +rssh_SOURCES = rssh.h rsshconf.h rsshconf.c log.c log.h util.c util.h argvec.c argvec.h +rssh_chroot_helper_SOURCES = rssh_chroot_helper.c log.c log.h argvec.c argvec.h util.c util.h rsshconf.c rsshconf.h rssh.h +# This is different than PATH_RSSH_CONFIG; it is where the default gets +# installed, whereas PATH_RSSH_CONFIG is where rssh looks for the file. +dist_sysconf_DATA = rssh.conf.default +man_MANS = rssh.1 rssh.conf.5 +EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh +base = `echo @PACKAGE_STRING@|tr " " "-"` +all: config.h + $(MAKE) $(AM_MAKEFLAGS) all-am + +.SUFFIXES: +.SUFFIXES: .c .o .obj +am--refresh: + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \ + cd $(srcdir) && $(AUTOMAKE) --gnu \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) + +config.h: stamp-h1 + @if test ! -f $@; then \ + rm -f stamp-h1; \ + $(MAKE) stamp-h1; \ + else :; fi + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status config.h +$(srcdir)/config.h.in: $(am__configure_deps) + cd $(top_srcdir) && $(AUTOHEADER) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 +main.c: $(top_builddir)/config.status $(srcdir)/main.c.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +pathnames.h: $(top_builddir)/config.status $(srcdir)/pathnames.h.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +rssh.conf.5: $(top_builddir)/config.status $(srcdir)/rssh.conf.5.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +rssh.spec: $(top_builddir)/config.status $(srcdir)/rssh.spec.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)" + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + if test -f $$p \ + ; then \ + f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ + $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ + rm -f "$(DESTDIR)$(bindir)/$$f"; \ + done + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)" + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + if test -f $$p \ + ; then \ + f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " $(INSTALL_PROGRAM_ENV) $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ + $(INSTALL_PROGRAM_ENV) $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ + else :; fi; \ + done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ + rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ + done + +clean-libexecPROGRAMS: + -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) +rssh$(EXEEXT): $(rssh_OBJECTS) $(rssh_DEPENDENCIES) + @rm -f rssh$(EXEEXT) + $(LINK) $(rssh_LDFLAGS) $(rssh_OBJECTS) $(rssh_LDADD) $(LIBS) +rssh_chroot_helper$(EXEEXT): $(rssh_chroot_helper_OBJECTS) $(rssh_chroot_helper_DEPENDENCIES) + @rm -f rssh_chroot_helper$(EXEEXT) + $(LINK) $(rssh_chroot_helper_LDFLAGS) $(rssh_chroot_helper_OBJECTS) $(rssh_chroot_helper_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/argvec.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rssh_chroot_helper.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsshconf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@ + +.c.obj: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +uninstall-info-am: +install-man1: $(man1_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man1dir)" || $(mkdir_p) "$(DESTDIR)$(man1dir)" + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 1*) ;; \ + *) ext='1' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ + done +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 1*) ;; \ + *) ext='1' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ + done +install-man5: $(man5_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man5dir)" || $(mkdir_p) "$(DESTDIR)$(man5dir)" + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.5*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 5*) ;; \ + *) ext='5' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ + done +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.5*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 5*) ;; \ + *) ext='5' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ + done +install-dist_sysconfDATA: $(dist_sysconf_DATA) + @$(NORMAL_INSTALL) + test -z "$(sysconfdir)" || $(mkdir_p) "$(DESTDIR)$(sysconfdir)" + @list='$(dist_sysconf_DATA)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + f=$(am__strip_dir) \ + echo " $(dist_sysconfDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(sysconfdir)/$$f'"; \ + $(dist_sysconfDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(sysconfdir)/$$f"; \ + done + +uninstall-dist_sysconfDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_sysconf_DATA)'; for p in $$list; do \ + f=$(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(sysconfdir)/$$f'"; \ + rm -f "$(DESTDIR)$(sysconfdir)/$$f"; \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + $(am__remove_distdir) + mkdir $(distdir) + $(mkdir_p) $(distdir)/. + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + -find $(distdir) -type d ! -perm -755 -exec chmod a+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r $(distdir) +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 + $(am__remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__remove_distdir) + +dist dist-all: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir); chmod a+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst + chmod a-w $(distdir) + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && cd $(distdir)/_build \ + && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck + $(am__remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}' +distuninstallcheck: + @cd $(distuninstallcheck_dir) \ + && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(MANS) $(DATA) config.h +installdirs: + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(sysconfdir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-hdr distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-man + +install-exec-am: install-binPROGRAMS install-dist_sysconfDATA \ + install-libexecPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-info: install-info-am + +install-man: install-man1 install-man5 + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS uninstall-dist_sysconfDATA \ + uninstall-info-am uninstall-libexecPROGRAMS uninstall-man + +uninstall-man: uninstall-man1 uninstall-man5 + +.PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \ + clean-binPROGRAMS clean-generic clean-libexecPROGRAMS ctags \ + dist dist-all dist-bzip2 dist-gzip dist-shar dist-tarZ \ + dist-zip distcheck distclean distclean-compile \ + distclean-generic distclean-hdr distclean-tags distcleancheck \ + distdir distuninstallcheck dvi dvi-am html html-am info \ + info-am install install-am install-binPROGRAMS install-data \ + install-data-am install-dist_sysconfDATA install-exec \ + install-exec-am install-exec-hook install-info install-info-am \ + install-libexecPROGRAMS install-man install-man1 install-man5 \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-dist_sysconfDATA uninstall-info-am \ + uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \ + uninstall-man5 + + +.c.o: + $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + +install-exec-hook: + chmod u+s $(libexecdir)/rssh_chroot_helper + +rpm: dist + rpmbuild -ta --sign $(base).tar.gz + cp /users/ddm/tmp/RPM/i386/$(base)-1.i386.rpm . + cp /users/ddm/tmp/RPM/$(base)-1.src.rpm . + gpg -ba --default-key ddm@pizzashack.org $(base).tar.gz + mv $(base).tar.gz.asc $(base).tar.gz.sig +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..2efa1b7 --- /dev/null +++ b/NEWS @@ -0,0 +1 @@ +Automake's insistance on the existence of this file is very lame. diff --git a/README b/README new file mode 100644 index 0000000..c82c4cb --- /dev/null +++ b/README @@ -0,0 +1,32 @@ +rssh readme +----------- + +rssh is written and maintained by Derek D. Martin. Please do not e-mail me +directly with questions about rssh. Instead, please post them on the mailing +list. YOU MUST SIGN UP FOR THE MAILING LIST TO POST. Information about +signing up for the mailing list can be found at the rssh homepage. Please +note that e-mail sent directly to me will most likely be filtered into my spam +mailbox and deleted without being read. + +The purpose of rssh is to allow system administrators to restrict ssh access +to a particular host. It can be used to provide scp access, sftp access, or +both, and now also cvs, rdist, and rsync. Formerly, this was done based on +the name of the shell binary (or symlink to it), but is now done via config +file. + +IMPORTANT: If you do not want your users to be able to circumvent rssh, read the +security notes in the file SECURITY, and note the section about linking in the +file INSTALL. + +BEFORE YOU E-MAIL ME WITH QUESTIONS, Be sure to THOROUGHLY read the following +files: README, INSTALL, CHROOT, SECURITY. Also THOROUGHLY read the man pages +for rssh(1), and rssh.conf(5). Finally, if you are still having problems, +read the FAQ at http://www.pizzashack.org/rssh/faq.shtml. If it is clear to +me that you have not read these documents, I will ignore you. In most cases, +these documents will already have everything you need to get rssh working, and +I won't be able to explain it any better on a mailing list than I did in those +documents... + +For instructions on how to install rssh, see the file INSTALL. For more +information about using chroot jails with rssh, see the file CHROOT. + diff --git a/SECURITY b/SECURITY new file mode 100644 index 0000000..98c1e43 --- /dev/null +++ b/SECURITY @@ -0,0 +1,198 @@ +SECURITY +-------- + +Please note: The man page now has detailed information about security concerns +and some tips for setting up rssh securely. If you haven't read these, please +do so now. What follows is mostly a summary of specific security issues which +have affected rssh since I started developing it. + +Nov 27, 2005 + +Max Vozeler reported a scary problem whereby rssh_chroot_helper can be +exploited to chroot to arbitrary directories and thereby gain root access. +The 2.3.0 release of rssh fixes this problem by forcing the chroot helper +program to re-parse the config file instead of allowing the chroot home to be +specified on the command line. Thus users not listed can not use it to chroot +(or will chroot to the default location, which hopefully the sysadmin has set +up securely), and users who are listed will be chrooted to the directories +where they are supposed to go only. + +Numerous people reported a problem with the way I used va_start/va_end in +log.c which causes a segfault on 64-bit Linux platforms. I don't know if this +is exploitable, but it's fixed. Given the previously mentioned root +compromise, this probably doesn't matter much... ;-) + +Dec 3, 2004 + +Jason Wies has reported a problem whereby rssh can be bypassed in conjunction +with scp, rdist, and rsync. The source of the problem is that these commands +have command-line options which trigger execution of arbitrary programs. + +The 2.2.3 release of rssh fixes this problem, by parsing the command line +passed to the exec()'d program, making sure it does not contain command line +options which allow arbitrary execution of programs. + + +Oct 23, 2004 + +Florian Schilhabel has identified a format string bug which can allow an +attacker to run arbitrary code from an account configured to use rssh. In +general the risk is low, as in most cases the user can only compromise their +own account. The risk is mittigated by the fact that before this bug can be +exploited, the user must log in successfully through ssh. This means that +either the user is known, or that the system is already compromised. + +However, on some older systems with broken implementations of the setuid() +family of functions, a root compromise may be possible with certain +configurations of rssh. Specifically, if rssh is configured to use a chroot +jail, it will exec() rssh_chroot_helper, which must be setuid root in order to +call chroot(). Normally, rssh_chroot_helper calls setuid(getuid()) and drops +privileges before any of the logging functions are called, making a root +compromise impossible on most systems. However, some older systems which +handle saved UIDs improperly may be vulnerable to a root compromise. Linux in +particular is not vulnerable to this, nor should modern POSIX-compliant Unix +variants be. POSIX defines that the setuid() system call will set all UIDs +(UID, saved UID, and effective UID) the specified UID if it is called with +root privileges. Therefore in general, a root compromise is not possible, and +I am not specifically aware of any systems on which one is possible. + +The 2.2.2 release of rssh fixes this string format vulnerability. I have also +gone over the code to make sure that no other such vulnerabilities exist. In +addition to fixing this problem, rssh contains some new code to help identify +certain problems for debugging problems when rssh fails. Additional logging +of error conditions is performed. + +May 22, 2004 + +There is a bug in rssh 2.0 - 2.1.x which allows a user to gather +information outside of a chrooted jail unintentionally. It was reported by +William McCaw, to whom I am thankful. The latest release of rssh fixes this +problem, and also improves support for some non-openssh sftp clients. +Additionally, it extends rssh by allowing cvs, rsync, and rdist. + +The cause of the problem identified by Mr. McCaw is that rssh expanded +command-line arguments prior to entering the chroot jail. This bug +DOES NOT allow a user to access any of the files outside the jail, but +can allow them to discover what files are in a directory which is +outside the jail, if their credentials on the server would normally +allow them read/execute access in the specified directory. + +For example (from William's bug report), if a user has an account on a +server machine which restricts them into a jail using rssh, the +user can use the following command to access the server and see what +files exist in the /etc directory: + + scp target:/etc/* . + +The results of this command will look something like this: + + scp: /etc/DIR_COLORS: No such file or directory + scp: /etc/HOSTNAME: No such file or directory + scp: /etc/X11: No such file or directory + scp: /etc/adjtime: No such file or directory + [ ... ] + ld.so.cache 100% 675 0.0KB/s 00:00 + ld.so.conf 100% 0 0.0KB/s 00:00 + [ ... ] + passwd 100% 51 0.0KB/s 00:00 + [ ... ] + scp: /etc/termcap-Linux: No such file or directory + scp: /etc/updatedb.conf: No such file or directory + scp: /etc/warnquota.conf-sample: No such file or directory + scp: /etc/xml: No such file or directory + +The files which succeed in copying exist inside the chroot jail, and +thus should be harmless. All of the files which produce an error +message exist in the system's /etc directory, but do not exist inside +the chroot jail. The user is placed in the jail before access to any +of these files is attempted, so again, it is not possible to access +them. For many sites, this is not a serious issue. However if it is +important at your site that users not be able to know about any files +which exist outside the chroot jail, then you should upgrade as soon +as possible. + +The 2.2.0 release of rssh fixed the problem in question, but was +mistakenly released missing some code for parsing per-user options. +The 2.2.1 release corrects that problem, and should be the final +release of rssh. No further development is planned. + + +Aug 22 2002 + + 1. Summary + 2. Details + +Summary +------- + +If you are using OpenSSH >= 3.5, you can edit sshd_config to be sure that +PermitUserEnvironment=no appears in the file and is not commented out, and +then ignore the rest of this file (well, read it anyway, so you understand the +issues). This option did not exist prior to OpenSSH 3.5, so if you're using +and older version, the rest of this definitely applies to you! + +The details of the problem, including a description of how a user might +exploit the problem, are discussed below. It is currently not completely +possible to prevent users from circumventing rssh to gain access to the +restricted system, unless one of two precautions is taken: + + * the rssh binary is compiled statically + * efforts are made to prevent the restricted users' environment files from + being user-modifiable + +In practice, the latter means that an rssh user's home directory must not be +writable to the user, nor must their .ssh directory (if it exists) be +writable. It is not sufficient to limit the .ssh directory, as users could use +sftp to remove or rename the .ssh directory, and create a new one which is +writable by them. Note that this means they can not own their home directory +either, as if they do they can use sftp to chmod it. Alternately on Linux +systems using file systems which support the chattr command, you could chattr ++i the .ssh directory. + +For this reason, as of rssh v0.9.3, the binary is compiled statically by +default. Note that this results in a very large binary (>400k), unlike when +rssh is compiled and linked dynamically. You can override static compilation +by removing the -static flag from the CFLAGS macro in Makefile (after +configure is run); however this is only recommended for sites who basically +trust their users, or aren't concerned about the possibility of advanced users +gaining shell access to the host on which access has been restricted via rssh. +Future versions of rssh will include an option to configure to enable/disable +static compilation explicitly, so editing the makefile will not be necessary. + +Details +------- + +Please note, the flaw is not in rssh itself. The problem is that the OpenSSH +Project's sshd reads $HOME/.ssh/environment when a user first connects +(regardless of whether it's via ssh, scp, or sftp), allowing users to set +variables in their environment. A user could scp a file to that location +containing a line that sets variables such as LD_LIBRARY_PATH and/or +LD_PRELOAD, allowing the user to cause binaries exec()'d by the sshd daemon to +be dynamically linked against libraries of their choosing. This means that +users can cause rssh itself to execute arbitrary code, and the only thing that +you can do to prevent this attack is to control users' environments, and make +absolutely sure they can not write to their .ssh directory. + +In OpenSSH 3.4 and before, there is no way to prevent user environment files +from being sourced. As of 3.5, sshd has the option PermitUserEnvironment, +which should be set to no. + +Additionally, according to the sshd(8) man page from at least some releases of +OpenSSH, the commands listed in the $HOME/.ssh/rc file are executed with +/bin/sh instead of the user's defined shell. This appears not to be the case +on systems I had available to test on, despite the man page; commands were +executed using the user's configured shell (rssh), which did not allow the +execution. However if it is true on your system, then a malicious user may be +able to circumvent rssh by uploading a file to $HOME/.ssh/rc which will be +executed by /bin/sh on that system. + +I recommend that you upgrade to OpenSSH 3.5 as soon as it becomes available, +if you wish to use rssh without restricting ownerships and permissions of +users' home directories, and/or compiling statically. + +rssh is a small shell whose purpose is to restrict users to using scp +or sftp, and also provides the facilities to place users in a chroot +jail. It can also be used to lock users out of a system completely. +William F. McCaw identified a minor security flaw in rssh when used +with chroot jails. + diff --git a/TODO b/TODO new file mode 100644 index 0000000..40eda68 --- /dev/null +++ b/TODO @@ -0,0 +1,5 @@ +TODO: +---- + +Nothing! Finally, rssh is done! + diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 0000000..7d473d5 --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,862 @@ +# generated automatically by aclocal 1.9.6 -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005 Free Software Foundation, Inc. +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +# Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"]) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION so it can be traced. +# This function is AC_REQUIREd by AC_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], + [AM_AUTOMAKE_VERSION([1.9.6])]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to +# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is `.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[dnl Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50])dnl +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` +]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 7 + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ(2.52)dnl + ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE]) +AC_SUBST([$1_FALSE]) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 8 + +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "GCJ", or "OBJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +ifelse([$1], CC, [depcc="$CC" am_compiler_list=], + [$1], CXX, [depcc="$CXX" am_compiler_list=], + [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + case $depmode in + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + none) break ;; + esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. + if depmode=$depmode \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE(dependency-tracking, +[ --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH]) +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +#serial 3 + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`AS_DIRNAME("$mf")` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`AS_DIRNAME(["$file"])` + AS_MKDIR_P([$dirpart/$fdir]) + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done +done +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking +# is enabled. FIXME. This creates each `.P' file that we will +# need in order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) +]) + +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 8 + +# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS. +AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 12 + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.58])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +# test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && + test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) + AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) +AM_MISSING_PROG(AUTOCONF, autoconf) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) +AM_MISSING_PROG(AUTOHEADER, autoheader) +AM_MISSING_PROG(MAKEINFO, makeinfo) +AM_PROG_INSTALL_SH +AM_PROG_INSTALL_STRIP +AC_REQUIRE([AM_PROG_MKDIR_P])dnl +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl +]) +]) + + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $1 | $1:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +install_sh=${install_sh-"$am_aux_dir/install-sh"} +AC_SUBST(install_sh)]) + +# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 3 + +# AM_MAKE_INCLUDE() +# ----------------- +# Check to see how make treats includes. +AC_DEFUN([AM_MAKE_INCLUDE], +[am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo done +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +AC_MSG_CHECKING([for style of include used by $am_make]) +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# We grep out `Entering directory' and `Leaving directory' +# messages which can occur if `w' ends up in MAKEFLAGS. +# In particular we don't look at `^make:' because GNU make might +# be invoked under some other name (usually "gmake"), in which +# case it prints its new name instead of `make'. +if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then + am__include=include + am__quote= + _am_result=GNU +fi +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then + am__include=.include + am__quote="\"" + _am_result=BSD + fi +fi +AC_SUBST([am__include]) +AC_SUBST([am__quote]) +AC_MSG_RESULT([$_am_result]) +rm -f confinc confmf +]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it supports --run. +# If it does, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + AC_MSG_WARN([`missing' script is too old or missing]) +fi +]) + +# Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_MKDIR_P +# --------------- +# Check whether `mkdir -p' is supported, fallback to mkinstalldirs otherwise. +# +# Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories +# created by `make install' are always world readable, even if the +# installer happens to have an overly restrictive umask (e.g. 077). +# This was a mistake. There are at least two reasons why we must not +# use `-m 0755': +# - it causes special bits like SGID to be ignored, +# - it may be too restrictive (some setups expect 775 directories). +# +# Do not use -m 0755 and let people choose whatever they expect by +# setting umask. +# +# We cannot accept any implementation of `mkdir' that recognizes `-p'. +# Some implementations (such as Solaris 8's) are not thread-safe: if a +# parallel make tries to run `mkdir -p a/b' and `mkdir -p a/c' +# concurrently, both version can detect that a/ is missing, but only +# one can create it and the other will error out. Consequently we +# restrict ourselves to GNU make (using the --version option ensures +# this.) +AC_DEFUN([AM_PROG_MKDIR_P], +[if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then + # We used to keeping the `.' as first argument, in order to + # allow $(mkdir_p) to be used without argument. As in + # $(mkdir_p) $(somedir) + # where $(somedir) is conditionally defined. However this is wrong + # for two reasons: + # 1. if the package is installed by a user who cannot write `.' + # make install will fail, + # 2. the above comment should most certainly read + # $(mkdir_p) $(DESTDIR)$(somedir) + # so it does not work when $(somedir) is undefined and + # $(DESTDIR) is not. + # To support the latter case, we have to write + # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir), + # so the `.' trick is pointless. + mkdir_p='mkdir -p --' +else + # On NextStep and OpenStep, the `mkdir' command does not + # recognize any option. It will interpret all options as + # directories to create, and then abort because `.' already + # exists. + for d in ./-p ./--version; + do + test -d $d && rmdir $d + done + # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists. + if test -f "$ac_aux_dir/mkinstalldirs"; then + mkdir_p='$(mkinstalldirs)' + else + mkdir_p='$(install_sh) -d' + fi +fi +AC_SUBST([mkdir_p])]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 3 + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# ------------------------------ +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) + +# _AM_SET_OPTIONS(OPTIONS) +# ---------------------------------- +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftest.file +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftest.file` + fi + rm -f conftest.file + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT(yes)]) + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor `install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in `make install-strip', and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of `v7', `ustar', or `pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. +AM_MISSING_PROG([AMTAR], [tar]) +m4_if([$1], [v7], + [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], + [m4_case([$1], [ustar],, [pax],, + [m4_fatal([Unknown tar format])]) +AC_MSG_CHECKING([how to create a $1 tar archive]) +# Loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' +_am_tools=${am_cv_prog_tar_$1-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of `-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi +done +rm -rf conftest.dir + +AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) +AC_MSG_RESULT([$am_cv_prog_tar_$1])]) +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + diff --git a/argvec.c b/argvec.c new file mode 100644 index 0000000..0f42052 --- /dev/null +++ b/argvec.c @@ -0,0 +1,135 @@ +/* + * argvec.c - build_arg_vec() for rssh + * + * Copyright 2003-2005 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* SYSTEM INCLUDES */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ +#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_WORDEXP_H +#include +#endif /* HAVE_WORDEXP_H */ +#ifdef HAVE_SYSLOG_H +#include +#endif /* HAVE_SYSLOG_H */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif /* HAVE_SYS_TYPES_H */ +#ifdef HAVE_LIBGEN_H +#include +#endif /* HAVE_LIBGEN_H */ +#ifdef HAVE_STRING_H +#include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_ERRNO_H +#include +#endif /* HAVE_ERRNO_H */ + +/* LOCAL INCLUDES */ +#include "pathnames.h" +#include "rssh.h" +#include "log.h" +#include "rsshconf.h" + +extern char *progname; +extern char *username; + +/* + * build_arg_vector() - return a pointer to a vector of strings which + * represent the arguments of the command to execv(). + */ +char **build_arg_vector( char *str, size_t reserve ) +{ + + wordexp_t result; + int retc; +#ifdef WRDE_ERRNO + int errornum; + char *message; +#endif /* WRDE_ERRNO */ + + result.we_offs = reserve; + if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){ + log_set_priority(LOG_ERR); + switch( retc ){ + case WRDE_BADCHAR: + case WRDE_CMDSUB: + fprintf(stderr, "%s: bad characters in arguments\n", + progname); + log_msg("user %s usedbad chars in command", username); + break; +#ifdef WRDE_ERRNO + case WRDE_ERRNO: + errornum = errno; + fprintf(stderr, "%s: error expanding arguments\n", + progname); + log_msg("error expanding arguments for user %s", + username); + log_msg("wordexp() set errno to %d", errornum); + message = strdup(strerror(errno)); + log_msg(message); + break; +#endif /* WRDE_ERRNO */ + case WRDE_NOSPACE: + fprintf(stderr, "%s: wordexp() allocation failed\n", + progname); + log_msg("wordexp() allocation failed"); + break; + case WRDE_BADVAL: + fprintf(stderr, "%s: wordexp() bad value\n", + progname); + log_msg("wordexp() bad value"); + break; + case WRDE_SYNTAX: + fprintf(stderr, "%s: wordexp() bad syntax\n", + progname); + log_msg("wordexp() bad syntax"); + break; +#ifdef WRDE_NOSYS + case WRDE_NOSYS: + fprintf(stderr, "%s: wordexp() not supported\n", + progname); + log_msg("wordexp() not supported (shouldn't happen)"); + break; +#endif /* WRDE_NOSYS */ + default: + fprintf(stderr, "%s: error expanding arguments\n", + progname); + log_msg("error expanding arguments for user %s", + username); + log_msg("retc = %d (this shouldn't happen)", retc); + } + exit(1); + } + return result.we_wordv; +} + diff --git a/argvec.h b/argvec.h new file mode 100644 index 0000000..4445632 --- /dev/null +++ b/argvec.h @@ -0,0 +1,37 @@ +/* + * argvec.h - headers for argvec function for rssh + * + * Copyright 2005 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _argvec_h +#define _argvec_h + +#include "rsshconf.h" + +char **build_arg_vector( char *str, size_t reserve ); + +#endif /* _argvec_h */ diff --git a/conf_convert.sh b/conf_convert.sh new file mode 100755 index 0000000..fb0c999 --- /dev/null +++ b/conf_convert.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh +# version 2.2 format config files. + +if [ -z "$TMPDIR" ]; then + TMPDIR=/tmp +fi + +tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` +if [ ! -d "$tempdir" ]; then + echo "$0: unable to make temporary directory" + exit 1 +fi + +if [ "$#" != "0" ]; then + + while [ -n "$1" ]; do + + if [ ! -f "$1" ]; then + echo "$0: $1 does not exist. Skipping." >&2 + continue + fi + + sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" + + mv "$tempdir/tempconf" "$1.NEW" + shift + done + +else + if [ ! -f /etc/rssh.conf ]; then + echo "/etc/rssh.conf does not exist, and no parameters given." >&2 + exit 2 + fi + + sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" + + mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" + +fi + +rm -rf "$tempdir" + +exit 0 diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..b3d7a43 --- /dev/null +++ b/config.h.in @@ -0,0 +1,94 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define to 1 if you have the header file. */ +#undef HAVE_CTYPE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_ERRNO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the `gen' library (-lgen). */ +#undef HAVE_LIBGEN + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBGEN_H + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_PWD_H + +/* Define to 1 if `stat' has the bug that it succeeds when given the + zero-length file name argument. */ +#undef HAVE_STAT_EMPTY_STRING_BUG + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDARG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYSLOG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_WORDEXP_H + +/* Define to 1 if `lstat' dereferences a symlink specified with a trailing + slash. */ +#undef LSTAT_FOLLOWS_SLASHED_SYMLINK + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION + +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc diff --git a/configure b/configure new file mode 100755 index 0000000..b28f969 --- /dev/null +++ b/configure @@ -0,0 +1,6711 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.59 for rssh 2.3.4. +# +# Report bugs to . +# +# Copyright (C) 2003 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_config_libobj_dir=. +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +# Identity of this package. +PACKAGE_NAME='rssh' +PACKAGE_TARNAME='rssh' +PACKAGE_VERSION='2.3.4' +PACKAGE_STRING='rssh 2.3.4' +PACKAGE_BUGREPORT='rssh-discuss at lists dot sourceforge dot net' + +ac_unique_file="rssh.1" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#if HAVE_SYS_TYPES_H +# include +#endif +#if HAVE_SYS_STAT_H +# include +#endif +#if STDC_HEADERS +# include +# include +#else +# if HAVE_STDLIB_H +# include +# endif +#endif +#if HAVE_STRING_H +# if !STDC_HEADERS && HAVE_MEMORY_H +# include +# endif +# include +#endif +#if HAVE_STRINGS_H +# include +#endif +#if HAVE_INTTYPES_H +# include +#else +# if HAVE_STDINT_H +# include +# endif +#endif +#if HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path rdist_path rsync_path static defcflags CHROOT_HELPER LTLIBOBJS' +ac_subst_files='' + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +ac_prev= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_option in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_confdir=`(dirname "$0") 2>/dev/null || +$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$0" : 'X\(//\)[^/]' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$0" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } + else + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } + fi +fi +(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || + { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 + { (exit 1); exit 1; }; } +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures rssh 2.3.4 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data [PREFIX/share] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --infodir=DIR info documentation [PREFIX/info] + --mandir=DIR man documentation [PREFIX/man] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of rssh 2.3.4:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors + --enable-static enable static compilation [auto] + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-scp specify path to scp binary + --with-sftp-server specify path to sftp-server binary + --with-cvs specify path to cvs binary + --with-rdist specify path to rdist binary + --with-rsync specify path to rsync binary + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have + headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\_ACEOF +rssh configure 2.3.4 +generated by GNU Autoconf 2.59 + +Copyright (C) 2003 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit 0 +fi +exec 5>config.log +cat >&5 <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by rssh $as_me 2.3.4, which was +generated by GNU Autoconf 2.59. Invocation command line was + + $ $0 $@ + +_ACEOF +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + echo "PATH: $as_dir" +done + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_sep= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + # Get rid of the leading space. + ac_sep=" " + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Be sure not to use single quotes in there, as some shells, +# such as our DU 5.0 friend, will then `close' the trap. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------- ## +## Output files. ## +## ------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + sed "/^$/d" confdefs.h | sort + echo + fi + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" + echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core && + rm -rf conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:$LINENO: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi +else + { echo "$as_me:$LINENO: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + + + + + + + + + + + + + + + + + + + +am__api_version="1.9" +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f $ac_dir/shtool; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 +echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} + { (exit 1); exit 1; }; } +fi +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done + + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL=$ac_install_sh + fi +fi +echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo "$as_me:$LINENO: checking whether build environment is sane" >&5 +echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6 +# Just in case +sleep 1 +echo timestamp > conftest.file +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftest.file` + fi + rm -f conftest.file + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&5 +echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&2;} + { (exit 1); exit 1; }; } + fi + + test "$2" = conftest.file + ) +then + # Ok. + : +else + { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! +Check your system clock" >&5 +echo "$as_me: error: newly created file is older than distributed files! +Check your system clock" >&2;} + { (exit 1); exit 1; }; } +fi +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +test "$program_prefix" != NONE && + program_transform_name="s,^,$program_prefix,;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s,\$,$program_suffix,;$program_transform_name" +# Double any \ or $. echo might interpret backslashes. +# By default was `s,x,x', remove it if useless. +cat <<\_ACEOF >conftest.sed +s/[\\$]/&&/g;s/;s,x,x,$// +_ACEOF +program_transform_name=`echo $program_transform_name | sed -f conftest.sed` +rm conftest.sed + +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` + +test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5 +echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} +fi + +if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then + # We used to keeping the `.' as first argument, in order to + # allow $(mkdir_p) to be used without argument. As in + # $(mkdir_p) $(somedir) + # where $(somedir) is conditionally defined. However this is wrong + # for two reasons: + # 1. if the package is installed by a user who cannot write `.' + # make install will fail, + # 2. the above comment should most certainly read + # $(mkdir_p) $(DESTDIR)$(somedir) + # so it does not work when $(somedir) is undefined and + # $(DESTDIR) is not. + # To support the latter case, we have to write + # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir), + # so the `.' trick is pointless. + mkdir_p='mkdir -p --' +else + # On NextStep and OpenStep, the `mkdir' command does not + # recognize any option. It will interpret all options as + # directories to create, and then abort because `.' already + # exists. + for d in ./-p ./--version; + do + test -d $d && rmdir $d + done + # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists. + if test -f "$ac_aux_dir/mkinstalldirs"; then + mkdir_p='$(mkinstalldirs)' + else + mkdir_p='$(install_sh) -d' + fi +fi + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_AWK+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + echo "$as_me:$LINENO: result: $AWK" >&5 +echo "${ECHO_T}$AWK" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$AWK" && break +done + +echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.make <<\_ACEOF +all: + @echo 'ac_maketemp="$(MAKE)"' +_ACEOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftest.make +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + SET_MAKE= +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +# test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && + test -f $srcdir/config.status; then + { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 +echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} + { (exit 1); exit 1; }; } +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='rssh' + VERSION='2.3.4' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +install_sh=${install_sh-"$am_aux_dir/install-sh"} + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + echo "$as_me:$LINENO: result: $STRIP" >&5 +echo "${ECHO_T}$STRIP" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":" +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 +echo "${ECHO_T}$ac_ct_STRIP" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + STRIP=$ac_ct_STRIP +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" + +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +# Always define AMTAR for backward compatibility. + +AMTAR=${AMTAR-"${am_missing_run}tar"} + +am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' + + + + + + + ac_config_headers="$ac_config_headers config.h" + + ac_config_files="$ac_config_files Makefile main.c pathnames.h rssh.conf.5 rssh.spec" + + +# Checks for programs. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 + (eval $ac_compiler --version &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 + (eval $ac_compiler -v &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 + (eval $ac_compiler -V &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. + +# Be careful to initialize this variable, since it used to be cached. +# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. +ac_cv_exeext= +# b.out is created by i960 compilers. +for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) + ;; + conftest.$ac_ext ) + # This is the source file. + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool, + # but it would be cool to find out if it's true. Does anybody + # maintain Libtool? --akim. + export ac_cv_exeext + break;; + * ) + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +rm -f a.out a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:$LINENO: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:$LINENO: checking for suffix of executables" >&5 +echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:$LINENO: checking for suffix of object files" >&5 +echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_prog_cc_g=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +DEPDIR="${am__leading_dot}deps" + + ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo done +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5 +echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6 +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# We grep out `Entering directory' and `Leaving directory' +# messages which can occur if `w' ends up in MAKEFLAGS. +# In particular we don't look at `^make:' because GNU make might +# be invoked under some other name (usually "gmake"), in which +# case it prints its new name instead of `make'. +if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then + am__include=include + am__quote= + _am_result=GNU +fi +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then + am__include=.include + am__quote="\"" + _am_result=BSD + fi +fi + + +echo "$as_me:$LINENO: result: $_am_result" >&5 +echo "${ECHO_T}$_am_result" >&6 +rm -f confinc confmf + +# Check whether --enable-dependency-tracking or --disable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then + enableval="$enable_dependency_tracking" + +fi; +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi + + +if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + + +depcc="$CC" am_compiler_list= + +echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 +echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6 +if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + case $depmode in + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + none) break ;; + esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. + if depmode=$depmode \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5 +echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6 +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + + +if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done + + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL=$ac_install_sh + fi +fi +echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo "$as_me:$LINENO: checking whether ln -s works" >&5 +echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6 +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me:$LINENO: result: no, using $LN_S" >&5 +echo "${ECHO_T}no, using $LN_S" >&6 +fi + +echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.make <<\_ACEOF +all: + @echo 'ac_maketemp="$(MAKE)"' +_ACEOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftest.make +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + SET_MAKE= +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + echo "$as_me:$LINENO: result: $STRIP" >&5 +echo "${ECHO_T}$STRIP" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 +echo "${ECHO_T}$ac_ct_STRIP" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + STRIP=$ac_ct_STRIP +else + STRIP="$ac_cv_prog_STRIP" +fi + + +if test yes = "$GCC" ; then + defcflags="-O2 -Wall -Wshadow" +else + echo "Using default flags" +fi + +# Checks for libraries. + +# Checks for header files. + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +echo "$as_me:$LINENO: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +echo "$as_me:$LINENO: checking for egrep" >&5 +echo $ECHO_N "checking for egrep... $ECHO_C" >&6 +if test "${ac_cv_prog_egrep+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if echo a | (grep -E '(a|b)') >/dev/null 2>&1 + then ac_cv_prog_egrep='grep -E' + else ac_cv_prog_egrep='egrep' + fi +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 +echo "${ECHO_T}$ac_cv_prog_egrep" >&6 + EGREP=$ac_cv_prog_egrep + + +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + + + + + + + + + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Header=no" +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + + + + + + + +for ac_header in stdarg.h ctype.h syslog.h unistd.h errno.h libgen.h wordexp.h pwd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------------------------ ## +## Report this to rssh-discuss at lists dot sourceforge dot net ## +## ------------------------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +# Checks for typedefs, structures, and compiler characteristics. +echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 +echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6 +if test "${ac_cv_c_const+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +/* FIXME: Include the comments suggested by Paul. */ +#ifndef __cplusplus + /* Ultrix mips cc rejects this. */ + typedef int charset[2]; + const charset x; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *ccp; + char **p; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + ccp = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++ccp; + p = (char**) ccp; + ccp = (char const *const *) p; + { /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + } +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_const=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_c_const=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 +echo "${ECHO_T}$ac_cv_c_const" >&6 +if test $ac_cv_c_const = no; then + +cat >>confdefs.h <<\_ACEOF +#define const +_ACEOF + +fi + + +# Checks for library functions. + +for ac_header in stdlib.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------------------------ ## +## Report this to rssh-discuss at lists dot sourceforge dot net ## +## ------------------------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +echo "$as_me:$LINENO: checking for GNU libc compatible malloc" >&5 +echo $ECHO_N "checking for GNU libc compatible malloc... $ECHO_C" >&6 +if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_malloc_0_nonnull=no +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#if STDC_HEADERS || HAVE_STDLIB_H +# include +#else +char *malloc (); +#endif + +int +main () +{ +exit (malloc (0) ? 0 : 1); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_malloc_0_nonnull=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_malloc_0_nonnull" >&5 +echo "${ECHO_T}$ac_cv_func_malloc_0_nonnull" >&6 +if test $ac_cv_func_malloc_0_nonnull = yes; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_MALLOC 1 +_ACEOF + +else + cat >>confdefs.h <<\_ACEOF +#define HAVE_MALLOC 0 +_ACEOF + + case $LIBOBJS in + "malloc.$ac_objext" | \ + *" malloc.$ac_objext" | \ + "malloc.$ac_objext "* | \ + *" malloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS malloc.$ac_objext" ;; +esac + + +cat >>confdefs.h <<\_ACEOF +#define malloc rpl_malloc +_ACEOF + +fi + + + +echo "$as_me:$LINENO: checking whether lstat dereferences a symlink specified with a trailing slash" >&5 +echo $ECHO_N "checking whether lstat dereferences a symlink specified with a trailing slash... $ECHO_C" >&6 +if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + rm -f conftest.sym conftest.file +echo >conftest.file +if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then + if test "$cross_compiling" = yes; then + ac_cv_func_lstat_dereferences_slashed_symlink=no +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +struct stat sbuf; + /* Linux will dereference the symlink and fail. + That is better in the sense that it means we will not + have to compile and use the lstat wrapper. */ + exit (lstat ("conftest.sym/", &sbuf) ? 0 : 1); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_lstat_dereferences_slashed_symlink=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_lstat_dereferences_slashed_symlink=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +else + # If the `ln -s' command failed, then we probably don't even + # have an lstat function. + ac_cv_func_lstat_dereferences_slashed_symlink=no +fi +rm -f conftest.sym conftest.file + +fi +echo "$as_me:$LINENO: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5 +echo "${ECHO_T}$ac_cv_func_lstat_dereferences_slashed_symlink" >&6 + +test $ac_cv_func_lstat_dereferences_slashed_symlink = yes && + +cat >>confdefs.h <<_ACEOF +#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 +_ACEOF + + +if test $ac_cv_func_lstat_dereferences_slashed_symlink = no; then + case $LIBOBJS in + "lstat.$ac_objext" | \ + *" lstat.$ac_objext" | \ + "lstat.$ac_objext "* | \ + *" lstat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;; +esac + +fi + +echo "$as_me:$LINENO: checking whether stat accepts an empty string" >&5 +echo $ECHO_N "checking whether stat accepts an empty string... $ECHO_C" >&6 +if test "${ac_cv_func_stat_empty_string_bug+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_stat_empty_string_bug=yes +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +struct stat sbuf; + exit (stat ("", &sbuf) ? 1 : 0); + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_stat_empty_string_bug=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_stat_empty_string_bug=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_stat_empty_string_bug" >&5 +echo "${ECHO_T}$ac_cv_func_stat_empty_string_bug" >&6 +if test $ac_cv_func_stat_empty_string_bug = yes; then + case $LIBOBJS in + "stat.$ac_objext" | \ + *" stat.$ac_objext" | \ + "stat.$ac_objext "* | \ + *" stat.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS stat.$ac_objext" ;; +esac + + +cat >>confdefs.h <<_ACEOF +#define HAVE_STAT_EMPTY_STRING_BUG 1 +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for memset" >&5 +echo $ECHO_N "checking for memset... $ECHO_C" >&6 +if test "${ac_cv_func_memset+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define memset to an innocuous variant, in case declares memset. + For example, HP-UX 11i declares gettimeofday. */ +#define memset innocuous_memset + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char memset (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef memset + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char memset (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_memset) || defined (__stub___memset) +choke me +#else +char (*f) () = memset; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != memset; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_memset=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func_memset=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func_memset" >&5 +echo "${ECHO_T}$ac_cv_func_memset" >&6 +if test $ac_cv_func_memset = yes; then + : +else + { { echo "$as_me:$LINENO: error: +rssh needs memset() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&5 +echo "$as_me: error: +rssh needs memset() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&2;} + { (exit 1); exit 1; }; } +fi + +echo "$as_me:$LINENO: checking for strdup" >&5 +echo $ECHO_N "checking for strdup... $ECHO_C" >&6 +if test "${ac_cv_func_strdup+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define strdup to an innocuous variant, in case declares strdup. + For example, HP-UX 11i declares gettimeofday. */ +#define strdup innocuous_strdup + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char strdup (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef strdup + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char strdup (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_strdup) || defined (__stub___strdup) +choke me +#else +char (*f) () = strdup; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != strdup; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_strdup=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func_strdup=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func_strdup" >&5 +echo "${ECHO_T}$ac_cv_func_strdup" >&6 +if test $ac_cv_func_strdup = yes; then + : +else + { { echo "$as_me:$LINENO: error: +rssh needs strdup() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&5 +echo "$as_me: error: +rssh needs strdup() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&2;} + { (exit 1); exit 1; }; } +fi + +echo "$as_me:$LINENO: checking for strtol" >&5 +echo $ECHO_N "checking for strtol... $ECHO_C" >&6 +if test "${ac_cv_func_strtol+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define strtol to an innocuous variant, in case declares strtol. + For example, HP-UX 11i declares gettimeofday. */ +#define strtol innocuous_strtol + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char strtol (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef strtol + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char strtol (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_strtol) || defined (__stub___strtol) +choke me +#else +char (*f) () = strtol; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != strtol; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_strtol=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func_strtol=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func_strtol" >&5 +echo "${ECHO_T}$ac_cv_func_strtol" >&6 +if test $ac_cv_func_strtol = yes; then + : +else + { { echo "$as_me:$LINENO: error: +rssh needs strtol() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&5 +echo "$as_me: error: +rssh needs strtol() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&2;} + { (exit 1); exit 1; }; } +fi + +echo "$as_me:$LINENO: checking for strerror" >&5 +echo $ECHO_N "checking for strerror... $ECHO_C" >&6 +if test "${ac_cv_func_strerror+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define strerror to an innocuous variant, in case declares strerror. + For example, HP-UX 11i declares gettimeofday. */ +#define strerror innocuous_strerror + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char strerror (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef strerror + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char strerror (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_strerror) || defined (__stub___strerror) +choke me +#else +char (*f) () = strerror; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != strerror; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_strerror=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func_strerror=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func_strerror" >&5 +echo "${ECHO_T}$ac_cv_func_strerror" >&6 +if test $ac_cv_func_strerror = yes; then + : +else + { { echo "$as_me:$LINENO: error: +rssh needs strerror() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&5 +echo "$as_me: error: +rssh needs strerror() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&2;} + { (exit 1); exit 1; }; } +fi + +echo "$as_me:$LINENO: checking for wordexp" >&5 +echo $ECHO_N "checking for wordexp... $ECHO_C" >&6 +if test "${ac_cv_func_wordexp+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define wordexp to an innocuous variant, in case declares wordexp. + For example, HP-UX 11i declares gettimeofday. */ +#define wordexp innocuous_wordexp + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char wordexp (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef wordexp + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char wordexp (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_wordexp) || defined (__stub___wordexp) +choke me +#else +char (*f) () = wordexp; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != wordexp; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_wordexp=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func_wordexp=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func_wordexp" >&5 +echo "${ECHO_T}$ac_cv_func_wordexp" >&6 +if test $ac_cv_func_wordexp = yes; then + : +else + { { echo "$as_me:$LINENO: error: +rssh needs wordexp() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&5 +echo "$as_me: error: +rssh needs wordexp() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +" >&2;} + { (exit 1); exit 1; }; } +fi + + +echo "$as_me:$LINENO: checking for basename" >&5 +echo $ECHO_N "checking for basename... $ECHO_C" >&6 +if test "${ac_cv_func_basename+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define basename to an innocuous variant, in case declares basename. + For example, HP-UX 11i declares gettimeofday. */ +#define basename innocuous_basename + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char basename (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef basename + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char basename (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_basename) || defined (__stub___basename) +choke me +#else +char (*f) () = basename; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != basename; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_basename=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func_basename=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func_basename" >&5 +echo "${ECHO_T}$ac_cv_func_basename" >&6 +if test $ac_cv_func_basename = yes; then + : +else + +echo "$as_me:$LINENO: checking for basename in -lgen" >&5 +echo $ECHO_N "checking for basename in -lgen... $ECHO_C" >&6 +if test "${ac_cv_lib_gen_basename+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgen $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char basename (); +int +main () +{ +basename (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_gen_basename=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_gen_basename=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_gen_basename" >&5 +echo "${ECHO_T}$ac_cv_lib_gen_basename" >&6 +if test $ac_cv_lib_gen_basename = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBGEN 1 +_ACEOF + + LIBS="-lgen $LIBS" + +fi + +fi + + +###################### +# Checks for programs + +# check for OpenSSH version >= 3.5 + +echo "$as_me:$LINENO: checking for OpenSSH >= v3.5" >&5 +echo $ECHO_N "checking for OpenSSH >= v3.5... $ECHO_C" >&6 + +ssh_version=`ssh -V 2>&1 |cut -d '_' -f2 | cut -c 1-3` +ssh_major_version=`echo $ssh_version | cut -d'.' -f 1` +ssh_minor_version=`echo $ssh_version | cut -d'.' -f 2` + +# we MUST test to see if the version vars contain characters, as +# numeric comparison tests require that their arguments not be +# quoted. If they are empty, the test will result in a syntax error. +if test -n "$ssh_major_version" -a -n "$ssh_minor_version"; then + if test $ssh_major_version -gt 3; then + echo "$as_me:$LINENO: result: yes - v$ssh_version" >&5 +echo "${ECHO_T}yes - v$ssh_version" >&6 + good_ssh=yes + elif test $ssh_major_version -eq 3 -a $ssh_minor_version -ge 5; then + echo "$as_me:$LINENO: result: yes - v$ssh_version" >&5 +echo "${ECHO_T}yes - v$ssh_version" >&6 + good_ssh=yes + else + echo "$as_me:$LINENO: result: no - v$ssh_version" >&5 +echo "${ECHO_T}no - v$ssh_version" >&6 + good_ssh=no + fi +fi + +# Check for scp binary + + +# Check whether --with-scp or --without-scp was given. +if test "${with_scp+set}" = set; then + withval="$with_scp" + scp_path="$withval" +else + scp_path="" +fi; + +# Extract the first word of "scp", so it can be a program name with args. +set dummy scp; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_scp_path+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $scp_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_scp_path="$scp_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_scp_path="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +scp_path=$ac_cv_path_scp_path + +if test -n "$scp_path"; then + echo "$as_me:$LINENO: result: $scp_path" >&5 +echo "${ECHO_T}$scp_path" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +if test -z "$scp_path"; then + { { echo "$as_me:$LINENO: error: can't find scp - please specify with --with-scp" >&5 +echo "$as_me: error: can't find scp - please specify with --with-scp" >&2;} + { (exit 1); exit 1; }; } +fi + +if ! test -x "$scp_path"; then + { echo "$as_me:$LINENO: WARNING: specified scp binary does not exist" >&5 +echo "$as_me: WARNING: specified scp binary does not exist" >&2;} +fi + +# Check for sftp-server binary + + +# Check whether --with-sftp-server or --without-sftp-server was given. +if test "${with_sftp_server+set}" = set; then + withval="$with_sftp_server" + sftp_path="$withval" +else + sftp_path="" +fi; + +# Extract the first word of "sftp-server", so it can be a program name with args. +set dummy sftp-server; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_sftp_path+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $sftp_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_sftp_path="$sftp_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="/usr/libexec:/usr/libexec/openssh:/usr/local/libexec/openssh:/usr/lib/openssh:/usr/lib:/usr/local/libexec:/usr/lib/ssh" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_sftp_path="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +sftp_path=$ac_cv_path_sftp_path + +if test -n "$sftp_path"; then + echo "$as_me:$LINENO: result: $sftp_path" >&5 +echo "${ECHO_T}$sftp_path" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +if test -z "$sftp_path"; then + { { echo "$as_me:$LINENO: error: can't find sftp-server - please specify with --with-sftp-server" >&5 +echo "$as_me: error: can't find sftp-server - please specify with --with-sftp-server" >&2;} + { (exit 1); exit 1; }; } +fi + +if ! test -x "$sftp_path"; then + { echo "$as_me:$LINENO: WARNING: specified sftp-server binary does not exist" >&5 +echo "$as_me: WARNING: specified sftp-server binary does not exist" >&2;} +fi + + +# CVS, rdist, and rsync might not be installed. But we don't want to force +# the user to configure bogus paths, so default to /usr/bin/* + +# Check for cvs binary + + +# Check whether --with-cvs or --without-cvs was given. +if test "${with_cvs+set}" = set; then + withval="$with_cvs" + cvs_path="$withval" +else + cvs_path="" +fi; + +# Extract the first word of "cvs", so it can be a program name with args. +set dummy cvs; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_cvs_path+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $cvs_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_cvs_path="$cvs_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_cvs_path="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +cvs_path=$ac_cv_path_cvs_path + +if test -n "$cvs_path"; then + echo "$as_me:$LINENO: result: $cvs_path" >&5 +echo "${ECHO_T}$cvs_path" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +if test -z "$cvs_path"; then + { echo "$as_me:$LINENO: WARNING: can't find cvs - using /usr/bin/cvs. Use --with-cvs to override" >&5 +echo "$as_me: WARNING: can't find cvs - using /usr/bin/cvs. Use --with-cvs to override" >&2;} + cvs_path=/usr/bin/cvs +fi + +if ! test -x "$cvs_path"; then + { echo "$as_me:$LINENO: WARNING: specified cvs binary does not exist" >&5 +echo "$as_me: WARNING: specified cvs binary does not exist" >&2;} +fi + +# Check for rdist binary + + +# Check whether --with-rdist or --without-rdist was given. +if test "${with_rdist+set}" = set; then + withval="$with_rdist" + rdist_path="$withval" +else + rdist_path="" +fi; + +# Extract the first word of "rdist", so it can be a program name with args. +set dummy rdist; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_rdist_path+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $rdist_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_rdist_path="$rdist_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_rdist_path="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +rdist_path=$ac_cv_path_rdist_path + +if test -n "$rdist_path"; then + echo "$as_me:$LINENO: result: $rdist_path" >&5 +echo "${ECHO_T}$rdist_path" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +if test -z "$rdist_path"; then + { echo "$as_me:$LINENO: WARNING: can't find rdist - using /usr/bin/rdist. Use --with-rdist to override" >&5 +echo "$as_me: WARNING: can't find rdist - using /usr/bin/rdist. Use --with-rdist to override" >&2;} + rdist_path=/usr/bin/rdist +fi + +if ! test -x "$rdist_path"; then + { echo "$as_me:$LINENO: WARNING: specified rdist binary does not exist" >&5 +echo "$as_me: WARNING: specified rdist binary does not exist" >&2;} +fi + + +# Check for rsync binary + + +# Check whether --with-rsync or --without-rsync was given. +if test "${with_rsync+set}" = set; then + withval="$with_rsync" + rsync_path="$withval" +else + rsync_path="" +fi; + +# Extract the first word of "rsync", so it can be a program name with args. +set dummy rsync; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_rsync_path+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $rsync_path in + [\\/]* | ?:[\\/]*) + ac_cv_path_rsync_path="$rsync_path" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_rsync_path="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + ;; +esac +fi +rsync_path=$ac_cv_path_rsync_path + +if test -n "$rsync_path"; then + echo "$as_me:$LINENO: result: $rsync_path" >&5 +echo "${ECHO_T}$rsync_path" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +if test -z "$rsync_path"; then + { echo "$as_me:$LINENO: WARNING: can't find rsync - using /usr/bin/rsync. Use --with-rsync to override" >&5 +echo "$as_me: WARNING: can't find rsync - using /usr/bin/rsync. Use --with-rsync to override" >&2;} + rsync_path=/usr/bin/rsync +fi + +if ! test -x "$rsync_path"; then + { echo "$as_me:$LINENO: WARNING: specified rsync binary does not exist" >&5 +echo "$as_me: WARNING: specified rsync binary does not exist" >&2;} +fi + + +# disable static configuration + +# Check whether --enable-static or --disable-static was given. +if test "${enable_static+set}" = set; then + enableval="$enable_static" + static_set="yes" +else + static_unset="yes" +fi; + +echo "$as_me:$LINENO: checking static compilation" >&5 +echo $ECHO_N "checking static compilation... $ECHO_C" >&6 + +if test "$good_ssh" = "yes" -a "$static_set" != "yes"; then + echo "$as_me:$LINENO: result: secure SSH found - not compiling rssh statically" >&5 +echo "${ECHO_T}secure SSH found - not compiling rssh statically" >&6 +elif test "$enable_static" = "no" ; then + echo "$as_me:$LINENO: result: static compilation DISABLED by configure option" >&5 +echo "${ECHO_T}static compilation DISABLED by configure option" >&6 + { echo "$as_me:$LINENO: WARNING: dynamic compilation not reccomended - be sure this is what you want" >&5 +echo "$as_me: WARNING: dynamic compilation not reccomended - be sure this is what you want" >&2;} + +else + static="-static" + if test "$static_unset" = "yes"; then + echo "$as_me:$LINENO: result: static compilation ENABLED (detected old OpenSSH)" >&5 +echo "${ECHO_T}static compilation ENABLED (detected old OpenSSH)" >&6 + else + echo "$as_me:$LINENO: result: static compilation ENABLED by configure option" >&5 +echo "${ECHO_T}static compilation ENABLED by configure option" >&6 + fi +fi + +# Do variable substitutions + + + + + + + + + + + + + + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if diff $cache_file confcache >/dev/null 2>&1; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' +fi + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + +exec 6>&1 + +# Open the log real soon, to keep \$[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. Logging --version etc. is OK. +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX +} >&5 +cat >&5 <<_CSEOF + +This file was extended by rssh $as_me 2.3.4, which was +generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +_CSEOF +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 +echo >&5 +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\_ACEOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to ." +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +rssh config.status 2.3.4 +configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2003 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=$srcdir +INSTALL="$INSTALL" +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +# +# INIT-COMMANDS section. +# + +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + +_ACEOF + + + +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "main.c" ) CONFIG_FILES="$CONFIG_FILES main.c" ;; + "pathnames.h" ) CONFIG_FILES="$CONFIG_FILES pathnames.h" ;; + "rssh.conf.5" ) CONFIG_FILES="$CONFIG_FILES rssh.conf.5" ;; + "rssh.spec" ) CONFIG_FILES="$CONFIG_FILES rssh.spec" ;; + "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason to put it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@DEFS@,$DEFS,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@LIBS@,$LIBS,;t t +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t +s,@INSTALL_DATA@,$INSTALL_DATA,;t t +s,@CYGPATH_W@,$CYGPATH_W,;t t +s,@PACKAGE@,$PACKAGE,;t t +s,@VERSION@,$VERSION,;t t +s,@ACLOCAL@,$ACLOCAL,;t t +s,@AUTOCONF@,$AUTOCONF,;t t +s,@AUTOMAKE@,$AUTOMAKE,;t t +s,@AUTOHEADER@,$AUTOHEADER,;t t +s,@MAKEINFO@,$MAKEINFO,;t t +s,@install_sh@,$install_sh,;t t +s,@STRIP@,$STRIP,;t t +s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t +s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t +s,@mkdir_p@,$mkdir_p,;t t +s,@AWK@,$AWK,;t t +s,@SET_MAKE@,$SET_MAKE,;t t +s,@am__leading_dot@,$am__leading_dot,;t t +s,@AMTAR@,$AMTAR,;t t +s,@am__tar@,$am__tar,;t t +s,@am__untar@,$am__untar,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@DEPDIR@,$DEPDIR,;t t +s,@am__include@,$am__include,;t t +s,@am__quote@,$am__quote,;t t +s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t +s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t +s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t +s,@CCDEPMODE@,$CCDEPMODE,;t t +s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t +s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t +s,@LN_S@,$LN_S,;t t +s,@CPP@,$CPP,;t t +s,@EGREP@,$EGREP,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@scp_path@,$scp_path,;t t +s,@sftp_path@,$sftp_path,;t t +s,@cvs_path@,$cvs_path,;t t +s,@rdist_path@,$rdist_path,;t t +s,@rsync_path@,$rsync_path,;t t +s,@static@,$static,;t t +s,@defcflags@,$defcflags,;t t +s,@CHROOT_HELPER@,$CHROOT_HELPER,;t t +s,@LTLIBOBJS@,$LTLIBOBJS,;t t +CEOF + +_ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_builddir$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@abs_srcdir@,$ac_abs_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t +s,@builddir@,$ac_builddir,;t t +s,@abs_builddir@,$ac_abs_builddir,;t t +s,@top_builddir@,$ac_top_builddir,;t t +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +_ACEOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\_ACEOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +_ACEOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >>conftest.undefs <<\_ACEOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +_ACEOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # grep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.undefs >/dev/null +do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +# Compute $ac_file's index in $config_headers. +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $ac_file | $ac_file:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null || +$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X$ac_file : 'X\(//\)[^/]' \| \ + X$ac_file : 'X\(//\)$' \| \ + X$ac_file : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X$ac_file | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'`/stamp-h$_am_stamp_count +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_COMMANDS section. +# +for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue + ac_dest=`echo "$ac_file" | sed 's,:.*,,'` + ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_dir=`(dirname "$ac_dest") 2>/dev/null || +$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_dest" : 'X\(//\)[^/]' \| \ + X"$ac_dest" : 'X\(//\)$' \| \ + X"$ac_dest" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_dest" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 +echo "$as_me: executing $ac_dest commands" >&6;} + case $ac_dest in + depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`(dirname "$mf") 2>/dev/null || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`(dirname "$file") 2>/dev/null || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p $dirpart/$fdir + else + as_dir=$dirpart/$fdir + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5 +echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;} + { (exit 1); exit 1; }; }; } + + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done +done + ;; + esac +done +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..ab145b4 --- /dev/null +++ b/configure.ac @@ -0,0 +1,211 @@ +# rssh configure.ac, copyright 2003-2010 Derek D. Martin +# Process this file with autoconf to produce a configure script. +AC_INIT(rssh, 2.3.4, [rssh-discuss at lists dot sourceforge dot net]) +AM_INIT_AUTOMAKE +AC_CONFIG_SRCDIR([rssh.1]) +AM_CONFIG_HEADER([config.h]) +AC_CONFIG_FILES([Makefile main.c pathnames.h rssh.conf.5 rssh.spec]) + +# Checks for programs. +AC_PROG_CC +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_MAKE_SET +AC_CHECK_TOOL([STRIP],[strip]) + +if test yes = "$GCC" ; then + defcflags="-O2 -Wall -Wshadow" +else + echo "Using default flags" +fi + +# Checks for libraries. + +# Checks for header files. +AC_HEADER_STDC +AC_CHECK_HEADERS([stdarg.h ctype.h syslog.h unistd.h errno.h libgen.h wordexp.h pwd.h]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST + +# Checks for library functions. +AC_FUNC_MALLOC +AC_FUNC_STAT +AC_CHECK_FUNC(memset, [], [AC_MSG_ERROR([ +rssh needs memset() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +])]) +AC_CHECK_FUNC(strdup, [], [AC_MSG_ERROR([ +rssh needs strdup() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +])]) +AC_CHECK_FUNC(strtol, [], [AC_MSG_ERROR([ +rssh needs strtol() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +])]) +AC_CHECK_FUNC(strerror, [], [AC_MSG_ERROR([ +rssh needs strerror() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +])]) +AC_CHECK_FUNC(wordexp, [], [AC_MSG_ERROR([ +rssh needs wordexp() to compile, but it's not available on your system. +Please notify code at pizzashack dot org. +Thanks. +])]) + +AC_CHECK_FUNC(basename, , AC_CHECK_LIB(gen, basename)) + +###################### +# Checks for programs + +# check for OpenSSH version >= 3.5 + +AC_MSG_CHECKING([for OpenSSH >= v3.5]) + +ssh_version=`ssh -V 2>&1 |cut -d '_' -f2 | cut -c 1-3` +ssh_major_version=`echo $ssh_version | cut -d'.' -f 1` +ssh_minor_version=`echo $ssh_version | cut -d'.' -f 2` + +# we MUST test to see if the version vars contain characters, as +# numeric comparison tests require that their arguments not be +# quoted. If they are empty, the test will result in a syntax error. +if test -n "$ssh_major_version" -a -n "$ssh_minor_version"; then + if test $ssh_major_version -gt 3; then + AC_MSG_RESULT([yes - v$ssh_version]) + good_ssh=yes + elif test $ssh_major_version -eq 3 -a $ssh_minor_version -ge 5; then + AC_MSG_RESULT([yes - v$ssh_version]) + good_ssh=yes + else + AC_MSG_RESULT([no - v$ssh_version]) + good_ssh=no + fi +fi + +# Check for scp binary + +AC_ARG_WITH(scp, +[ --with-scp specify path to scp binary], +[scp_path="$withval"], [scp_path=""]) + +AC_PATH_PROG(scp_path, scp, [], []) +if test -z "$scp_path"; then + AC_MSG_ERROR([can't find scp - please specify with --with-scp]) +fi + +if ! test -x "$scp_path"; then + AC_MSG_WARN([specified scp binary does not exist]) +fi + +# Check for sftp-server binary + +AC_ARG_WITH(sftp-server, +[ --with-sftp-server specify path to sftp-server binary], +[sftp_path="$withval"], [sftp_path=""]) + +AC_PATH_PROG(sftp_path, sftp-server, [], [/usr/libexec:/usr/libexec/openssh:/usr/local/libexec/openssh:/usr/lib/openssh:/usr/lib:/usr/local/libexec:/usr/lib/ssh]) +if test -z "$sftp_path"; then + AC_MSG_ERROR([can't find sftp-server - please specify with --with-sftp-server]) +fi + +if ! test -x "$sftp_path"; then + AC_MSG_WARN([specified sftp-server binary does not exist]) +fi + + +# CVS, rdist, and rsync might not be installed. But we don't want to force +# the user to configure bogus paths, so default to /usr/bin/* + +# Check for cvs binary + +AC_ARG_WITH(cvs, +[ --with-cvs specify path to cvs binary], +[cvs_path="$withval"], [cvs_path=""]) + +AC_PATH_PROG(cvs_path, cvs, [], []) +if test -z "$cvs_path"; then + AC_MSG_WARN([can't find cvs - using /usr/bin/cvs. Use --with-cvs to override]) + cvs_path=/usr/bin/cvs +fi + +if ! test -x "$cvs_path"; then + AC_MSG_WARN([specified cvs binary does not exist]) +fi + +# Check for rdist binary + +AC_ARG_WITH(rdist, +[ --with-rdist specify path to rdist binary], +[rdist_path="$withval"], [rdist_path=""]) + +AC_PATH_PROG(rdist_path, rdist, [], []) +if test -z "$rdist_path"; then + AC_MSG_WARN([can't find rdist - using /usr/bin/rdist. Use --with-rdist to override]) + rdist_path=/usr/bin/rdist +fi + +if ! test -x "$rdist_path"; then + AC_MSG_WARN([specified rdist binary does not exist]) +fi + + +# Check for rsync binary + +AC_ARG_WITH(rsync, +[ --with-rsync specify path to rsync binary], +[rsync_path="$withval"], [rsync_path=""]) + +AC_PATH_PROG(rsync_path, rsync, [], []) +if test -z "$rsync_path"; then + AC_MSG_WARN([can't find rsync - using /usr/bin/rsync. Use --with-rsync to override]) + rsync_path=/usr/bin/rsync +fi + +if ! test -x "$rsync_path"; then + AC_MSG_WARN([specified rsync binary does not exist]) +fi + + +# disable static configuration + +AC_ARG_ENABLE(static, +[ --enable-static enable static compilation [[auto]]], +[static_set="yes"], [static_unset="yes"]) + +AC_MSG_CHECKING([static compilation]) + +if test "$good_ssh" = "yes" -a "$static_set" != "yes"; then + AC_MSG_RESULT([secure SSH found - not compiling rssh statically]) +elif test "$enable_static" = "no" ; then + AC_MSG_RESULT([static compilation DISABLED by configure option]) + AC_MSG_WARN([dynamic compilation not reccomended - be sure this is what you want]) + +else + static="-static" + if test "$static_unset" = "yes"; then + AC_MSG_RESULT([static compilation ENABLED (detected old OpenSSH)]) + else + AC_MSG_RESULT([static compilation ENABLED by configure option]) + fi +fi + +# Do variable substitutions + +AC_SUBST(scp_path) +AC_SUBST(sftp_path) +AC_SUBST(cvs_path) +AC_SUBST(rdist_path) +AC_SUBST(rsync_path) +AC_SUBST(prefix) +AC_SUBST(sysconfdir) +AC_SUBST(libexecdir) +AC_SUBST(PACKAGE_VERSION) +AC_SUBST(static) +AC_SUBST(defcflags) +AC_SUBST(CHROOT_HELPER) + +AC_OUTPUT diff --git a/depcomp b/depcomp new file mode 100755 index 0000000..807b991 --- /dev/null +++ b/depcomp @@ -0,0 +1,423 @@ +#! /bin/sh + +# depcomp - compile a program generating dependencies as side-effects +# Copyright 1999, 2000 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi +# `libtool' can also be set to `yes' or `no'. + +if test -z "$depfile"; then + base=`echo "$object" | sed -e 's,^.*/,,' -e 's,\.\([^.]*\)$,.P\1,'` + dir=`echo "$object" | sed 's,/.*$,/,'` + if test "$dir" = "$object"; then + dir= + fi + # FIXME: should be _deps on DOS. + depfile="$dir.deps/$base" +fi + +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. + "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +## The second -e expression handles DOS-style file names with drive letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the `deleted header file' problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. + tr ' ' ' +' < "$tmpdepfile" | +## Some versions of gcc put a space before the `:'. On the theory +## that the space means something, we add a space to the output as +## well. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like `#:fec' to the end of the + # dependency line. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ + tr ' +' ' ' >> $depfile + echo >> $depfile + + # The second pass generates a dummy entry for each header file. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> $depfile + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. This file always lives in the current directory. + # Also, the AIX compiler puts `$object:' at the start of each line; + # $object doesn't have directory information. + stripped=`echo "$object" | sed -e 's,^.*/,,' -e 's/\(.*\)\..*$/\1/'` + tmpdepfile="$stripped.u" + outname="$stripped.o" + if test "$libtool" = yes; then + "$@" -Wc,-M + else + "$@" -M + fi + + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + + if test -f "$tmpdepfile"; then + # Each line is of the form `foo.o: dependent.h'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile" + sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile" + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in `foo.d' instead, so we check for that too. + # Subdirectories are respected. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + + if test "$libtool" = yes; then + tmpdepfile1="$dir.libs/$base.lo.d" + tmpdepfile2="$dir.libs/$base.d" + "$@" -Wc,-MD + else + tmpdepfile1="$dir$base.o.d" + tmpdepfile2="$dir$base.d" + "$@" -MD + fi + + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + if test -f "$tmpdepfile1"; then + tmpdepfile="$tmpdepfile1" + else + tmpdepfile="$tmpdepfile2" + fi + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a space and a tab in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the proprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. We will use -o /dev/null later, + # however we can't do the remplacement now because + # `-o $object' might simply not be used + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + "$@" -o /dev/null $dashmflag | sed 's:^[^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + tr ' ' ' +' < "$tmpdepfile" | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # X makedepend + shift + cleared=no + for arg in "$@"; do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + -*) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix="`echo $object | sed 's/^.*\././'`" + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + sed '1,2d' "$tmpdepfile" | tr ' ' ' +' | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the proprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E | + sed -n '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | + sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the proprocessed file to stdout, regardless of -o, + # because we must use -o when running libtool. + "$@" || exit $? + IFS=" " + for arg + do + case "$arg" in + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" + echo " " >> "$depfile" + . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 diff --git a/install-sh b/install-sh new file mode 100755 index 0000000..11870f1 --- /dev/null +++ b/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + : +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=$mkdirprog + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f "$src" ] || [ -d "$src" ] + then + : + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + : + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + : + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' + ' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + : + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else : ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else : ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else : ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else : ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + : + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else :;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else :;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else :;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else :;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/log.c b/log.c new file mode 100644 index 0000000..3999170 --- /dev/null +++ b/log.c @@ -0,0 +1,196 @@ +/* + * log.c - log module for logging to syslog + * + * Copyright 2003-2005 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +/* SYSTEM INCLUDES */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ +#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_STRING_H +#include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_LIBGEN_H +#include +#endif /* HAVE_LIBGEN_H */ +#ifdef HAVE_SYSLOG_H +#include +#endif /* HAVE_SYSLOG_H */ +#ifdef HAVE_STDARG_H +#include +#endif /* HAVE_STDARG_H */ + + +/* LOCAL INCLUDES */ + +#include "log.h" + + +/* FILE SCOPE VARIABLES */ +static char *ident = NULL; /* prefix for log messages (usually progname) */ +static int facility = LOG_USER; +static int level = LOG_WARNING; + + +/* + * log_set_ident() - set the ident field for openlog() + * args: name - character string to set ident to + */ +char *log_set_ident( const char *name ) +{ + /* lose the existing value of ident, if there is one */ + if ( ident ){ + free(ident); + ident = NULL; + } + if ( name ) ident = strdup(name); + return ident; +} + + +/* + * log_make_ident() - make the ident field for openlog() from a path + * args: name - character string to set ident to + * (use to set from argv[0]) + */ +char *log_make_ident( const char *name ) +{ + char *temp; + + /* lose the existing value of ident, if there is one */ + if ( ident ){ + free(ident); + ident = NULL; + } + /* assign new value to ident from name */ + if ( !name ) return (ident = NULL); + ident = strdup(basename((char*)name)); + /* remove leading '-' from ident, if there is one */ + if ( ident[0] == '-' ){ + temp = strdup(ident + 1); + free(ident); + ident = temp; + } + return ident; +} + + +void log_set_priority( int new_level ) +{ + level = new_level; +} + + +void log_set_facility( int new_fac ) +{ + facility = new_fac; +} + + +void log_open( void ) +{ + openlog( ident, LOG_CONS | LOG_PID, facility ); +} + + +void log_close( void ) +{ + closelog(); +} + + +/* + * lm_create_log_buffer() - this function takes advantage of the return + * value of vsnprintf() and the realloc() function to allocate a buffer + * which is either exactly the right size for the message (in the case + * of GLIBC >= 2.1) or at least large enough to hold the entire message. + */ +void log_msg( char *msg, ... ) +{ + + char *format_temp = NULL; + va_list arglist; + int length; /* length of msg */ + int retc; /* return code */ + + /* + * make a guess how big the message will be -- initially we'll allow + * 50 characters for formatting variable args + */ + length = 50 + strlen( msg ); + if ( (format_temp = (char *)malloc( length )) == NULL){ + syslog(LOG_ERR, "Could not allocate mem in log_msg(), log.c"); + exit(1); + } + memset( format_temp, 0, length ); + + /* try to print msg to buffer, until we succeed or fail conclusively */ + va_start( arglist, msg ); + retc = vsnprintf( format_temp, length, msg, arglist ); + va_end( arglist ); + + /* + * Check retc to make sure it fit account for differences in libc + * versions (grumble)... Per C99, retc is # of chars that WOULD have + * been copied if format_temp was large enough, so make the buffer + * that size. + */ + if ( retc > length ){ + + if ( (format_temp = (char *)realloc( format_temp, retc + 1 )) + == NULL ){ + syslog(LOG_ERR, + "Could not allocate mem in log_msg(), log.c"); + exit(1); + } + va_start( arglist, msg ); + vsnprintf( format_temp, retc + 1, msg, arglist ); + va_end( arglist ); + } + /* if retc == -1, we must be compiled under pre-C99 libc */ + while ( retc == -1 ){ + length += 50; + if ( (format_temp = (char *)realloc( format_temp, length )) + == NULL ){ + syslog(LOG_ERR, + "Could not allocate mem in log_msg(), log.c"); + exit(1); + } + memset( format_temp, 0, length ); + va_start( arglist, msg ); + retc = vsnprintf( format_temp, length, msg, arglist ); + va_end( arglist ); + } + syslog((facility | level), "%s", format_temp); + free(format_temp); +} + diff --git a/log.h b/log.h new file mode 100644 index 0000000..cbcd56d --- /dev/null +++ b/log.h @@ -0,0 +1,41 @@ +/* + * log.h - headers for log module + * + * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _log_module_h +#define _log_module_h + +char *log_set_ident( const char *name ); +char *log_make_ident( const char *name ); +void log_set_priority( int new_level ); +void log_set_facility( int new_facility ); +void log_open( void ); +void log_close( void ); +void log_msg( char *msg, ... ); + +#endif /* _log_module_h */ diff --git a/main.c.in b/main.c.in new file mode 100644 index 0000000..7d1695c --- /dev/null +++ b/main.c.in @@ -0,0 +1,273 @@ +/* + * rssh.c - restricted shell for ssh to allow scp or sftp only + * + * Copyright 2003-2006 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* SYSTEM INCLUDES */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ +#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_UNISTD_H +#include +#endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERRNO_H +#include +#endif /* HAVE_ERRNO_H */ +#ifdef HAVE_STRING_H +#include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_LIBGEN_H +#include +#endif /* HAVE_LIBGEN_H */ +#ifdef HAVE_SYSLOG_H +#include +#endif /* HAVE_SYSLOG_H */ +#ifdef HAVE_PWD_H +#include +#endif /* HAVE_PWD_H */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif /* HAVE_SYS_TYPES_H */ +#ifdef HAVE_SYS_STAT_H +#include +#endif /* HAVE_SYS_STAT_H */ + + +/* LOCAL INCLUDES */ +#include "rssh.h" +#include "rsshconf.h" +#include "pathnames.h" +#include "log.h" +#include "util.h" +#include "argvec.h" + + +/* FILE SCOPE FUNCTION DECLARATIONS */ + +char **build_shell_args( struct passwd uinfo, ShellOptions_t *opts, + char *cmdline, char **cmd ); +void vers_info( void ); + +/* GLOBAL VARIABLES */ +extern int errno; + +char *progname; +char *username; +char *version = "@PACKAGE_STRING@"; +char *copyr = "Copyright 2002-2010 Derek D. Martin <@PACKAGE_BUGREPORT@>"; + +/* MAIN PROGRAM */ +int main( int argc, char **argv ) +{ + char **argvec = NULL; /* vector for execv() */ + char *cmd; /* name of the command to execv() */ + ShellOptions_t opts; /* options configured by config file */ + struct passwd uinfo; /* info about the user running rssh */ + struct passwd *temp; /* copy temp into uinfo */ + + /* if we just want the version, give it an exit */ + if ( argc == 2 && !( strcmp(argv[1], "-v")) ){ + vers_info(); + exit(0); + } + + /* initialize variables to defaults */ + opts.rssh_umask = 022; + opts.shell_flags = 0; + opts.chroot_path = NULL; + memset(&uinfo, 0, sizeof uinfo); + if ( (putenv("PATH=/bin:/usr/bin")) ){ + log_msg("fatal error: could not set PATH environment var"); + exit(1); + } + + /* see who we are and set up logging */ + if ( (temp = getpwuid(getuid())) ){ + uinfo = *temp; + username = uinfo.pw_name; + } + else + /* this probably should never happen */ + username = "unknown user!"; + progname = strdup(log_make_ident(basename(argv[0]))); + log_set_facility(LOG_DAEMON); + log_open(); + + /* process the config file */ + if ( !(read_shell_config(&opts, PATH_RSSH_CONFIG, 1)) ){ + log_set_priority(LOG_ERR); + log_msg("there were errors processing configuration file!"); + fail(0, argc, argv); + } + + /* set the umask */ + umask(opts.rssh_umask); + + /* arg count check */ + if ( argc < 3 ) fail(opts.shell_flags, argc, argv); + + /* if first arg is anything but -c, it's no good */ + if ( strcmp("-c", argv[1]) ) fail(opts.shell_flags, argc, argv); + + /* get the arguments for execv() */ + if ( !(argvec = build_shell_args(uinfo, &opts, argv[2], &cmd)) ) + fail(opts.shell_flags, argc, argv); + + /* if all that passed, exec the relevant command */ + execv(cmd, argvec); + + /* we only get here if the exec fails */ + fprintf(stderr, "%s: execv() failed. ", cmd); + log_set_priority(LOG_ERR); + log_msg("execv failed: cmd line %s", argv[2]); + + switch (errno){ + case EACCES: + case ENOTDIR: + case ENOENT: + fprintf(stderr, "%s: %s is not an executable file, or " + "permission denied.\n\n", basename(argv[0]), + argvec[0]); + break; + case EPERM: + /* this shouldn't happen, as we don't run SUID */ + fprintf(stderr, "%s: FS mounted nosuid or process is being " + "traced\n (and you are not root)\n\n", + basename(argv[0])); + break; + default: + fprintf(stderr, "an unknown error occurred.\n\n"); + } + + exit(1); +} + + +char **build_shell_args( struct passwd uinfo, + ShellOptions_t *opts, + char *cmdline, + char **cmd ) +{ + char **argvec; /* argument vector for new cmd line */ + char *temp; /* to build chroot helper cmd line */ + int len; + + /* + * determine if the command in cmdline is acceptable to run, and store + * name of program to exec in cmd + */ + if ( !(*cmd = get_command(cmdline, opts)) ) return NULL; + + /* if we need to do chroot processing, do it */ + if ( opts->shell_flags & RSSH_USE_CHROOT ){ + /* create vector of pointers to command line arguments */ + + /* + * we don't call build_arg_vector() here, because expanding + * the shell arguments before we chroot() results in a + * directory transversal attack possibility, i.e. the user can + * see some of the files outside the chroot jail. We'll call + * build_arg_vector() in the chroot helper instead... + */ + + if ( !(argvec = (char **)malloc(6 * sizeof (char *))) ){ + log_set_priority(LOG_ERR); + log_msg("OOM error in build_shell_args() (fatal)"); + exit(1); + } + + argvec[0] = PATH_CHROOT_HELPER; + + /* which one is it? */ + if ( !(strcmp(*cmd, PATH_SCP)) ) + argvec[1] = "1"; + else if ( !(strcmp(*cmd, PATH_SFTP_SERVER)) ) + argvec[1] = "2"; + else if ( !(strcmp(*cmd, PATH_CVS)) ) + argvec[1] = "3"; + else if ( !(strcmp(*cmd, PATH_RDIST)) ) + argvec[1] = "4"; + else if ( !(strcmp(*cmd, PATH_RSYNC)) ) + argvec[1] = "5"; + else { + log_set_priority(LOG_ERR); + log_msg("fatal error identifying the correct command " + "(this should never happen)"); + exit(1); + } + argvec[2] = cmdline; + argvec[3] = NULL; + + /* change the command to run to the chroot helper */ + *cmd = PATH_CHROOT_HELPER; + + /* set up buffer to log command line ('"' + ' ' + '\0' = 9) */ + len = strlen(cmdline) + strlen(argvec[2]) + + strlen(PATH_CHROOT_HELPER) + 9; + if ( !(temp = (char *)malloc(len)) ){ + log_set_priority(LOG_ERR); + log_msg("OOM error in build_shell_args() (fatal)"); + exit(1); + } + + /* stuff the args into the buffer */ + snprintf(temp, len, "%s %s \"%s\"", + PATH_CHROOT_HELPER, + argvec[1], + cmdline); + + /* now log 'em */ + log_set_priority(LOG_INFO); + log_msg("chroot cmd line: %s", temp); + + return argvec; + } + + /* return vector of pointers to command line arguments */ + argvec = build_arg_vector(cmdline, 0); + if (check_command_line(argvec, opts)) return argvec; + else return NULL; +} + +void vers_info( void ) +{ + printf("\n%s\n", version); + printf("%s\n\n", copyr); + printf("%20s = %s\n", "rssh config file", PATH_RSSH_CONFIG); + printf("%20s = %s\n", "chroot helper path", PATH_CHROOT_HELPER); + printf("%20s = %s\n", "scp binary path", PATH_SCP); + printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); + printf("%20s = %s\n", "cvs binary path", PATH_CVS); + printf("%20s = %s\n", "rdist binary path", PATH_RDIST); + printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); +} + + diff --git a/missing b/missing new file mode 100755 index 0000000..6a37006 --- /dev/null +++ b/missing @@ -0,0 +1,336 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. +# Copyright (C) 1996, 1997, 1999, 2000, 2002 Free Software Foundation, Inc. +# Originally by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +run=: + +# In the cases where this matters, `missing' is being run in the +# srcdir already. +if test -f configure.ac; then + configure_ac=configure.ac +else + configure_ac=configure.in +fi + +case "$1" in +--run) + # Try to run requested program, and just exit if it succeeds. + run= + shift + "$@" && exit 0 + ;; +esac + +# If it does not exist, or fails to run (possibly an outdated version), +# try to emulate it. +case "$1" in + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + --run try to run the given command, and emulate it if it fails + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + help2man touch the output file + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + tar try tar, gnutar, gtar, then tar without non-portable flags + yacc create \`y.tab.[ch]', if possible, from existing .[ch]" + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing 0.4 - GNU automake" + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + + aclocal*) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + fi + + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acinclude.m4' or \`${configure_ac}'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + fi + + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`${configure_ac}'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + fi + + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acconfig.h' or \`${configure_ac}'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` + test -z "$files" && files="config.h" + touch_files= + for f in $files; do + case "$f" in + *:*) touch_files="$touch_files "`echo "$f" | + sed -e 's/^[^:]*://' -e 's/:.*//'`;; + *) touch_files="$touch_files $f.in";; + esac + done + touch $touch_files + ;; + + automake*) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + fi + + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print | + sed 's/\.am$/.in/' | + while read f; do touch "$f"; done + ;; + + autom4te) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + fi + + echo 1>&2 "\ +WARNING: \`$1' is needed, and you do not seem to have it handy on your + system. You might have modified some files without having the + proper tools for further handling them. + You can get \`$1Help2man' as part of \`Autoconf' from any GNU + archive site." + + file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` + test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo "#! /bin/sh" + echo "# Created by GNU Automake missing as a replacement of" + echo "# $ $@" + echo "exit 0" + chmod +x $file + exit 1 + fi + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if [ ! -f y.tab.h ]; then + echo >y.tab.h + fi + if [ ! -f y.tab.c ]; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex|flex) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if [ ! -f lex.yy.c ]; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + help2man) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + fi + + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a dependency of a manual page. You may need the + \`Help2man' package in order for those modifications to take + effect. You can get \`Help2man' from any GNU archive site." + + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` + fi + if [ -f "$file" ]; then + touch $file + else + test -z "$file" || exec >$file + echo ".ab help2man is required to generate this page" + exit 1 + fi + ;; + + makeinfo) + if test -z "$run" && (makeinfo --version) > /dev/null 2>&1; then + # We have makeinfo, but it failed. + exit 1 + fi + + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` + fi + touch $file + ;; + + tar) + shift + if test -n "$run"; then + echo 1>&2 "ERROR: \`tar' requires --run" + exit 1 + fi + + # We have already tried tar in the generic part. + # Look for gnutar/gtar before invocation to avoid ugly error + # messages. + if (gnutar --version > /dev/null 2>&1); then + gnutar "$@" && exit 0 + fi + if (gtar --version > /dev/null 2>&1); then + gtar "$@" && exit 0 + fi + firstarg="$1" + if shift; then + case "$firstarg" in + *o*) + firstarg=`echo "$firstarg" | sed s/o//` + tar "$firstarg" "$@" && exit 0 + ;; + esac + case "$firstarg" in + *h*) + firstarg=`echo "$firstarg" | sed s/h//` + tar "$firstarg" "$@" && exit 0 + ;; + esac + fi + + echo 1>&2 "\ +WARNING: I can't seem to be able to run \`tar' with the given arguments. + You may want to install GNU tar or Free paxutils, or check the + command line arguments." + exit 1 + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and you do not seem to have it handy on your + system. You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequirements for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 diff --git a/mkchroot.sh b/mkchroot.sh new file mode 100755 index 0000000..9e17d5d --- /dev/null +++ b/mkchroot.sh @@ -0,0 +1,173 @@ +#!/bin/sh + +##################################################################### +##################################################################### +## +## mkchroot.sh - set up a chroot jail. +## +## This script is written to work for Red Hat 8/9 systems, but may work on +## other systems. Or, it may not... In fact, it may not work at all. Use at +## your own risk. :) +## + +fail() { + + echo "`basename $0`: fatal error" >&2 + echo "$1" >&2 + exit $2 +} + +##################################################################### +# +# Initialize - handle command-line args, and set up variables and such. +# +# $1 is the directory to make the root of the chroot jail (required) +# $2, if given, is the user who should own the jail (optional) +# $3, if given, is the permissions on the directory (optional) +# + +if [ -z "$1" ]; then + echo "`basename $0`: error parsing command line" >&2 + echo " You must specify a directory to use as the chroot jail." >&2 + exit 1 +fi + +jail_dir="$1" + +if [ -n "$2" ]; then + owner="$2" +fi + +if [ -n "$3" ]; then + perms="$3" +fi + + +##################################################################### +# +# build the jail +# + +# now make the directory + +if [ ! -d "$jail_dir" ]; then + echo "Creating root jail directory." + mkdir -p "$jail_dir" + + if [ $? -ne 0 ]; then + echo " `basename $0`: error creating jail directory." >&2 + echo "Check permissions on parent directory." >&2 + exit 2 + fi +fi + +if [ -n "$owner" -a `whoami` = "root" ]; then + echo "Setting owner of jail." + chown "$owner" "$jail_dir" + if [ $? -ne 0 ]; then + echo " `basename $0`: error changing owner of jail directory." >&2 + exit 3 + fi +else + echo -e "NOT changing owner of root jail. \c" + if [ `whoami` != "root" ]; then + echo "You are not root." + else + echo + fi +fi + +if [ -n "$owner" -a `whoami` = "root" ]; then + echo "Setting permissions of jail." + chmod "$perms" "$jail_dir" + if [ $? -ne 0 ]; then + echo " `basename $0`: error changing perms of jail directory." >&2 + exit 3 + fi +else + echo -e "NOT changing perms of root jail. \c" + if [ `whoami` != "root" ]; then + echo "You are not root." + else + echo + fi +fi + +# copy SSH files + +scp_path="/usr/bin/scp" +sftp_server_path="/usr/libexec/openssh/sftp-server" +rssh_path="/usr/bin/rssh" +chroot_helper_path="/usr/libexec/rssh_chroot_helper" + +for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do + + echo "setting up $jail_path" + + if [ ! -d "$jail_path" ]; then + mkdir -p "$jail_path" || \ + fail "Error creating $jail_path. Exiting." 4 + fi + +done + +cp "$scp_path" "$jail_dir$scp_path" || \ + fail "Error copying $scp_path. Exiting." 5 +cp "$sftp_server_path" "$jail_dir$sftp_server_path" || \ + fail "Error copying $sftp_server_path. Exiting." 5 +cp "$rssh_path" "$jail_dir$rssh_path" || \ + fail "Error copying $rssh_path. Exiting." 5 +cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ + fail "Error copying $chroot_helper_path. Exiting." 5 + + +##################################################################### +# +# identify and copy libraries needed in the jail +# + +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do + echo "Copying libraries for $prog." + libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + for lib in $libs; do + mkdir -p "$jail_dir$(dirname $lib)" + echo -e "\t$lib" + cp "$lib" "$jail_dir$lib" + done +done + +echo "copying name service resolution libraries..." +tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' + +##################################################################### +# +# copy config files for the dynamic linker, nsswitch.conf, and the passwd file +# + +echo "Setting up /etc in the chroot jail" +mkdir -p "$jail_dir/etc" +cp /etc/nsswitch.conf "$jail_dir/etc/" +cp /etc/passwd "$jail_dir/etc/" +cp /etc/ld.* "$jail_dir/etc/" + +echo -e "Chroot jail configuration completed." +echo -e "\nNOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + + +##################################################################### +# +# set up /dev/log +# + +mkdir -p "$jail_dir/dev" + +echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" +echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," +echo -e "you will need to start syslog as:\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" + +echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" +echo -e "if it\ndoesn't, you're on your own. Sorry!\n" + + diff --git a/mkinstalldirs b/mkinstalldirs new file mode 100755 index 0000000..8ab885e --- /dev/null +++ b/mkinstalldirs @@ -0,0 +1,99 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman +# Created: 1993-05-16 +# Public domain + +errstatus=0 +dirmode="" + +usage="\ +Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..." + +# process command line arguments +while test $# -gt 0 ; do + case "${1}" in + -h | --help | --h* ) # -h for help + echo "${usage}" 1>&2; exit 0 ;; + -m ) # -m PERM arg + shift + test $# -eq 0 && { echo "${usage}" 1>&2; exit 1; } + dirmode="${1}" + shift ;; + -- ) shift; break ;; # stop option processing + -* ) echo "${usage}" 1>&2; exit 1 ;; # unknown option + * ) break ;; # first non-opt arg + esac +done + +for file +do + if test -d "$file"; then + shift + else + break + fi +done + +case $# in +0) exit 0 ;; +esac + +case $dirmode in +'') + if mkdir -p -- . 2>/dev/null; then + echo "mkdir -p -- $*" + exec mkdir -p -- "$@" + fi ;; +*) + if mkdir -m "$dirmode" -p -- . 2>/dev/null; then + echo "mkdir -m $dirmode -p -- $*" + exec mkdir -m "$dirmode" -p -- "$@" + fi ;; +esac + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + else + if test ! -z "$dirmode"; then + echo "chmod $dirmode $pathcomp" + + lasterr="" + chmod "$dirmode" "$pathcomp" || lasterr=$? + + if test ! -z "$lasterr"; then + errstatus=$lasterr + fi + fi + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# Local Variables: +# mode: shell-script +# sh-indentation: 3 +# End: +# mkinstalldirs ends here diff --git a/pathnames.h.in b/pathnames.h.in new file mode 100644 index 0000000..17e2fb7 --- /dev/null +++ b/pathnames.h.in @@ -0,0 +1,49 @@ + +/* + * pathnames.h - macro definitions for rssh paths + * + * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _rssh_pathnames_h +#define _rssh_pathnames_h + +#define PATH_SFTP_SERVER "@sftp_path@" +#define PATH_SCP "@scp_path@" +#define PATH_CVS "@cvs_path@" +#define PATH_RDIST "@rdist_path@" +#define PATH_RSYNC "@rsync_path@" + +/* these generally are overridden by the makefile */ +#ifndef PATH_RSSH_CONFIG +#define PATH_RSSH_CONFIG "/etc/rssh.conf" +#endif /* PATH_RSSH_CONFIG */ + +#ifndef PATH_CHROOT_HELPER +#define PATH_CHROOT_HELPER "/usr/local/bin/rssh_chroot_helper" +#endif /* PATH_CHROOT_HELPER */ + +#endif /* _rssh_pathnames_h */ diff --git a/rssh.1 b/rssh.1 new file mode 100644 index 0000000..caa2636 --- /dev/null +++ b/rssh.1 @@ -0,0 +1,315 @@ +.\" rssh.1 - rssh man page +.\" +.\" Copyright 2003-2010 Derek D. Martin +.\" +.\" No comment! +.\" +.TH RSSH 1 "1 Aug 2010" "man pages" "Derek D. Martin" +.SH NAME +rssh \- restricted secure shell allowing only scp and/or sftp +.SH SYNOPSIS +.B rssh +.RI [ " options... " ] " " [ " ... " ] +.br +.B rssh \-v +.SH DESCRIPTION +.B rssh +is a restricted shell for providing limited access to a host via \fBssh\fP(1), +allowing a user whose shell is configured to +.B rssh +to use one or more of the command(s) \fBscp\fP(1), \fBsftp\fP(1) +\fBcvs\fP(1), \fBrdist\fP(1), and \fBrsync\fP(1), and +.I only +those commands. It is intended primarily to work with OpenSSH (see +http://www.openssh.com), but may work with other implementations. +.P +The system administrator should install the shell on the restricted system. +Then the password file entry of any user for whom it is desireable to provide +restricted access should be edited, such that their shell is \fBrssh\fP. For +example: +.P +.RS +luser:x:666:666::/home/luser:/usr/bin/rssh +.RE +.P +If invoked with the +.B \-v +option, +.B rssh +will report its version, and exit. All other arguments to +.B rssh +are those specified by the remote \fBssh\fP(1) client, and aren't of much +concern to the average user. The arguments provided must be what a shell on +the remote end would receive in order to pass control to \fBscp\fP(1), +\fBsftp\fP(1), etc. If +.B rssh +receives arguments which do not conform, it will emit an error message and exit. +If the program the user is trying to run is not allowed, or contains syntax +which will try to execute a shell command (such as a command substitution), it +will also emit an error and exit. +.P +.B rssh +has a configuration file, \fIrssh.conf\fP(5), which allows some of the +behavior of +.B rssh +to be customized. See that man page for details. +.SH SECURITY NOTES +.I Read this section with exceptional care, or you may put your system at risk! +.SS Using rssh With CVS +If you are using \fBrssh\fP to allow CVS access, it should be noted that it is +not possible to prevent a user who is very familiar with CVS from bypassing +\fBrssh\fP and getting a shell, unless the user does not have write access in +the repository. Obviously, the user must have write access to the repository +in order to update it, which allows them to upload arbitrary programs into the +repository. CVS provides several mechanisms for executing such arbitrary +programs... The only reasonably safe way to use \fBrssh\fP with CVS is to use +the chroot jail facilities to place the CVS repository within a chroot jail. +Please see below and all relevant documentation for details of how to set up +chroot jails. Note that \fIusers will still be able to get shell access +within the jail\fP; the only protection which is provided is that they can not +escape the jail. I have been pursuaded to retain support for CVS because this +protection is better than no protection. +.I You have been warned. Use CVS at your own risk. +.SS Potential root Compromise With Old Versions + +Before \fBrssh 2.3.0\fP, if a regular user had shell access to a machine where +.B rssh +was installed, a root compromise was possible due to +.B rssh_chroot_helper +allowing a user to arbitrarily \fBchroot\fP(2) to anywhere on the filesystem. +It is possible to mitigate this attack against affected versions of +.B rssh +using strict access controls to files, by making sure that the user can not +write to any file on the same partition as system executables, and that any +partition where they can write files does not allow execution of SUID +programs. As of \fBrssh 2.3.0\fP, this attack has been prevented by +preventing arbitrary chroot(), \fIif your jail is set up securely\fP. In +particular, make sure that regular users can not write to directories inside +the jail which contain the copied binaries. That should be obvious, but it +needs to be said. Though it should not be strictly necessary, to further +protect your system from possible compromise, it is also advisable to follow +the section below, entitled "Safeguards Against Bypassing rssh". +.SS Safeguards Against Bypassing rssh +.B rssh +is designed to interact with several other programs. Even if rssh is +completely bug-free, changes in those other programs could possibly result in +methods to circumvent the protection that +.B rssh +is intended to provide. \fIIt is important for you, the system administrator, +to stay current on the services you make available with rssh, to be sure that +these commands do not provide mechanisms to allow the user to run arbitrary +commands.\fP Also, while the goal of every release is to be bug free, no one +is perfect... There may be undiscovered bugs in +.B rssh +which might allow a user to circumvent it. +.P +You can protect your system from those who would take advantage of such +weaknesses. This is not required for \fBrssh\fP to work properly, but it is a +really good idea. There are six basic steps: +.RS +.TP +1. +protect all non-administrator accounts with rssh (i.e. no regular user should have shell access to the server) +.TP +2. +place your users in a chroot jail +.TP +3. +limit the binaries which live in the jail to the absolute minimum required +.TP +4. +mount their home filesystem with the noexec/nosuid option (i.e. use +separate partitions in the jail for user home directories and all other files, +if possible/reasonable) +.TP +5. +create a group for rssh users, and limit executable access to the binaries to +users in that group. +.TP +6. +use standard file permissions carefully and appropriately +.RE +.P +If possible, make sure that no regular user has any kind of shell access to +the system other than through \fBrssh\fP. Otherwise, users with shell access +could potentially exploit undiscovered bugs in +.B rssh_chroot_helper +to gain root access to the server. +.P +.B rssh +gives the system administrator the ability to place the users in a chroot +jail. See details in the man page for +.B rssh.conf +and in the file +.I CHROOT +which is distributed with the source code. If you want to ensure users can +not run arbitrary programs, use a chroot jail, and be sure not to put any +programs other than what are absolutely necessary to provide the service you +are trying to provide. This prevents them from running standard system +commands. +.P +Then, make sure the user's files inside the jail are on a seperate filesystem +from your system's executables. If possible in your environment, make sure +you mount this filesystem using the +.IR noexec " and " nosuid +options, if your operating system provides them. This prevents the users from +being able to execute programs which they have uploaded to the target machine +(e.g. using scp) which might otherwise be executable, and prevents SUID +programs from respecting the SUID bits. Note that these options necessitate +the users' files are on separate partitions from the binaries and libraries +that live in the jail. Therefore you will need at least 2 partitions for your +jail to do this properly (one for the system binaries in the jail, the other +for the user directories). +.P +Additionally, create a group, for example "rsshuser", for rssh users. Put all +your users who will be restricted by rssh in that group. Set the ownership +and permissions on rssh and rssh_chroot_helper so that only those users can +execute them. The following commands should illustrate: +.P +.RS +.B # groupadd rsshuser +.br +.B # chown root:rsshuser rssh rssh_chroot_helper +.br +.B # chmod 550 rssh +.br +.B # chmod 4550 rssh_chroot_helper +.br +.RE +.P +Lastly, use standard Unix/POSIX file permissions to ensure they +can not access files they should not be able to within the chroot jail. +.SS Command Line Parser +As of +.B rssh +version 2.2.3, the program must parse out the complete command line to avoid +command line options which cause the execution of arbitrary programs (and +hence bypass the security of \fBrssh\fP). In order to keep the program source +code sane, the parser is a little over-zealous about matching command line +options. In practice, this probably will not be an issue, but in theory it is +possible. +.P +If you run into a problem where +.B rssh +refuses to run, claiming to be rejecting insecure command line options which +were not specified, try changing your command line such that all \fIshort\fP +options are specified as single-letter option flags (e.g. \-e \-p instead of +\-ep) and make sure you separate arguments from their respective options by a +space (e.g. \-p 123 instead of \-p123). In virtually all cases, this should +solve the problem. Admittedly, an exhaustive search was not performed, but no +problematical cases were found which were likely to be common. +.P +The alternative would have been to include a complete command-line parser for +rcp, rdist, and rsync; this was way out of the scope of this project. In +practice, the existing parser should suffice. If, however, you find cases +where it does not, please post details to the rssh mailing list. Details +about how to post to the mailing list can be found at the rssh homepage. +.SS "OpenSSH Versions and Bypassing rssh" +Prior to OpenSSH 3.5, \fBsshd\fP(8) will generally attempt to parse files in +the user's home directory, and may also try to run a start-up script from the +user's +.I $HOME/.ssh +directory. +.B rssh +does not make use of the user's environment in any way. The relevant command +is executed by calling \fBexecv\fP(3) with the full path to the command, as +specified at compile time. It does not depend upon the user's PATH variable, +or on any other environment variable. +.P +There are, however, several problems that can arise. This is due entirely to +the way the OpenSSH Project's sshd works, and is in no way the fault of +\fBrssh\fP. For example, one problem which might exist is that, according to +the \fBsshd\fP(8) man page from at least some releases of OpenSSH, the +commands listed in the +.I $HOME/.ssh/rc +file are executed with +.I /bin/sh +instead of the user's defined shell. This appears not to be the case on the +systems the author had available to test on; commands were executed using the +user's configured shell (\fBrssh\fP), which did not allow the execution. +However if it is true on your system, then a malicious user may be able to +circumvent +.B rssh +by uploading a file to +.I $HOME/.ssh/rc +which will be executed by +.I /bin/sh +on that system. If any releases (of OpenSSH) are, in fact, vulnerable to this +problem, then it is very likely that they are only old, outdated versions. So +long as you are running a recent version of OpenSSH, this should not be a +problem as far as I can tell. +.P +If your sshd +.I is +vulnerable to this attack, there is a workaround for this problem, though it +is pretty restrictive. +.I "The user's home directory absolutely must not be writable by the user." +If it is, the user can use sftp to remove the directory or rename it, and then +create a new one, and fill it up with whatever environment files they like. For +providing file uploads, this means a user-writable directory must be created for +them, and they must be made aware of their inability to write into their home +directory other than in this location. +.P +A second problem is that after authenticating the user, sshd also reads +.I $HOME/.ssh/environment +to allow the user to set variables in their environment. This allows the user +to completely circumvent +.B rssh +by clever manipulation of such environment variables as +.IR LD_LIBRARY_PATH " or " LD_PRELOAD +to link the rssh binary against arbitrary shared libraries. In order to +prevent this from being a problem, as of version 0.9.3, by default +.B rssh +is now compiled statically. The restrictive work-around mentioned above will +also defeat this sort of attack. +.P +As of OpenSSH 3.5, +.I sshd +now supports the option +.I PermitUserEnvironment +which is set to "no" by default. This option allows restricted shells like +.B rssh +to function properly without requiring them to be linked statically. As of +.B rssh +version 1.0.1, the configure script should detect that OpenSSH 3.5 is present, +and disable the default of static compilation. +.SH BUGS +None. =8^) +.SS A Note About Getting Help +If you are having trouble getting +.B rssh +working, or you think you've found a bug, please use the mailing list, and +.I do not e-mail me +\fIdirectly\fP. +You must sign up for the list in order to post. Information about how to sign +up is available on the rssh homepage. If you mail me directly with questions, +I will almost certainly ignore you, or at the very least ask you to repost +your question on the mailing list. Please also feel free to provide feedback +about rssh on the mailing list, whether positive or negative (especially +negative). +.SS Security Problems +The only exception to the above is if you believe you have found a security +problem with \fBrssh\fP. If that is the case, then please \fIdo\fP contact me +privately. If you are unable to find my direct contact info, post a message on +the mailing list requesting that I contact you about a potential security +problem. Security problems should be dealt with privately, so that the threat +can be properly assessed, and so as not to needlessly endanger the +installations of \fBrssh\fP in production environments. I take security +problems seriously, and will work to resolve them as quickly as possible. +.SS N.B.: +Before you e-mail me (or the mailing list) with questions, be sure to +.I THOROUGHLY +read all of the following files: README, INSTALL, CHROOT, SECURITY. All of +these files are distributed with the rssh source code, as well as all binary +packages of \fBrssh\fP. If you downloaded a binary package, these files +should be located wherever your distribution keeps its documentation files +(usually /usr/share/doc/rssh-version/ or something similar). Also +.I THOROUGHLY +read the man pages for \fBrssh\fP(1), and \fBrssh.conf\fP(5). Finally, if you +are still having problems, read the FAQ at +http://www.pizzashack.org/rssh/faq.shtml. If it is clear to me that you have +not read these documents, I will ignore you. In most cases, these documents +will already have everything you need to get rssh working, and I won't be able +to explain it any better on a mailing list than I did in those documents... +.SH SEE ALSO +\fBrssh.conf\fP(5), \fBsshd\fP(8), \fBssh\fP(1), \fBscp\fP(1), \fBsftp\fP(1). diff --git a/rssh.conf.5 b/rssh.conf.5 new file mode 100644 index 0000000..5556468 --- /dev/null +++ b/rssh.conf.5 @@ -0,0 +1,160 @@ +.\" No comment! +.\" +.TH RSSH.CONF 5 "7 Jul 2003" "man pages" "Derek D. Martin" +.SH NAME +${prefix}/etc/rssh.conf \- configuration file for rssh +.SH OVERVIEW +.B rssh.conf +is the configuration file for \fBrssh\fP. It allows the system administrator +to control the behavior of the shell. Configuration keywords are either used +by themselves on a line, or followed by an equal sign ('=') and a +configuration value. Comments start with a hash ('#') and can occur anywhere +on the line. Configuration options are case insensitive. Spaces at the +beginning or end of line, or between the equal sign and the configuration +keywords or values are ignored. If the value of a configuration option +contains spaces, it (or at least the space) must be enclosed in either single +or double quotes. +.P +A default configuration file is provided with the source distribution of +\fBrssh\fP. If the configuration file is missing or contains errors, \frssh\fP +will lock out all users. If a config file is present, the default is to lock +out users if no services have been explicitly allowed. +.P +New in v2.1 is the ability to configure options on a per\-user basis, using the +user keyword. More details are below. + +.SH CONFIGURATION KEYWORDS +.B allowscp +.RS +Tells the shell that scp is allowed. +.RE +.P +.B allowsftp +.RS +Tells the shell that sftp is allowed. +.RE +.P +.B allowcvs +.RS +Tells the shell that cvs is allowed. +.RE +.P +.B allowrdist +.RS +Tells the shell that rdist is allowed. +.RE +.P +.B allowrsync +.RS +Tells the shell that rsync is allowed. +.RE +.P +.B umask +.RS +Sets the umask value for file creations in the scp/sftp session. This is +normally set at login time by the user's shell. In order not to use the +system default, \fBrssh\fP must set the umask. +.RE +.P +.B logfacility +.RS +Allows the system administrator to control what syslog facility +.B rssh +logs to. The facilities are the same as those used by \fIsyslogd.conf\fP(5), +or the C macros for the facilities can be used instead. For example: +.P +logfacility=user +.br +logfacility=LOG_USER +.P +are equivalent, and tell +.B rssh +to use the user facility for logging to syslog. +.RE +.P +.B chrootpath +.RS +Causes \fBrssh\fP (actually a helper program) to call the +.I chroot() +system call, changing the root of the file system to whatever directory is +specified. Note that the value on the right hand side of the equal sign is +the name of a directory, not a command. For example: +.P +chrootpath=/usr/chroot +.P +will change the root of the virtual file system to /usr/chroot, preventing the +user from being able to access anything below /usr/chroot in the file system, +and making /usr/chroot appear to be the root directory. Care must be taken to +set up a proper chroot jail; see the file CHROOT in the rssh source +distribution for hints about how to do this. See also the \fIchroot\fP(2) man +page. +.P +If the user's home directory (as specified in \fI/etc/passwd\fP) is underneath +the path specified by this keyword, then the user will be chdir'd into their +home directory. If it is not, then they will be chdir'd to the root of the +chroot jail. +.P +In other words, if the jail is \fI/chroot\fP, and your user's home directory +is \fI/chroot/home/user\fP, then once \fBrssh_chroot_helper\fP changes the +root of the system, it will cd into \fI/home/user\fP inside the jail. +However, if your user's home directory is given as \fI/home/user\fP in +\fI/etc/passwd\fP, then even if that directory exists in the jail, the chroot +helper will not try to cd there. The user's normal home directory must live +inside the jail for this to work. +.RE +.P +.B user +.RS +The user keyword allows for the configuration of options on a per\-user basis. +.I THIS KEYWORD OVERRIDES ALL OTHER KEYWORDS FOR THE SPECIFIED USER. +That is, if you use a user keyword for user foo, then foo will use only the +settings in that user line, and not any of the settings set with the keywords +above. The user keyword's argument consists of a group of fields separated by +a colon (':'), as shown below. The fields are, in order: +.P +.B username +.RS +The username of the user for whom the entry provides options +.RE +.B umask +.RS +The umask for this user, in octal, just as it would be specified to the shell +.RE +.B access bits +.RS +Five binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, and scp, in that order. One means the command is allowed, +zero means it is not. +.RE +.B path +.RS +The \fIdirectory\fP to which this user should be chrooted (this is not a +command, it is a directory name). See \fBchroot_path\fP above for complete +details. +.RE +.P +For example, you might have something like this: +.P +user = luser:022:00001: +.P +This does the following: for the user with the username "luser", set the umask +to 022, disallow sftp, and allow scp. Because there is no chroot path +specified, the user will +.I not +be chrooted, +.I regardless of default options set with the keywords above. +If you wanted this user to be chrooted, you would need to specify the chroot +path explicitly, even if it should be the same as that set using the +chrootpath keyword. Remember that if there are spaces in the path, you need +to quote it, something like this: +.P +user = "luser:022:00001:/usr/local/chroot dir" +.P +See the default rssh.conf file for more examples. +.RE + +.SH SEE ALSO +\fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), +\fIsyslogd.conf\fP(5), \fIchroot\fP(2). + + diff --git a/rssh.conf.5.in b/rssh.conf.5.in new file mode 100644 index 0000000..913ce9d --- /dev/null +++ b/rssh.conf.5.in @@ -0,0 +1,160 @@ +.\" No comment! +.\" +.TH RSSH.CONF 5 "7 Jul 2003" "man pages" "Derek D. Martin" +.SH NAME +@sysconfdir@/rssh.conf \- configuration file for rssh +.SH OVERVIEW +.B rssh.conf +is the configuration file for \fBrssh\fP. It allows the system administrator +to control the behavior of the shell. Configuration keywords are either used +by themselves on a line, or followed by an equal sign ('=') and a +configuration value. Comments start with a hash ('#') and can occur anywhere +on the line. Configuration options are case insensitive. Spaces at the +beginning or end of line, or between the equal sign and the configuration +keywords or values are ignored. If the value of a configuration option +contains spaces, it (or at least the space) must be enclosed in either single +or double quotes. +.P +A default configuration file is provided with the source distribution of +\fBrssh\fP. If the configuration file is missing or contains errors, \frssh\fP +will lock out all users. If a config file is present, the default is to lock +out users if no services have been explicitly allowed. +.P +New in v2.1 is the ability to configure options on a per\-user basis, using the +user keyword. More details are below. + +.SH CONFIGURATION KEYWORDS +.B allowscp +.RS +Tells the shell that scp is allowed. +.RE +.P +.B allowsftp +.RS +Tells the shell that sftp is allowed. +.RE +.P +.B allowcvs +.RS +Tells the shell that cvs is allowed. +.RE +.P +.B allowrdist +.RS +Tells the shell that rdist is allowed. +.RE +.P +.B allowrsync +.RS +Tells the shell that rsync is allowed. +.RE +.P +.B umask +.RS +Sets the umask value for file creations in the scp/sftp session. This is +normally set at login time by the user's shell. In order not to use the +system default, \fBrssh\fP must set the umask. +.RE +.P +.B logfacility +.RS +Allows the system administrator to control what syslog facility +.B rssh +logs to. The facilities are the same as those used by \fIsyslogd.conf\fP(5), +or the C macros for the facilities can be used instead. For example: +.P +logfacility=user +.br +logfacility=LOG_USER +.P +are equivalent, and tell +.B rssh +to use the user facility for logging to syslog. +.RE +.P +.B chrootpath +.RS +Causes \fBrssh\fP (actually a helper program) to call the +.I chroot() +system call, changing the root of the file system to whatever directory is +specified. Note that the value on the right hand side of the equal sign is +the name of a directory, not a command. For example: +.P +chrootpath=/usr/chroot +.P +will change the root of the virtual file system to /usr/chroot, preventing the +user from being able to access anything below /usr/chroot in the file system, +and making /usr/chroot appear to be the root directory. Care must be taken to +set up a proper chroot jail; see the file CHROOT in the rssh source +distribution for hints about how to do this. See also the \fIchroot\fP(2) man +page. +.P +If the user's home directory (as specified in \fI/etc/passwd\fP) is underneath +the path specified by this keyword, then the user will be chdir'd into their +home directory. If it is not, then they will be chdir'd to the root of the +chroot jail. +.P +In other words, if the jail is \fI/chroot\fP, and your user's home directory +is \fI/chroot/home/user\fP, then once \fBrssh_chroot_helper\fP changes the +root of the system, it will cd into \fI/home/user\fP inside the jail. +However, if your user's home directory is given as \fI/home/user\fP in +\fI/etc/passwd\fP, then even if that directory exists in the jail, the chroot +helper will not try to cd there. The user's normal home directory must live +inside the jail for this to work. +.RE +.P +.B user +.RS +The user keyword allows for the configuration of options on a per\-user basis. +.I THIS KEYWORD OVERRIDES ALL OTHER KEYWORDS FOR THE SPECIFIED USER. +That is, if you use a user keyword for user foo, then foo will use only the +settings in that user line, and not any of the settings set with the keywords +above. The user keyword's argument consists of a group of fields separated by +a colon (':'), as shown below. The fields are, in order: +.P +.B username +.RS +The username of the user for whom the entry provides options +.RE +.B umask +.RS +The umask for this user, in octal, just as it would be specified to the shell +.RE +.B access bits +.RS +Five binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, and scp, in that order. One means the command is allowed, +zero means it is not. +.RE +.B path +.RS +The \fIdirectory\fP to which this user should be chrooted (this is not a +command, it is a directory name). See \fBchroot_path\fP above for complete +details. +.RE +.P +For example, you might have something like this: +.P +user = luser:022:00001: +.P +This does the following: for the user with the username "luser", set the umask +to 022, disallow sftp, and allow scp. Because there is no chroot path +specified, the user will +.I not +be chrooted, +.I regardless of default options set with the keywords above. +If you wanted this user to be chrooted, you would need to specify the chroot +path explicitly, even if it should be the same as that set using the +chrootpath keyword. Remember that if there are spaces in the path, you need +to quote it, something like this: +.P +user = "luser:022:00001:/usr/local/chroot dir" +.P +See the default rssh.conf file for more examples. +.RE + +.SH SEE ALSO +\fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), +\fIsyslogd.conf\fP(5), \fIchroot\fP(2). + + diff --git a/rssh.conf.default b/rssh.conf.default new file mode 100644 index 0000000..c847565 --- /dev/null +++ b/rssh.conf.default @@ -0,0 +1,51 @@ +# This is the default rssh config file + +# set the log facility. "LOG_USER" and "user" are equivalent. +logfacility = LOG_USER + +# Leave these all commented out to make the default action for rssh to lock +# users out completely... + +#allowscp +#allowsftp +#allowcvs +#allowrdist +#allowrsync + +# set the default umask +umask = 022 + +# If you want to chroot users, use this to set the directory where the root of +# the chroot jail will be located. +# +# if you DO NOT want to chroot users, LEAVE THIS COMMENTED OUT. +# chrootpath = /usr/local/chroot + +# You can quote anywhere, but quotes not required unless the path contains a +# space... as in this example. +#chrootpath = "/usr/local/my chroot" + +########################################## +# EXAMPLES of configuring per-user options + +#user=rudy:077:00010: # the path can simply be left out to not chroot +#user=rudy:077:00010 # the ending colon is optional + +#user=rudy:011:00100: # cvs, with no chroot +#user=rudy:011:01000: # rdist, with no chroot +#user=rudy:011:10000: # rsync, with no chroot +#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:00001:/usr/local/chroot' # single quotes too + +# if your chroot_path contains spaces, it must be quoted... +# In the following examples, the chroot_path is "/usr/local/my chroot" +#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot + +# Spaces before or after the '=' are fine, but spaces in chrootpath need +# quotes. +#user = "rudy:011:00001:/usr/local/my chroot" +#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end + diff --git a/rssh.h b/rssh.h new file mode 100644 index 0000000..d15f645 --- /dev/null +++ b/rssh.h @@ -0,0 +1,51 @@ + +/* + * rssh.h - some global macro definitions for rssh (and helpers) + * + * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef TRUE +#define TRUE 1 +#endif /* TRUE */ + +#ifndef FALSE +#define FALSE 0 +#endif /* FALSE */ + +#ifndef _rssh_h +#define _rssh_h + +typedef char bool; + +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_USE_CHROOT (1 << 5) + +#endif /* _rssh_h */ diff --git a/rssh.spec b/rssh.spec new file mode 100644 index 0000000..4043c79 --- /dev/null +++ b/rssh.spec @@ -0,0 +1,46 @@ +########################################################################### +# rssh.spec - spec file for building RPMs of rssh, specifically for Red Hat +# systems, though probably suitable for others. +# + +Summary: a restricted shell for scp or sftp +Name: rssh +Version: 2.3.4 +Release: 1 +License: BSD +Group: System Environment/Shells +Source: http://www.pizzashack.org/rssh/src/%{name}-%{version}.tar.gz +URL: http://www.pizzashack.org/rssh/ +Packager: Derek Martin +Requires: openssh +Provides: rssh + +Buildroot: /tmp/%{name}-%{version}-buildroot + +%description +rssh is a restricted shell for use with ssh, which allows the system +administrator to restrict a user's access to a system via scp or sftp, or +both. + +%prep +%setup + +%build +%configure +%{__make} + +%install +%{__rm} -rf %{buildroot} +%makeinstall + +%files +%defattr(644, root, root, 0755) +%doc AUTHORS ChangeLog CHROOT COPYING README SECURITY TODO conf_convert.sh mkchroot.sh +%doc %{_mandir}/man?/* +%config(noreplace) %{_sysconfdir}/rssh.conf +%attr(755, root, root) %{_bindir}/rssh +%attr(4755, root, root) %{_libexecdir}/rssh_chroot_helper + +%clean +%{__rm} -rf %{buildroot} + diff --git a/rssh.spec.in b/rssh.spec.in new file mode 100644 index 0000000..be29fa6 --- /dev/null +++ b/rssh.spec.in @@ -0,0 +1,46 @@ +########################################################################### +# rssh.spec - spec file for building RPMs of rssh, specifically for Red Hat +# systems, though probably suitable for others. +# + +Summary: a restricted shell for scp or sftp +Name: @PACKAGE_NAME@ +Version: @PACKAGE_VERSION@ +Release: 1 +License: BSD +Group: System Environment/Shells +Source: http://www.pizzashack.org/rssh/src/%{name}-%{version}.tar.gz +URL: http://www.pizzashack.org/rssh/ +Packager: Derek Martin <@PACKAGE_BUGREPORT@> +Requires: openssh +Provides: rssh + +Buildroot: /tmp/%{name}-%{version}-buildroot + +%description +rssh is a restricted shell for use with ssh, which allows the system +administrator to restrict a user's access to a system via scp or sftp, or +both. + +%prep +%setup + +%build +%configure +%{__make} + +%install +%{__rm} -rf %{buildroot} +%makeinstall + +%files +%defattr(644, root, root, 0755) +%doc AUTHORS ChangeLog CHROOT COPYING README SECURITY TODO conf_convert.sh mkchroot.sh +%doc %{_mandir}/man?/* +%config(noreplace) %{_sysconfdir}/rssh.conf +%attr(755, root, root) %{_bindir}/rssh +%attr(4755, root, root) %{_libexecdir}/rssh_chroot_helper + +%clean +%{__rm} -rf %{buildroot} + diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c new file mode 100644 index 0000000..7780c11 --- /dev/null +++ b/rssh_chroot_helper.c @@ -0,0 +1,270 @@ +/* + * chroot_helper.c - functions to deal with chrooting rssh + * + * Copyright 2003-2005 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* SYSTEM INCLUDES */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ +#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_UNISTD_H +#include +#endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERRNO_H +#include +#endif /* HAVE_ERRNO_H */ +#ifdef HAVE_STRING_H +#include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_LIBGEN_H +#include +#endif /* HAVE_LIBGEN_H */ +#ifdef HAVE_SYSLOG_H +#include +#endif /* HAVE_SYSLOG_H */ +#ifdef HAVE_PWD_H +#include +#endif /* HAVE_PWD_H */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif /* HAVE_SYS_TYPES_H */ +#ifdef HAVE_SYS_STAT_H +#include +#endif /* HAVE_SYS_STAT_H */ + + +/* LOCAL INCLUDES */ +#include "rssh.h" +#include "rsshconf.h" +#include "pathnames.h" +#include "log.h" +#include "util.h" +#include "argvec.h" + +/* GLOBAL VARIABLES */ +extern int errno; +char *progname; +char *username; + +/* FILE SCOPE VARIABLES */ +static int log_init = 0; + +/* FILE SCOPE FUNCTIONS */ + + +void ch_start_logging( void ) +{ + /* set up logging - username should be set before this is called */ + if ( log_init ) return; + log_set_facility(LOG_USER); + log_set_priority(LOG_INFO); + log_open(); + log_msg("new session for %s, UID=%d", username, getuid()); + /* all log messages from this point on are errors */ + log_set_priority(LOG_ERR); + log_init = 1; +} + +void ch_fatal_error( char *func, char *arg, char *strerr ) +{ + + /* drop privileges */ + if ( !geteuid() ) setuid(getuid()); + ch_start_logging(); + + /* log error */ + log_msg("%s failed, %s: %s", func, arg, strerr); + log_close(); + exit(1); +} + + +/* MAIN PROGRAM */ +int main( int argc, char **argv ) +{ + struct stat s; + ShellOptions_t opts; + long int cmd; + char *conv; + char **argvec; + char *cmd_path; + char *homedir; + struct passwd uinfo; + struct passwd *temp; + + /* + * Unfortunately, in order to maintain security, a lot of the code + * from the rssh main program must be duplicated. Specifically, the + * config file must be parsed to get the chroot path, in order to + * prevent a user from being able to chroot() arbitrarily, which leads + * to easy root compromise if a user has shell access to the system. + * build_arg_vector() must be done here instead of in the main + * program, in order to prevent a directory transversal attack. + */ + + /* + * As a possible future security enhancement, it should be possible to + * have rssh_chroot_helper authenticate cryptographically that it was + * exec()'d by rssh. If rssh is SGID to some rssh-users group, it + * could store the public key for rssh_chroot_helper in a file which + * is only readable by that group. Since rssh_chroot_helper is + * already SUID root, it could store its private key in some file that + * is only readable by root. Obviously, care should be taken that no + * user who has shell access to the system can become a member of the + * rssh-users group. The only thing stopping me from coding that now + * is my lack of knowledge of cryptographic programming. + * + * As a further precaution, all users whose accounts will be protected + * by rssh should be in the rssh-users group, and both rssh and + * rssh_chroot_helper should be executable only by that group. This + * can be done now, even without any cryptography. + */ + + /* THIS CODE IS EXPOSED AS ROOT! */ + + /* initialize variables to defaults */ + opts.rssh_umask = 022; + opts.shell_flags = 0; + opts.chroot_path = NULL; + + /* figure out our name, and give it to the log module */ + progname = strdup(log_make_ident(basename(argv[0]))); + + /* get user's passwd info */ + if ( (temp = getpwuid(getuid())) ){ + uinfo = *temp; + username = uinfo.pw_name; + } + else + /* this probably should never happen */ + username = "unknown user!"; + + /* make sure we have enough arguments, or exit with error */ + if ( argc != 3 ) ch_fatal_error(progname, "invalid arguments", + "wrong number of arguments"); + + /* process the config file, don't log */ + if ( !(read_shell_config(&opts, PATH_RSSH_CONFIG, 0)) ){ + ch_fatal_error("read_shell_config()", PATH_RSSH_CONFIG, + "errors processing configuration file!"); + } + + /* + * opts.chroot_path is directory to chroot to. Check to make sure it + * exists. If it does, chroot and drop privileges, and cd to it. + */ + + if ( stat(opts.chroot_path, &s) == -1 ) + ch_fatal_error("stat()", argv[1], strerror(errno)); + if ( chroot(opts.chroot_path) == -1 ) + ch_fatal_error("chroot()", argv[1], strerror(errno)); + + /* END OF CODE EXPOSED AS ROOT! */ + + setuid(getuid()); + ch_start_logging(); + + log_msg("user's home dir is %s", uinfo.pw_dir); + + /* get the user's home dir */ + if ( !(homedir = extract_root(opts.chroot_path, uinfo.pw_dir)) ){ + log_msg("couldn't find %s in chroot jail", uinfo.pw_dir); + homedir = strdup("/"); + } + + log_msg("chrooted to %s", opts.chroot_path); + log_msg("changing working directory to %s (inside jail)", homedir); + + /* cd into / to avoid possibility of breaking out of the jail */ + if ( chdir("/") ) + ch_fatal_error("chdir()", "/", strerror(errno)); + + /* make sure we can change directory to the user's dir */ + if ( chdir(homedir) == -1 ) + log_msg("could not cd to user's home dir: %s", homedir); + + if ( !(argvec = build_arg_vector(argv[2], 0)) ) + ch_fatal_error("build_arg_vector()", argv[2], + "bad expansion"); + + /* + * This is the old way to figure out what program to run. Since we're + * re-parsing the config file in rssh_chroot helper, we could get rid + * of this and redetermine it from the command line, and re-parse + * whether or not it's ok to run that command. But, I don't think + * that's really necessary, nor worth the effort. A user who is + * restricted by rssh will not be able to gain access to manipulate + * this on the command line, and a user who has full shell access + * can't gain anything they couldn't already do by manipulating it... + * so it seems OK to leave as is. + */ + + /* argv[1] is "1" if scp, "2" if sftp, ... */ + cmd = strtol(argv[1], &conv, 10); + if ( *conv ){ + log_msg("command identifier contained invalid chars"); + exit(2); + } + + /* ok... what were we supposed to run? */ + switch (cmd){ + case 1: + cmd_path = PATH_SCP; + break; + case 2: + cmd_path = PATH_SFTP_SERVER; + break; + case 3: + cmd_path = PATH_CVS; + break; + case 4: + cmd_path = PATH_RDIST; + break; + case 5: + cmd_path = PATH_RSYNC; + break; + default: + log_msg("invalid command specified"); + exit(2); + } + + /* now run it */ + execv(cmd_path, argvec); + + /* we only get here if the exec fails */ + ch_fatal_error("execv()", cmd_path, strerror(errno)); + /* and we never get here, but it shuts gcc up */ + exit(1); +} + diff --git a/rsshconf.c b/rsshconf.c new file mode 100644 index 0000000..4b22766 --- /dev/null +++ b/rsshconf.c @@ -0,0 +1,1065 @@ +/* + * rsshconf.c - parse rssh config file + * + * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +/* SYSTEM INCLUDES */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ +#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_STRING_H +#include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_SYSLOG_H +#include +#endif /* HAVE_SYSLOG_H */ +#ifdef HAVE_CTYPE_H +#include +#endif /* HAVE_CTYPE_H */ + +#include + +/* LOCAL INCLUDES */ +#include "rssh.h" +#include "log.h" +#include "rsshconf.h" +#include "util.h" + +/* MACRO DEFINITIONS */ +#define eat_assignment(x) eat_char_token('=', x, FALSE, TRUE) +#define eat_comment(x) eat_char_token('#', x, FALSE, TRUE) +/* this amuses me */ +#define eat_colon(x) eat_char_token(':', x, TRUE, FALSE) + +/* GLOBALS (defined in main.c) */ +extern char *username; + +/* FILE SCOPE VARIABLES */ +const char *keywords[] = { + "#", /* start a comment */ + "allowscp", + "allowsftp", + "allowcvs", + "allowrdist", + "allowrsync", + "chrootpath", + "logfacility", + "umask", + "user", + NULL +}; + +int log=0; + +/* flag to tell config parser to stop processing config file */ +static bool got_user_config = FALSE; + +/* FUNCTION DECLARATIONS FOR FILE SCOPE FUNCTIONS */ + +int get_keyword( const char *line, char *keyword, int *end ); +int eat_char_token( const char tokchar, const char *line, bool colon, + bool ign_spc ); +int process_umask( ShellOptions_t *opts, const char *line, const int lineno ); +int process_user( ShellOptions_t *opts, const char *line, const int lineno ); + +int process_allow_scp( ShellOptions_t *opts, const char *line, + const int lineno ); + +int process_allow_sftp( ShellOptions_t *opts, const char *line, + const int lineno ); + +int process_allow_cvs( ShellOptions_t *opts, const char *line, + const int lineno ); + +int process_allow_rdist( ShellOptions_t *opts, const char *line, + const int lineno ); + +int process_allow_rsync( ShellOptions_t *opts, const char *line, + const int lineno ); + +int get_token( const char *str, char *buf, const int buflen, + const bool colon, const bool ign_spc ); + +int process_config_line( ShellOptions_t *opts, FILE *cfg_file, + const char *line, const int lineno ); + +int process_chroot_path( ShellOptions_t *opts, const char *line, + const int lineno ); + +int process_log_facility( ShellOptions_t *opts, const char *line, + const int lineno ); + +int get_asgn_param( const char *line, const int lineno, char *buf, + const int buflen ); + + +/* EXTERNALLY VISIBLE FUNCTIONS */ + +/* returns FALSE if there was an error, TRUE if not */ +int read_shell_config( ShellOptions_t *opts, const char *filename, int do_log ) +{ + FILE *cfg_file; /* config file ptr */ + int linenum; /* cfg file line counter */ + int status = TRUE; /* were all the cfg lines good? */ + char line[CFG_LINE_LEN + 1]; /* buffer to hold region */ + + log = do_log; + memset(line, 0, CFG_LINE_LEN + 1); + cfg_file = fopen(filename, "r"); + if (!cfg_file) { + if (log){ + log_set_priority(LOG_WARNING); + log_msg("config file (%s) missing, using defaults", + filename); + } + opts->shell_flags = RSSH_ALLOW_SCP; + return FALSE; + } + linenum = 0; + while ( !got_user_config && fgets(line, CFG_LINE_LEN, cfg_file) ) { + linenum++; + if ( !(process_config_line(opts, cfg_file, line, linenum)) ) + status = FALSE; + memset(line, 0, CFG_LINE_LEN + 1); + } + fclose(cfg_file); + return status; +} + + +/* FILE SCOPE FUNCTIONS */ + +/* returns FALSE if there was an error, TRUE if not */ +int process_config_line( ShellOptions_t *opts, + FILE *cfg_file, + const char *line, + const int lineno ) +{ + char *newline; /* location of newline char in line */ + char tmp[CFG_LINE_LEN + 1]; /* buffer to scan past a \n */ + char keywrd[CFG_KW_LEN + 1]; /* tmp storage for config keyword */ + int pos = 0; /* position in string */ + + /* line should contain a \n - if not, line is too long. */ + if ( (newline = strchr(line, '\n')) ) + *newline = '\0'; + else { + /* there is no newline - log the error and find the EOL */ + if (log){ + log_set_priority(LOG_ERR); + log_msg("line %d: line too long", lineno); + } + while ( fgets(tmp, CFG_LINE_LEN, cfg_file) ){ + if ( (newline = strchr(line, '\n')) ) + break; + } + return FALSE; + } + + /* check for options and set appropriate global */ + + switch ( get_keyword(line, keywrd, &pos) ){ + case -1: + /* a blank line */ + return TRUE; + case 0: + /* start a comment - just ignore the line */ + return TRUE; + case 1: + /* allow scp */ + if ( !(process_allow_scp(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 2: + /* allow sftp */ + if ( !(process_allow_sftp(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 3: + /* allow cvs */ + if ( !(process_allow_cvs(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 4: + /* allow rdist */ + if ( !(process_allow_rdist(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 5: + /* allow rsync */ + if ( !(process_allow_rsync(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 6: + /* default chroot path */ + if ( !(process_chroot_path(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: + /* syslog log facility */ + if ( !(process_log_facility(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 8: + /* set the user's umask */ + if ( !(process_umask(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 9: + /* user */ + if ( !(process_user(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + default: + /* the keyword is unknown */ + if (log){ + log_set_priority(LOG_ERR); + log_msg("line %d: syntax error parsing config file", + lineno); + } + if ( keywrd[0] && log ) + log_msg("unknown keyword: %s", keywrd); + return FALSE; + } + /* this is never reached, but keeps the compiler quiet */ + return TRUE; +} + + +/* + * get_keyword() - Identify a configuration keyword at the beginning of a + * line, and return the index into the keyword array which + * matches the keyword. Return -1 if no match. This function + * assumes that keyword points to a buffer of size CFG_KW_LEN + * + 1. It is not intended to be called by functions outside + * this module, and if called with buffers smaller than + * CFG_KW_LEN + 1, a buffer overflow could result. The index + * of the character after the last character in the token is + * stored in the variable pointed to by end if a keyword is + * found, or 0 otherwise. + */ +int get_keyword( const char *line, char *keyword, int *end ) +{ + int i = 0; + + /* clear the buffer, so previous calls can't affect it */ + memset(keyword, 0, CFG_KW_LEN + 1); + + /* get a token, and match it against available keywords */ + if ( !( *end = get_token(line, keyword, CFG_KW_LEN + 1, FALSE, FALSE)) ) + return -1; + while ( keywords[i] != NULL ){ + if ( !(strncmp(keywords[i], keyword, CFG_KW_LEN)) ) return i; + i++; + } + return -1; +} + + +/* + * get_token() - Gets a token from the specified string. If the token starts + * with a quote, include subsequent spaces in the token, up to + * the next matching quote. Otherwise, take up to the next + * non-graph character. Return the index of the first character + * after the end of the token, zero if there was no token, and + * -1 if there was an unmatched quote. + * + * Valid tokens are '=', space-separated words, or any string + * enclosed in quotes. '=' and whitespace must be treated as + * token separators. We operate on a copy of str, so we can + * safely strip out the quotes. + * + * A colon is also treated as a token separator if the bool + * parameter colon is set to TRUE. + * + * If the bool parameter ign_spc is true, DO NOT consider space + * a token separator, i.e. leave spaces as-is in the string. We + * need this for processing the user config. It may originally + * have been enclosed in quotes to preserve spaces, but after we + * call get_asgn_param() on it, the quotes will have been + * stripped, leaving only spaces which were part of the + * assignment (most likely the chroot path). We need to treat + * those spaces as part of the data, so that we will not + * mistakenly split a path on a space which is supposed to be in + * the path... + * + * MODIFY THIS FUNCTION ONLY WITH GREAT CARE! IT IS A BUFFER + * OVERFLOW WAITING TO HAPPEN... + */ +int get_token( const char *str, char *buf, const int buflen, + const bool colon, const bool ign_spc ) +{ + int line_len; /* length of str (what's left of a line) */ + int len; /* length of token (or a portion of it) */ + char *copy; /* copy of str, so we can modify it */ + char *start; /* beginning of token */ + char *end; /* end of token */ + char *quote[2]; /* location of start and end quotes */ + int adjust = 0; /* to add to pos for each quote */ + int i; + + /* initialize strings and pointers */ + memset(buf, 0, buflen); + if ( !(copy = strdup(str)) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("OOM error in get_token() (fatal)"); + } + exit(1); + } + start = copy; + line_len = strlen(copy); + + /* first, skip past initial whitespace */ + + while ( isspace(*start) ) start++; + end = start; + /* if there's no token to get... */ + if ( *start == '\0' ) return 0; + + /* process character by character to determine end of token */ + while ( end <= (copy + line_len) ){ + + /* is it space? */ + if ( !ign_spc && isspace(*end) ){ + end--; + break; + } + + /* is it an equal sign, or '#'? */ + if ( *end == '=' || *end == '#' || (colon && *end == ':') ){ + /* *end is the token */ + if ( end == start ) break; + /* else, *end is the next token */ + end--; + break; + } + + /* + * Is it a quote? + * + * If so, everything between the quotes is part of the token, + * so character-by-character processing must be stopped until + * after the quote. However, the quotes are special: they are + * not part of the token. They must be stripped out of the + * copy, and the characters after each quote must be moved + * down. Then, the length of the copy (line_len) must be + * diminished by the number of stripped quotes (which should + * always be 2). Finally, because the original line will + * still have the quotes, we must add the number of quotes + * processed to the value of pos before we return it. + * + * Also, since quotes could theoretically appear anywhere in + * the line, we must not assume that the end quote is the end + * of the token; processing must continue after it. + * + */ + if ( *end == '"' || *end == '\'' ){ + quote[0] = end; + quote[1] = strchr(end + 1, *end); + + /* no matching quote */ + if ( !quote[1] ) return -1; + + /* strip out the quotes */ + + len = (int)(quote[1] - quote[0] - 1); + /* move characters between quotes down one */ + for ( i = 0; i < len; i++ ) + *(quote[0] + i) = *(quote[0] + i + 1); + /* move chars after quotes (incl. null) down two */ + len = (int)(copy - quote[1] + line_len); + for ( i = 0; i < len; i++ ) + *(quote[1] - 1 + i) = *(quote[1] + 1 + i); + /* since we lost a pair of quotes, fix line_len */ + line_len -= 2; + /* update end to last char of quoted string */ + end = quote[1] - 2; + /* account for removed quotes in the return value */ + adjust += 2; + } + + /* if we got here, increment end */ + end++; + } + + /* copy the remainder into buf, and return */ + len = (int)(1 + end - start); + strncpy(buf, start, ((len > buflen - 1) ? (buflen - 1) : len)); + free(copy); + return (1 + end + adjust - copy); +} + + +/* + * process_allow_scp() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, the + * line is ok, so opts are set to allow scp, and TRUE is + * returned. + */ +int process_allow_scp( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + if ( !eat_comment(line) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_INFO); + log_msg("allowing scp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SCP; + return TRUE; +} + +/* + * process_allow_sftp() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, the + * line is ok, so opts are set to allow sftp, and TRUE + * is returned. + */ +int process_allow_sftp( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_INFO); + log_msg("allowing sftp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SFTP; + return TRUE; +} + + +/* + * process_allow_cvs() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, the + * line is ok, so opts are set to allow cvs, and TRUE + * is returned. + */ +int process_allow_cvs( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_INFO); + log_msg("allowing cvs to all users"); + } + opts->shell_flags |= RSSH_ALLOW_CVS; + return TRUE; +} + + +/* + * process_allow_rdist() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, the + * line is ok, so opts are set to allow rdist, and TRUE + * is returned. + */ +int process_allow_rdist( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + log_set_priority(LOG_INFO); + if (log){ + log_msg("allowing rdist to all users"); + opts->shell_flags |= RSSH_ALLOW_RDIST; + } + return TRUE; +} + + +/* + * process_allow_rsync() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, the + * line is ok, so opts are set to allow rsync, and TRUE + * is returned. + */ +int process_allow_rsync( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_INFO); + log_msg("allowing rsync to all users"); + } + opts->shell_flags |= RSSH_ALLOW_RSYNC; + return TRUE; +} + + +int process_chroot_path( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + char *temp; /* to hold the assigned path */ + + /* + * older versions of rssh free()'d opts->chroot_path here, but this is + * an error. If the current config line had an error, that left the + * chroot_path in an invalid state. We now wait until after the + * new chroot_path is successfully assigned by get_asgn_param() to do + * the free() call. Waiting also allows us to preserve any previous + * chroot path if there is an error. + */ + + if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ + if (log) log_msg("fatal error: can't allocate space for chroot path"); + exit(1); + } + /* get_asgn_param() eats trailing comments, so we won't */ + if ( !get_asgn_param(line, lineno, temp, CFG_LINE_LEN + 1) ){ + free(temp); + return FALSE; + } + + /* get rid of any old value for chroot path, assign new one */ + if ( opts->chroot_path ) free(opts->chroot_path); + if (log){ + log_set_priority(LOG_INFO); + log_msg("chrooting all users to %s", temp); + } + /* we must not free temp, since opts points to it */ + opts->chroot_path = temp; + opts->shell_flags |= RSSH_USE_CHROOT; + return TRUE; +} + + +int process_log_facility( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + char *temp; /* hold log facility assignment */ + char *facname = NULL; + int fac = 0; + int pos; + + if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("fatal error: can't allocate space for log facility"); + } + exit(1); + } + /* this eats trailing comments */ + if ( !(pos = get_asgn_param(line, lineno, temp, CFG_LINE_LEN + 1)) ){ + free(temp); + return FALSE; + } +#ifdef LOG_KERN + if ( !strncmp(temp, "LOG_KERN", CFG_LINE_LEN) || + !strncmp(temp, "kern", CFG_LINE_LEN) ){ + facname = "LOG_KERN"; + fac = LOG_KERN; + } +#endif /* LOG_KERN */ + +#ifdef LOG_USER + if ( !strncmp(temp, "LOG_USER", CFG_LINE_LEN) || + !strncmp(temp, "user", CFG_LINE_LEN) ){ + facname = "LOG_USER"; + fac = LOG_USER; + } +#endif /* LOG_USER */ + +#ifdef LOG_MAIL + if ( !strncmp(temp, "LOG_MAIL", CFG_LINE_LEN) || + !strncmp(temp, "mail", CFG_LINE_LEN) ){ + facname = "LOG_MAIL"; + fac = LOG_MAIL; + } +#endif /* LOG_MAIL */ + +#ifdef LOG_DAEMON + if ( !strncmp(temp, "LOG_DAEMON", CFG_LINE_LEN) || + !strncmp(temp, "daemon", CFG_LINE_LEN) ){ + facname = "LOG_DAEMON"; + fac = LOG_DAEMON; + } +#endif /* LOG_DAEMON */ + +#ifdef LOG_AUTH + if ( !strncmp(temp, "LOG_AUTH", CFG_LINE_LEN) || + !strncmp(temp, "auth", CFG_LINE_LEN) ){ + facname = "LOG_AUTH"; + fac = LOG_AUTH; + } +#endif /* LOG_AUTH */ + +#ifdef LOG_AUTHPRIV + if ( !strncmp(temp, "LOG_AUTHPRIV", CFG_LINE_LEN) || + !strncmp(temp, "authpriv", CFG_LINE_LEN) ){ + facname = "LOG_AUTHPRIV"; + fac = LOG_AUTHPRIV; + } +#endif /* LOG_AUTHPRIV */ + +#ifdef LOG_SYSLOG + if ( !strncmp(temp, "LOG_SYSLOG", CFG_LINE_LEN) || + !strncmp(temp, "syslog", CFG_LINE_LEN) ){ + facname = "LOG_SYSLOG"; + fac = LOG_SYSLOG; + } +#endif /* LOG_SYSLOG */ + +#ifdef LOG_LPR + if ( !strncmp(temp, "LOG_LPR", CFG_LINE_LEN) || + !strncmp(temp, "lpr", CFG_LINE_LEN) ){ + facname = "LOG_LPR"; + fac = LOG_LPR; + } +#endif /* LOG_LPR */ + +#ifdef LOG_NEWS + if ( !strncmp(temp, "LOG_NEWS", CFG_LINE_LEN) || + !strncmp(temp, "news", CFG_LINE_LEN) ){ + facname = "LOG_NEWS"; + fac = LOG_NEWS; + } +#endif /* LOG_NEWS */ + +#ifdef LOG_UUCP + if ( !strncmp(temp, "LOG_UUCP", CFG_LINE_LEN) || + !strncmp(temp, "uucp", CFG_LINE_LEN) ){ + facname = "LOG_UUCP"; + fac = LOG_UUCP; + } +#endif /* LOG_UUCP */ + +#ifdef LOG_CRON + if ( !strncmp(temp, "LOG_CRON", CFG_LINE_LEN) || + !strncmp(temp, "cron", CFG_LINE_LEN) ){ + facname = "LOG_CRON"; + fac = LOG_CRON; + } +#endif /* LOG_CRON */ + +#ifdef LOG_FTP + if ( !strncmp(temp, "LOG_FTP", CFG_LINE_LEN) || + !strncmp(temp, "ftp", CFG_LINE_LEN) ){ + facname = "LOG_FTP"; + fac = LOG_FTP; + } +#endif /* LOG_FTP */ + +#ifdef LOG_LOCAL0 + if ( !strncmp(temp, "LOG_LOCAL0", CFG_LINE_LEN) || + !strncmp(temp, "local0", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL0"; + fac = LOG_LOCAL0; + } +#endif /* LOG_LOCAL0 */ + +#ifdef LOG_LOCAL1 + if ( !strncmp(temp, "LOG_LOCAL1", CFG_LINE_LEN) || + !strncmp(temp, "local1", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL1"; + fac = LOG_LOCAL1; + } +#endif /* LOG_LOCAL1 */ + +#ifdef LOG_LOCAL2 + if ( !strncmp(temp, "LOG_LOCAL2", CFG_LINE_LEN) || + !strncmp(temp, "local2", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL2"; + fac = LOG_LOCAL2; + } +#endif /* LOG_LOCAL2 */ + +#ifdef LOG_LOCAL3 + if ( !strncmp(temp, "LOG_LOCAL3", CFG_LINE_LEN) || + !strncmp(temp, "local3", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL3"; + fac = LOG_LOCAL3; + } +#endif /* LOG_LOCAL3 */ + +#ifdef LOG_LOCAL4 + if ( !strncmp(temp, "LOG_LOCAL4", CFG_LINE_LEN) || + !strncmp(temp, "local4", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL4"; + fac = LOG_LOCAL4; + } +#endif /* LOG_LOCAL4 */ + +#ifdef LOG_LOCAL5 + if ( !strncmp(temp, "LOG_LOCAL5", CFG_LINE_LEN) || + !strncmp(temp, "local5", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL5"; + fac = LOG_LOCAL5; + } +#endif /* LOG_LOCAL5 */ + +#ifdef LOG_LOCAL6 + if ( !strncmp(temp, "LOG_LOCAL6", CFG_LINE_LEN) || + !strncmp(temp, "local6", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL6"; + fac = LOG_LOCAL6; + } +#endif /* LOG_LOCAL6 */ + +#ifdef LOG_LOCAL7 + if ( !strncmp(temp, "LOG_LOCAL7", CFG_LINE_LEN) || + !strncmp(temp, "local7", CFG_LINE_LEN) ){ + facname = "LOG_LOCAL7"; + fac = LOG_LOCAL7; + } +#endif /* LOG_LOCAL7 */ + + free(temp); + if ( !eat_comment(line + pos) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if ( facname ){ + log_set_priority(LOG_INFO); + if (log) log_msg("setting log facility to %s", facname); + log_set_facility(fac); + return TRUE; + } + if (log){ + log_msg("line %d: unknown log facility specified", lineno); + log_set_facility(LOG_USER); + } + return FALSE; +} + + +int process_umask( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + char *temp; /* to store assignment param */ + int mask; /* umask */ + + if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("fatal error: can't allocate space in process_umask()"); + } + exit(1); + } + /* this eats trailing comments */ + if ( !get_asgn_param(line, lineno, temp, CFG_LINE_LEN + 1) ){ + free(temp); + return FALSE; + } + + /* convert the umask to a number */ + if ( !validate_umask(temp, &mask) ){ + if (log){ + log_set_priority(LOG_WARNING); + log_msg("line %d: invalid umask specified, using default 077", + lineno); + } + opts->rssh_umask = 077; + free(temp); + return FALSE; + } + if (log){ + log_set_priority(LOG_INFO); + log_msg("setting umask to %#o", mask); + } + opts->rssh_umask = mask; + free(temp); + return TRUE; +} + +int process_user( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + char *temp; /* to hold user options */ + char user[CFG_LINE_LEN + 1]; /* username of user entry */ + char mask[CFG_LINE_LEN + 1]; /* user's umask */ + char axs[CFG_LINE_LEN + 1]; /* user's access bits */ + char *path = NULL; /* user's chroot path */ + int tmpmask; /* temporary umask holder */ + int pos; /* count into line */ + int len; /* add len of token to pos */ + int optlen; /* string length of user options */ + bool allow_scp; + bool allow_sftp; + bool allow_cvs; + bool allow_rdist; + bool allow_rsync; + + /* make space for user options */ + if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ + if (log) log_msg("fatal error: can't allocate space for user options"); + exit(1); + } + + /* get the config bits and eat comments */ + if ( !get_asgn_param(line, lineno, temp, CFG_LINE_LEN) ){ + free(temp); + return FALSE; + } + optlen = strlen(temp); + + /* now process individual config bits of temp */ + if ( !(pos = get_token(temp, user, CFG_LINE_LEN + 1, TRUE, TRUE )) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing config file, line %d", + lineno); + } + return FALSE; + } + + /* + * if user != username, we don't care about the rest. Note that the + * bounds of both user and username are already checked, so strcmp() + * is ok here. This allows syntax errors in user lines to go + * unnoticed whenever the user line is not for the current user, but + * the benefit is we don't spend time processing (potentially) lots of + * user lines we don't care about... + */ + if ( (strcmp(user, username)) ) return TRUE; + if (log){ + log_set_priority(LOG_INFO); + log_msg("line %d: configuring user %s", lineno, user); + } + if ( !(len = eat_colon(temp + pos)) ){ + if (log) log_msg("syntax error parsing config file: line %d ", + lineno); + return FALSE; + } + pos += len; + + /* do the umask, but validate it last, since it's non-fatal */ + if ( !(len = get_token(temp + pos, mask, CFG_LINE_LEN + 1, + TRUE, FALSE)) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing user umask, line %d", lineno); + } + return FALSE; + } + pos += len; + + /* do the access bits */ + if ( !(len = eat_colon(temp + pos)) ){ + if (log) log_msg("syntax error parsing config file: line %d ", + lineno); + return FALSE; + } + pos += len; + if ( !(len = get_token(temp + pos, axs, CFG_LINE_LEN + 1, + TRUE, FALSE)) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing user access, line %d", lineno); + } + return FALSE; + } + if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, + &allow_rdist, &allow_rsync) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing access bits, line %d", lineno); + } + return FALSE; + } + pos += len; + + /* handle the chroot path -- both the colon and the path are optional */ + if ( !(len = eat_colon(temp + pos)) ) goto cleanup; + pos += len; + if ( !(path = (char *)malloc(CFG_LINE_LEN + 1)) ){ + if (log) log_msg("fatal error: can't allocate space for chroot path"); + exit(1); + } + if ( !(len = get_token(temp + pos, path, CFG_LINE_LEN + 1, + TRUE, TRUE)) ){ + free(path); + path = NULL; + } + pos += len; + +cleanup: + /* make sure nothing is left */ + while ( *(temp + pos) != '\0' && isspace(*(temp + pos)) ) pos++; + if ( *(temp + pos) != '\0' ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing user config: line %d", lineno); + } + return FALSE; + } + + /* now finally validate the umask */ + if ( !validate_umask(mask, &tmpmask) ){ + if (log){ + log_set_priority(LOG_WARNING); + log_msg("line %d: invalid umask specified, using default", + lineno); + } + tmpmask = 077; + } + if (log){ + log_set_priority(LOG_INFO); + log_msg("setting %s's umask to %#o", user, tmpmask); + } + opts->rssh_umask = tmpmask; + + /* set the rest of the parameters */ + + /* clear the default shell flags */ + opts->shell_flags = 0; + /* now set the user-specific flags */ + if ( allow_scp ){ + if (log) log_msg("allowing scp to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SCP; + } + if ( allow_sftp ){ + if (log) log_msg("allowing sftp to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SFTP; + } + if ( allow_cvs ){ + if (log) log_msg("allowing cvs to user %s", user); + opts->shell_flags |= RSSH_ALLOW_CVS; + } + if ( allow_rdist ){ + if (log) log_msg("allowing rdist to user %s", user); + opts->shell_flags |= RSSH_ALLOW_RDIST; + } + if ( allow_rsync ){ + if (log) log_msg("allowing rsync to user %s", user); + opts->shell_flags |= RSSH_ALLOW_RSYNC; + } + if ( path ){ + if (log) log_msg("chrooting %s to %s", user, path); + opts->shell_flags |= RSSH_USE_CHROOT; + } + opts->chroot_path = path; + got_user_config = TRUE; + return TRUE; +} + + +int get_asgn_param( const char *line, + const int lineno, + char *buf, /* stick param in here */ + const int buflen ) +{ + int pos; /* count into line */ + int len; /* add len of token to pos */ + + /* make sure '=' is next token, otherwise syntax error */ + if ( (pos = eat_assignment(line)) <= 0 ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("error parsing config file at line %d: " + "assignment expected", lineno); + } + return FALSE; + } + /* get the string parameter of the assignment */ + if ( !(len = get_token((line + pos), buf, buflen, FALSE, FALSE)) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing config file, line %d", + lineno); + } + return FALSE; + } + pos += len; + /* check for ending comment */ + if ( !eat_comment(line + pos) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing config file at line %d", + lineno); + } + return FALSE; + } + return pos; +} + +/* + * eat_char_token() - return position returned by get_token() if next token is + * tokchar, -1 if there was no token, and zero otherwise. + */ +int eat_char_token( const char tokchar, const char *line, bool colon, + bool ign_spc ) +{ + char token[CFG_LINE_LEN + 1]; /* temp storage for token */ + int pos; + + if ( !(pos = get_token(line, token, CFG_LINE_LEN + 1, colon, ign_spc)) ) + return -1; + if ( token[0] == tokchar && token[1] == '\0' ) return pos; + return 0; +} diff --git a/rsshconf.h b/rsshconf.h new file mode 100644 index 0000000..3c1ba9b --- /dev/null +++ b/rsshconf.h @@ -0,0 +1,55 @@ +/* + * rsshconf.h - headers and typedefs for rssh config module + * + * Copyright 2003-2005 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _rssh_config_h +#define _rssh_config_h + +/* SYSTEM INCLUDES */ +#include + +/* MACRO DEFINITIONS */ + +#define CFG_LINE_LEN 1024 /* max lenght of a config file line */ +#define CFG_KW_LEN 60 /* length of a keyword */ + + +/* STRUCTURES AND TYPEDEFS */ + +typedef struct { + unsigned int shell_flags; + mode_t rssh_umask; + char *chroot_path; +} ShellOptions_t; + + +/* EXTERNALLY VISIBLE FUNCTION DECLARATIONS */ +int read_shell_config( ShellOptions_t *opts, const char *filename, int log ); + + +#endif /* _rssh_config_h */ diff --git a/util.c b/util.c new file mode 100644 index 0000000..f98d2bc --- /dev/null +++ b/util.c @@ -0,0 +1,364 @@ +/* + * util.c - utility functions for rssh + * + * Copyright 2003-2006 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* SYSTEM INCLUDES */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ +#include +#ifdef HAVE_STDLIB_H +#include +#endif /* HAVE_STDLIB_H */ +#ifdef HAVE_UNISTD_H +#include +#endif /* HAVE_UNISTD_H */ +#ifdef HAVE_STRING_H +#include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_CTYPE_H +#include +#endif /* CTYPE_H */ +#ifdef HAVE_SYSLOG_H +#include +#endif /* HAVE_SYSLOG_H */ +#ifdef HAVE_PWD_H +#include +#endif /* HAVE_PWD_H */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif /* HAVE_SYS_TYPES_H */ +#ifdef HAVE_LIBGEN_H +#include +#endif /* HAVE_LIBGEN_H */ + +/* LOCAL INCLUDES */ +#include "pathnames.h" +#include "rssh.h" +#include "log.h" +#include "rsshconf.h" + +extern char *username; +extern char *progname; + + +void fail( int flags, int argc, char **argv ) +{ + char *cmd; /* string for allowed commands */ + int size = 0; + + log_set_priority(LOG_ERR); + + /* determine which commands are usable for error message */ + if ( flags & RSSH_ALLOW_SCP ) size += 4; /* "scp" plus a space */ + if ( flags & RSSH_ALLOW_SFTP ) size += 5; + if ( flags & RSSH_ALLOW_CVS ) size += 4; + if ( flags & RSSH_ALLOW_RDIST ) size += 6; + if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + + /* create msg indicating what is allowed */ + if ( !size ) cmd = "This user is locked out."; + else { + size += 18; + if ( !(cmd = (char *)malloc(size)) ){ + log_msg("fatal error: out of mem allocating log msg"); + exit(1); + } + cmd[0] = '\0'; + strncat(cmd, "Allowed commands: ", size); + if ( flags & RSSH_ALLOW_SCP ) + strncat(cmd, "scp ", size); + if ( flags & RSSH_ALLOW_SFTP ) + strncat(cmd, "sftp ", size); + if ( flags & RSSH_ALLOW_CVS ) + strncat(cmd, "cvs ", size); + if ( flags & RSSH_ALLOW_RDIST ) + strncat(cmd, "rdist ", size); + if ( flags & RSSH_ALLOW_RSYNC ) + strncat(cmd, "rsync", size); + } + + /* print error message to user and log attempt */ + fprintf(stderr, "\nThis account is restricted by rssh.\n" + "%s\n\nIf you believe this is in error, please contact " + "your system administrator.\n\n", cmd); + if ( argc < 3 ) + log_msg("user %s attempted to log in with a shell", + username); + else{ + log_msg("user %s attempted to execute forbidden commands", + username); + log_msg("command: %s", argv[2]); + } + + exit(1); +} + + +/* + * opt_exist() - takes a string representing a command line, and a single + * character representing a command-line option flag (e.g. "-S") + * to search for. If the option exists in the command line, + * return TRUE. This function is a little over-zealous about + * returning a match, but in this case that is better than not + * being zealous enough. And frankly, I don't want to spend the + * time required to get it 100% right. It's not worth the + * effort. + */ +bool opt_exist(char *cl, char opt) +{ + int i = 1; + int len; + + len = strlen(cl); + + /* process command line character by character */ + if (!(cl[0] == '-')) return FALSE; + while ( i < (len) ){ + if ( cl[i] == opt ) return TRUE; + i++; + } + return FALSE; +} + + +bool opt_filter(char **vec, const char opt) +{ + while (vec && *vec){ + if (opt_exist(*vec, opt)){ + fprintf(stderr, "\nillegal insecure %c option", opt); + log_msg("insecure %c option in scp command line!", opt); + return TRUE; + } + vec++; + } + return FALSE; +} + + +bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) +{ + char *prog; /* basename of cmd */ + char *tmp = cl; + bool need_free = FALSE; + bool rc = FALSE; + int i; + size_t len; + + + if ( opts->shell_flags & cmdflag ){ + /* cl may be a full command line; if so get first word */ + len = strlen(cl); + for (i=0; i < len && !isspace(*(cl + i)); i++); + if (i < len){ + if (!(tmp = (char *)malloc(sizeof (char) * (i+1)))){ + log_msg("malloc() failed in check_command()"); + return FALSE; + } + need_free = TRUE; + memcpy(tmp, cl, i); + tmp[i] = '\0'; + } + + /* compare tmp to cmd and prog for match */ + prog = basename(cmd); + if ( !(strcmp(tmp, cmd)) || !(strcmp(tmp, prog))){ + log_msg("cmd '%s' approved", prog); + rc = TRUE; + } + } + if (need_free) free(tmp); + return rc; +} + + +/* + * check_command_line() - take the command line passed to rssh, and verify + * that the specified command is one the user is + * allowed to run and validate the arguments. Return the + * path of the command which will be run if it is ok, or + * return NULL if it is not. + */ +char *check_command_line( char **cl, ShellOptions_t *opts ) +{ + + /* Here we call check_command not to validate, but to match */ + if ( check_command(*cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) + return PATH_SFTP_SERVER; + + if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ + /* filter -S option */ + if ( opt_filter(cl, 'S') ) return NULL; + return PATH_SCP; + } + + if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){ + if ( opt_filter(cl, 'e') ) return NULL; + return PATH_CVS; + } + + if ( check_command(*cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){ + /* filter -P option */ + if ( opt_filter(cl, 'P') ) return NULL; + return PATH_RDIST; + } + + if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ + if ( opt_filter(cl, 'e') ) return NULL; + while (cl && *cl){ + if ( strstr(*cl, "--rsh" ) ){ + fprintf(stderr, "\ninsecure --rsh= not allowed."); + log_msg("insecure --rsh option in rsync command line!"); + return NULL; + } + cl++; + } + return PATH_RSYNC; + } + /* No match, return NULL */ + return NULL; +} + + +/* + * get_command() - take the command line passed to rssh, and verify + * that the specified command is one the user is allowed to run. + * Return the path of the command which will be run if it is ok, + * or return NULL if it is not. + */ +char *get_command( char *cl, ShellOptions_t *opts ) +{ + + if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) + return PATH_SFTP_SERVER; + if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ) + return PATH_SCP; + if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ) + return PATH_CVS; + if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ) + return PATH_RDIST; + if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) + return PATH_RSYNC; + return NULL; +} + + + +/* + * extract_root() - takes a root directory and the full path to some other + * directory, and returns a pointer to a string which + * contains the path of the second directory relative to the + * first. In the event the second dir is not located + * somewhere in the first, NULL is returned. + */ +char *extract_root( char *root, char *path ) +{ + char *temp; + int len; + + len = strlen(root); + /* get rid of a trailing / from the root path */ + if ( root[len - 1] == '/' ){ + root[len - 1] = '\0'; + len--; + } + if ( (strncmp(root, path, len)) ) return NULL; + + /* + * path[len] is the first character of path which is not part of root. + * If it is not '/' then we chopped path off in the middle of a path + * element, and the result is not reliable. Assume an error. + */ + if ( path[len] != '/' ) return NULL; + if ( !(temp = strdup(path + len)) ){ + log_set_priority(LOG_ERR); + log_msg("can't allocate memory in function extract_root()"); + exit(1); + } + return temp; +} + +/* + * validate_mask() - takes a string which should be a umask, converts it, and + * validates that it is a valid umask. Returns true if it's + * good, false if it isn't. The integer umask is returned + * in the integer pointer mask. + */ +int validate_umask( const char *temp, int *mask ) +{ + char *err = NULL; /* for strtol() */ + + /* convert the umask to a number */ + *mask = strtol(temp, &err, 8); + if ( *err ) return FALSE; + /* make sure it's a good umask */ + if ( (*mask < 0) || (*mask > 0777) ) return FALSE; + return TRUE; +} + + +/* + * validate_access() - takes a string which should be the access bits for + * allow_sftp and allow_scp (in that order), and validates + * them. Returns the bits in the bool pointers of the + * same name, and returns FALSE if the bits are not valid + */ +int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) +{ + int i; + +#define NUM_ACCESS_BITS 5 + + if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; + /* make sure the bits are valid */ + for ( i = 0; i < NUM_ACCESS_BITS; i++ ) + if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; + /* This is easier to read if we allign the = */ + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + return TRUE; +} + +/* + * get_username() - get the username of the user, or return unknown + * + */ +char *get_username( void ) +{ + struct passwd *temp; + + if ( !(temp = getpwuid(getuid()) ) ) return "unknown user!"; + return temp->pw_name; +} + + diff --git a/util.h b/util.h new file mode 100644 index 0000000..8b81201 --- /dev/null +++ b/util.h @@ -0,0 +1,45 @@ +/* + * util.h - headers for utility functions for rssh + * + * Copyright 2003-2005 Derek D. Martin ( code at pizzashack dot org ). + * + * This program is licensed under a BSD-style license, as follows: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _util_h +#define _util_h + +#include "rsshconf.h" + +void fail( int flags, int argc, char **argv ); +char *check_command_line( char **cl, ShellOptions_t *opts ); +char *get_command( char *cl, ShellOptions_t *opts); +char *extract_root( char *root, char *path ); +int validate_umask( const char *temp, int *mask ); +int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); +bool opt_exist( char *cl, char opt ); +char *get_username( void ); + +#endif /* _util_h */ -- cgit v1.2.3 From af39c4f69c04a20d4768e30800e64e9fc71cae97 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 5 Sep 2016 15:39:58 -0700 Subject: Import rssh_2.3.4-5.debian.tar.xz [dgit import tarball rssh 2.3.4-5 rssh_2.3.4-5.debian.tar.xz] --- NEWS | 26 + README.Debian | 45 ++ changelog | 613 ++++++++++++++++++++ clean | 1 + compat | 1 + config | 11 + control | 29 + copyright | 56 ++ docs | 4 + examples | 1 + gbp.conf | 3 + install | 4 + logcheck.ignore.server | 6 + manpages | 2 + patches/0001-Fix-invalid-option-error.patch | 22 + ...Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch | 41 ++ ...buffer-allocation-buffer-for-fail-message.patch | 26 + patches/0004-Lower-syslog-priority-to-debug.patch | 104 ++++ .../0005-Fix-spelling-errors-in-manual-pages.patch | 30 + ...006-Fixes-and-improvements-to-mkchroot.sh.patch | 187 ++++++ .../0007-Handle-rsync-v3-e-protocol-option.patch | 126 +++++ .../0008-Add-support-for-Subversion-svnserve.patch | 625 +++++++++++++++++++++ patches/series | 8 + po/POTFILES.in | 1 + po/cs.po | 49 ++ po/da.po | 50 ++ po/de.po | 51 ++ po/es.po | 75 +++ po/fr.po | 58 ++ po/gl.po | 49 ++ po/id.po | 54 ++ po/it.po | 50 ++ po/ja.po | 45 ++ po/nl.po | 51 ++ po/pt.po | 50 ++ po/pt_BR.po | 53 ++ po/ru.po | 54 ++ po/sv.po | 58 ++ po/templates.pot | 42 ++ postinst | 53 ++ rules | 28 + source/format | 1 + source/options | 1 + templates | 13 + watch | 7 + 45 files changed, 2864 insertions(+) create mode 100644 NEWS create mode 100644 README.Debian create mode 100644 changelog create mode 100644 clean create mode 100644 compat create mode 100755 config create mode 100644 control create mode 100644 copyright create mode 100644 docs create mode 100644 examples create mode 100644 gbp.conf create mode 100644 install create mode 100644 logcheck.ignore.server create mode 100644 manpages create mode 100644 patches/0001-Fix-invalid-option-error.patch create mode 100644 patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch create mode 100644 patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch create mode 100644 patches/0004-Lower-syslog-priority-to-debug.patch create mode 100644 patches/0005-Fix-spelling-errors-in-manual-pages.patch create mode 100644 patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch create mode 100644 patches/0007-Handle-rsync-v3-e-protocol-option.patch create mode 100644 patches/0008-Add-support-for-Subversion-svnserve.patch create mode 100644 patches/series create mode 100644 po/POTFILES.in create mode 100644 po/cs.po create mode 100644 po/da.po create mode 100644 po/de.po create mode 100644 po/es.po create mode 100644 po/fr.po create mode 100644 po/gl.po create mode 100644 po/id.po create mode 100644 po/it.po create mode 100644 po/ja.po create mode 100644 po/nl.po create mode 100644 po/pt.po create mode 100644 po/pt_BR.po create mode 100644 po/ru.po create mode 100644 po/sv.po create mode 100644 po/templates.pot create mode 100755 postinst create mode 100755 rules create mode 100644 source/format create mode 100644 source/options create mode 100644 templates create mode 100644 watch diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..7adbe32 --- /dev/null +++ b/NEWS @@ -0,0 +1,26 @@ +rssh (2.3.2-9) unstable; urgency=low + + This version of the rssh package adds support for Subversion by adding + an additional configuration parameter that, if set, allows an rssh user + to run svnserve -t. + + This support requires changing the /etc/rssh.conf file format to add an + additional binary digit to the permissions field. The package will + attempt to make that change automatically during the upgrade, disabling + svnserve for all users by default, but you may want to double-check the + resulting /etc/rssh.conf file to be sure it's correct. + + -- Russ Allbery Sat, 04 Apr 2009 14:39:27 -0700 + +rssh (2.2.1-1) unstable; urgency=medium + + * This release contains 2 major updates: + - A minor security fix (which results only in disclosing some information + in chrooted jails about the non chrooted environment). + - New support for cvs, rdist and rsync. Due to the new protocols, a + modification needs to be done in the configuration file, which has not + been automated in the installation scripts. Read the packages' README + for more information. + + -- Jesus Climent Thu, 8 Jul 2004 02:37:24 -0300 + diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..8c71aae --- /dev/null +++ b/README.Debian @@ -0,0 +1,45 @@ +rssh for Debian +--------------- + +rssh provides a way of restricting a user to only using one or more of +scp, sftp, cvs, rsync, rdist, and svnserve. rssh also can optionally +chroot into a jail before running the command and has a configuration file +to specify which commands are allowed. + +Please thoroughly read the rssh man page before using this program. If +rssh is not configured correctly, it may not be secure. You may also want +to read the security history in /usr/share/doc/rssh/SECURITY. In +particular, if you're allowing ssh access, make sure that either the +restricted user cannot write to ~/.ssh or ~/.ssh/environment or that you +have PermitUserEnvironment set to no in /etc/sshd_config. + +/usr/share/doc/rssh/examples/mkchroot.sh automates much of the work of +setting up a chroot environment if you choose to configure rssh that way. +Alternately, you could try using makejail, which takes a more +comprehensive approach to figuring out what files are needed. makejail is +designed for daemons, so it's a bit difficult to use, but if you configure +makejail to run (via testCommandsInsideJail) the programs you want to +allow the user to run via rssh, it may be able to figure it out. + +rssh is built using shared libraries by default. If you want to recompile +it statically linked, build the source package with: + + DEB_CONFIGURE_OPTIONS=static + +in the environment. The rssh author recommends this, but static binaries +are not well-supported by glibc. + +Keep in mind that the software has been developed to be simple, trying to +avoid possible security problems, but cannot be assured. If you find a +security problem, please report it as soon as possible. Note that the +Debian bug tracking system is public; if you believe you have discovered a +serious security vulnerability, feel free to contact the maintainers +directly. + +Also note that the upstream maintainer of rssh does not plan to make any +further releases. If you are interested in support for additional +programs (such as passwd; see Debian Bug#323384) and you have the skills +to maintain a security-sensitive C program, consider taking over upstream +maintenance. + + -- Russ Allbery , Mon, 29 Mar 2010 11:23:15 -0700 diff --git a/changelog b/changelog new file mode 100644 index 0000000..e428563 --- /dev/null +++ b/changelog @@ -0,0 +1,613 @@ +rssh (2.3.4-5) unstable; urgency=medium + + * Enable all hardening flags. + * Fix another spelling error in the rssh man page, caught by Lintian. + * Translation updates: + - Indonesian, thanks Izharul Haq. (Closes: #835621) + * Switch to the DEP-14 branch layout and update debian/gbp.conf and + Vcs-Git accordingly. + * Run wrap-and-sort -ast on packaging files. + * Switch to https for Vcs-Git and Vcs-Browser URLs. + * Fix duplicate license clause in debian/copyright. + * Update standards version to 3.9.8 (no changes required). + + -- Russ Allbery Mon, 05 Sep 2016 15:39:58 -0700 + +rssh (2.3.4-4) unstable; urgency=low + + * Fix typo in the example mkchroot script that causes it to fail to + copy the libnss compat modules. Patch from Jeremy Jongepier. + (Closes: #729294) + * This package is now maintained using gbp pq from git-buildpackage. + Remove the TopGit glue and the obsolete README.source package and + rename the patches based on the export convention of gbp pq. + * Drop override to use xz compression for the binary package. This is + now the default in dpkg-buildpackage. + * Update standards version to 3.9.5 (no changes required). + * Translation updates: + - Portuguese (Brazilian), thanks Fernando Ike de Oliveira. + (Closes: #723148) + * Reformat translations with debconf-updatepo. Add some missing + Language fields and update the Report-Msgid-Bugs-To address. + + -- Russ Allbery Sat, 07 Dec 2013 19:18:35 -0800 + +rssh (2.3.4-3) unstable; urgency=low + + * Patch the upstream build system to honor CFLAGS and CPPFLAGS as passed + to configure. This fixes use of hardening flags during the build. + Thanks to Simon Ruderich for the patch. (Closes: #709941) + + -- Russ Allbery Tue, 28 May 2013 14:37:10 -0700 + +rssh (2.3.4-2) unstable; urgency=low + + * Upload to unstable. + * Fix implicit function declaration compiler warning from the svnserve + patch. + * Use xz compression for the Debian source and binary package. + * Canonicalize the Vcs-Git and Vcs-Browser control fields. + * Update standards version to 3.9.4 (no changes required). + + -- Russ Allbery Sat, 11 May 2013 17:09:30 -0700 + +rssh (2.3.4-1) experimental; urgency=low + + * New upstream release. + - Merges fixes/command-line-checking. + - Fix a (probably not exploitable) flaw in determining the command + to run from the provided command line. + * Adjust the installation process for the new upstream behavior of + installing rssh.conf as rssh.conf.default. The Debian package + continues to install it as /etc/rssh.conf. + * Add new logcheck ignore line for a new upstream log message. + * Fix the log level for a notice of global svnserve access to use debug, + matching the (patched) behavior for the other program types. + * Fix the regular expression in the previous change to correctly match a + literal period instead of any character. (This fix is not critical, + but adds further defense in depth.) Remove an unused variable to + silence compiler warnings. Patch from Tomas Hoger. + * Change debian/watch to use the sf.net redirector. + + -- Russ Allbery Fri, 07 Dec 2012 16:14:37 -0800 + +rssh (2.3.3-6) unstable; urgency=high + + * Fix several flaws in validation of rsync options. Ensure --server + cannot be hidden from the server by putting it after -- or as the + argument to another option. Verify that the -e option's value matches + expectations rather than trying to look for invalid -e option values. + (CVE-2012-2251) + * Reject the rsync --rsh option even if it does not contain a trailing + equal sign. (CVE-2012-2252) + + -- Russ Allbery Thu, 22 Nov 2012 12:01:41 -0800 + +rssh (2.3.3-5) unstable; urgency=medium + + * Apply upstream patch to close security vulnerability that permitted + clever manipulation of environment variables on the ssh command line + to bypass rssh checking. (CVE-2012-3478) + + -- Russ Allbery Fri, 10 Aug 2012 22:14:34 -0700 + +rssh (2.3.3-4) unstable; urgency=low + + * Force libexecdir to /usr/lib/rssh. This is not a library package and + has no reason to be using the multiarch paths, but picked up the + modification to libexecdir as a side effect of the debhelper + compatibility level change. (Closes: #663011) + + -- Russ Allbery Wed, 07 Mar 2012 16:07:37 -0800 + +rssh (2.3.3-3) unstable; urgency=low + + * Translation updates: + - Danish, thanks Joe Dalton. (Closes: #659447) + * Update debian/copyright to copyright-format 1.0. + * Update standards version to 3.9.3 (no changes required). + + -- Russ Allbery Sun, 04 Mar 2012 21:43:29 -0800 + +rssh (2.3.3-2) unstable; urgency=low + + * Update examples/mkchroot.sh to include libnss modules in a multiarch + subdirectory of /lib if none exist directly in /lib. + * Update to debhelper compatibility level V9. + - Enable compiler hardening flags, including bindnow and PIE. + (Closes: #654155) + * Use dh-autoreconf to regenerate the Autotools build system rather than + rolling our own equivalent. + * Update standards version to 3.9.2 (no changes required). + + -- Russ Allbery Sun, 05 Feb 2012 19:51:55 -0800 + +rssh (2.3.3-1) unstable; urgency=low + + * New upstream release. + - Exit with non-zero status when fatal() is called. + - Merges Debian fixes/config-parse-fatal, fixes/man-page-hyphen, and + fixes/missing-config patches. + * In the example mkchroot script, also check for and copy over the + dependencies of any of the NSS libraries we copy over. This picks up + the libnsl library, which is now required. Print out a warning that + mkchroot doesn't copy over any of the libraries required for other + supporting programs (rsync, etc.), only those for scp and sftp. + (Closes: #611878) + * Update debian/copyright to the current DEP-5 format. + * Update to debhelper compatibility level V8. + * Update to standards version 3.9.1 (no changes required). + + -- Russ Allbery Mon, 28 Feb 2011 17:45:00 -0800 + +rssh (2.3.2-13) unstable; urgency=low + + * When allocating the buffer to tell a locked-out user what commands are + supported, add an additional byte for the nul at the end of the + string. (Closes: #601145) + + -- Russ Allbery Wed, 10 Nov 2010 11:23:07 -0800 + +rssh (2.3.2-12) unstable; urgency=low + + * If parsing the configuration file fails, abort with an error rather + than continuing on and applying the defaults, since the defaults may + be wrong for the current user. Patch from Jon Barber. + * Fix spelling error (seperate for separate) in rssh man page. + * Remove version from openssh-server dependency since it was older than + oldstable. + * Update standards version to 3.9.0 (no changes required). + + -- Russ Allbery Tue, 06 Jul 2010 18:07:47 -0700 + +rssh (2.3.2-11) unstable; urgency=low + + * Switch to 3.0 (quilt) source format. + - Remove build dependency on quilt and debian/rules machinery. + * Remove all of the files touched by autoreconf -i. + * Remove Jesus Climent from uploaders. He hasn't had time to work on + the package in a while. + * Update standards version to 3.8.4 (no changes required). + + -- Russ Allbery Mon, 29 Mar 2010 11:28:43 -0700 + +rssh (2.3.2-10) unstable; urgency=low + + * Update standards version 3.8.2 (no changes required). + * Translation updates: + - Czech, thanks Martin Šín. (Closes: #533389) + - Russian, thanks Yuri Kozlov. (Closes: #537062) + + -- Russ Allbery Sat, 18 Jul 2009 19:49:00 -0700 + +rssh (2.3.2-9) unstable; urgency=low + + * This package is now maintained using Git and TopGit. A quilt + patch series is exported from TopGit branches for the final Debian + package. Update debian/README.source, the Vcs-* control fields, and + debian/rules accordingly. + * Add support for svnserve (Subversion). This requires a change in the + format of /etc/rssh.conf to add an additional binary digit to the + permissions field. /etc/rssh.conf will be automatically updated as + part of the package upgrade using /usr/share/rssh/conf_convert. Patch + from Davide Scola. (Closes: #284756) + * In mkchroot, also install /dev/zero in the chroot. Noted in an + updated patch from Ross Davis sent to the rssh-discuss list. + * Remove postrm script that removed rssh from /etc/shells. We do that + in postinst on upgrade and have for some time, so this maintainer + script was unnecessary. + * Convert to the proposed new copyright format. + * Swap Maintainer and Uploaders, making me the primary maintainer. I've + done all of the recent uploads. + * Update debhelper compatibility level to V7. + - Use rule minimization with overrides. + - Move install, examples, and manpage lists into separate files. + - Add --enable-static if "static" is in DEB_CONFIGURE_OPTIONS rather + than requiring the variable be set to exactly --enable-static. + - Remove unnecessary debian/dirs. + * Update standards version to 3.8.1 (no changes required). + * Translation updates: + - Spanish, thanks Francisco Javier Cuadrado. (Closes: #509356) + + -- Russ Allbery Sat, 04 Apr 2009 15:41:07 -0700 + +rssh (2.3.2-8) unstable; urgency=low + + * The upstream mkchroot script uses echo -e, so make it a /bin/bash + script, which is less invasive than rewriting all of the echo + statements to printf. Thanks, Raphael Geissert. (Closes: #489653) + * Update standards version to 3.8.0. + - Add a README.source file pointing to the quilt documentation. + + -- Russ Allbery Sun, 13 Jul 2008 13:09:38 -0700 + +rssh (2.3.2-7) unstable; urgency=low + + * Translation updates: + - Galician, thanks Jacobo Tarrio. (Closes: #483220) + + -- Russ Allbery Tue, 27 May 2008 19:48:25 -0700 + +rssh (2.3.2-6) unstable; urgency=low + + * Allow the -e option to rsync in conjunction with --server when it + contains a protocol version. As of version three, rsync reused the -e + option to pass protocol information. (Closes: #471803) + * Avoid a segfault when logging is disabled and the configuration file + could not be opened. Thanks, Thomas Liske. (Closes: #470262) + * Update the example mkchroot.sh script, thanks to Carsten Maass and + proctor mcduff. (Closes: #465528) + - Fix the parsing of ldd output. + - Create /dev/null and /dev/log in the chroot. + - Update the sftp-server and rssh_chroot_helper paths for Debian. + - Copy /etc/ld.* files recursively. + - Add better error handling. + * Suggest makejail for the chroot setup. (Closes: #458563) + * Clean all patches of extraneous headers and timestamps. + * Mention in README.Debian that the upstream maintainer doesn't plan + future releases and therefore major new work (such as Subversion + support) may require taking over upstream maintenance. + * Add a Homepage control field and drop the XS-* prefixes for the Vcs + control fields. + * Add the upstream copyright statement and the complete license to + debian/copyright. + * Add a watch file. + * debian/rules cleanup: + - Use a stamp file for installation. + - Depend on the quilt stamp file to prevent repeating configure. + - Use touch $@ to create stamp files. + - Simplify the rule structure. + * Update standards version to 3.7.3 (no changes required). + + -- Russ Allbery Sun, 23 Mar 2008 12:46:52 -0700 + +rssh (2.3.2-5) unstable; urgency=low + + * Fix the logic for checking whether the setuid status of + rssh_chroot_helper was overridden by the sysadmin. The previous logic + would only make it setuid if dpkg-statoverride couldn't be found. + Thanks, Peter Baumann. (Closes: #425431) + * Don't add rssh to /etc/shells; restricted shells should not be listed + there. Remove it from /etc/shells if upgrading from an older version. + Also, we don't need to conditionalize running add-shell and + remove-shell, since debianutils is essential and has had add-shell and + remove-shell since etch. (Closes: #424672) + * Remove the obsolete security note from the config script. + * Fix the build system to not run configure twice. + * Add XS-Vcs-Svn and XS-Vcs-Browser control fields. + + -- Russ Allbery Mon, 21 May 2007 19:10:54 -0700 + +rssh (2.3.2-4) unstable; urgency=low + + * Rewrite the prompt for a setuid rssh_chroot_helper to follow the + DevRef debconf style guidelines and not mention an incorrect path in + /usr/bin. (Closes: #421000) + * Don't use config.status as a stamp file, since then the ordering of + removal causes make clean to fail after a build. (Closes: #424281) + * Translation updates: + - Swedish, thanks Daniel Nylander. + - Dutch, thanks cobaco. + - Portuguese, thanks Miguel Figueiredo. (Closes: #418924) + - German, thanks Helge Kreutzmann. (Closes: #419252) + - Italian, thanks Luca Monducci. (Closes: #419398) + - French, thanks Michel Grentzinger. (Closes: #420430) + - Japanese, thanks Hideki Yamane. (Closes: #422265) + + -- Russ Allbery Tue, 15 May 2007 15:59:24 -0700 + +rssh (2.3.2-3) unstable; urgency=low + + * In the example mkchroot script, warn that /etc/passwd is copied into + the chroot and the user may wish to remove unnecessary users and + sensitive information. (Closes: #366655) + * Let debhelper handle debconf purging in postrm properly, fixing + purging failures when debconf isn't installed. (Closes: #417009) + * Remove debconf update notes for versions that are now older than + oldstable. (Closes: #388957) + * Improve the README.Debian security information. Move the details from + the debconf security note to here to eliminate the rest of the debconf + note abuse. + * Fix incorrect hyphens in the rssh man page. + * Recognize reconfigure in postinst. + * Don't die on unknown actions in maintainer scripts. + * Only remove rssh from /etc/shells on remove and purge, not upgrade. + * Use $(CURDIR) instead of `pwd` in debian/rules. + * Update standards version to 3.7.2 (no changes required). + * Update debhelper compatibility level to V5. + * Translation updates: + - Spanish, thanks Steve Lord Flaubert. (Closes: #415185) + - Dutch, thanks cobaco. (Closes: #415505) + + -- Russ Allbery Wed, 11 Apr 2007 19:07:28 -0700 + +rssh (2.3.2-2) unstable; urgency=low + + * Translation updates: + - Portuguese, thanks Miguel Figueiredo. (Closes: #410869) + + -- Russ Allbery Thu, 15 Feb 2007 20:37:53 -0800 + +rssh (2.3.2-1) unstable; urgency=low + + * New co-maintainer. + * New upstream release. + - Incorporates fixes from NMU. (Closes: #346322, #355935, #357715) + - Incorporates missing va_end also fixed in NMU. (Closes: #339531) + * Don't compress example scripts. (Closes: #333923) + * Mention chroot and jail in the rssh description. (Closes: #335475) + * Add libnss_compat* to the chroot script. (Closes: #335384) + * Drop the ssh-krb5 alternative; it doesn't use the right sftp-server + path. Add Suggests pointing to the other supported commands. + * Drop the configuration caution from the package description; it's in + the man page and the long description isn't supposed to include + configuration information for the package. + * Rework README.Debian a little to point to the rssh man page instead of + SECURITY (upstream moved the security notes there) and emphasize + reading the documentation before using the package. + * Update logcheck rules. + * debian/rules and debian/control cleanup. + - Switch to quilt for patches. It works essentially the same as the + script the package was using but is more standard and is the current + recommended tool. + - Run dh_shlibdeps to pick up proper dependency information. + - Get the debconf dependency from debhelper. + - Use debian/compat instead of setting DH_COMPAT. + - Use dh_installman instead of the deprecated dh_installmanpages. + - Remove duplicate rssh.docs configuration file. + - Don't install config.{guess,sub}; configure doesn't use them. + - Rename NEWS.Debian to NEWS so that debhelper installs it. + - Install logcheck rules with debhelper. + - Simplify unused rules and remove some boilerplate. + * Translation updates. + - Swedish, thanks Daniel Nylander. (Closes: #341412) + + -- Russ Allbery Fri, 21 Apr 2006 20:45:25 -0700 + +rssh (2.3.0-1.1) unstable; urgency=high + + * NMU (with maintainer permission). + * Backport code changes from upstream 2.3.2 release. + - Fixes coding error that runs cvs instead of rsync and rdist and + bypasses various security checks. (Closes: #346322) + - Fixes use of uninitialized variables that crash the chroot helper + program. (Closes: #355935) + + -- Russ Allbery Sat, 18 Mar 2006 20:29:29 -0800 + +rssh (2.3.0-1) unstable; urgency=high + + * New upstream release. + * This package is a security update: + - closes CVE-2005-3345. + - Closes: #344424, #344395 + + -- Jesus Climent Mon, 19 Dec 2005 20:00:02 +0200 + +rssh (2.2.3-3) unstable; urgency=low + + * Changed the path of sftp-server to /usr/lib/openssh/sftp-server to + cope with ssh changes, in the helper script to create the chroots. + * Add rssh to /etc/shells (Closes: #312330). + * Added a logcheck file (Closes: #319802). + * Lowered the log output from INFO to DEBUG, to reduce the amount of + information rssh spits (Closes: #325684). + + -- Jesus Climent Sun, 9 Oct 2005 21:48:35 +0000 + +rssh (2.2.3-2) unstable; urgency=low + + * The "I spent DebConf5 without a single package upload" release. + * Added a dependency on openssh-server so that the change to the new + sftp-server does not affect us. + * Also, changed the path to the new sftp-server location. + * Added debconf-2.0 dependency. + + -- Jesus Climent Fri, 5 Aug 2005 12:23:47 +0000 + +rssh (2.2.3-1) unstable; urgency=high + + * New upstream release + * Security fix: CAN-2004-1161. Closes: #284207. + * Translations update: + - de.po: Jens Nachtigall (Closes: #276697) + - ja.po: Hideki Yamane (Closes: #272899) + - cs.po: Miroslav Kure (Closes: #287300) + - it.po: Luca Monducci (Closes: #288828) + * Urgency set to high due to the security fix and to get it into Sarge. + + -- Jesus Climent Wed, 19 Jan 2005 10:02:13 +0000 + +rssh (2.2.2-1) unstable; urgency=high + + * New upstream release (Closes: #278157) + * Urgency set to high due to the bug #278157, which happens to be a security + bug. Thanks to the reporters: Hideki Yamane and Florian Weimer. + + -- Jesus Climent Wed, 27 Oct 2004 09:44:54 +0000 + +rssh (2.2.1-5) unstable; urgency=low + + * Translations updated: + - French: fr.po (Closes: #267573) + - Brazilian: pt_BR.po (Closes: #272433) + - Japanese: ja.po (Closes: #236236) although might be outdated. + + -- Jesus Climent Tue, 21 Sep 2004 15:07:29 +0000 + +rssh (2.2.1-4) unstable; urgency=low + + * Files CHROOT and SECURITY added to the package (Closes: #272650) + * mkchroot script and CHROOT file have been adapted to Debian. + + -- Jesus Climent Tue, 21 Sep 2004 10:52:11 +0000 + +rssh (2.2.1-3) unstable; urgency=low + + * My mistake! I added an exit to test the scripts and did not erase it + (Closes: #269875) + + -- Jesus Climent Tue, 7 Sep 2004 06:33:03 +0000 + +rssh (2.2.1-2) unstable; urgency=low + + * Upload to unstable. + + -- Jesus Climent Thu, 5 Aug 2004 11:38:58 +0300 + +rssh (2.2.1-1) experimental; urgency=low + + * New upstream release + * NEWS.Debian + + -- Jesus Climent Thu, 8 Jul 2004 02:37:24 -0300 + +rssh (2.2.0-1) experimental; urgency=low + + * New upstream release + + -- Jesus Climent Thu, 27 May 2004 23:56:12 -0300 + +rssh (2.1.1-5) unstable; urgency=low + + * Corrected dependency on ssh-krb5 (Closes: #232575) + + -- Jesus Climent Fri, 13 Feb 2004 20:43:23 +0000 + +rssh (2.1.1-4) unstable; urgency=low + + * Updated Brazilain Portuguese (pt_BR) translation (Closes: #218808) + * Updated Japanese (ja.po) translation (Closes: #224178) + + -- Jesus Climent Thu, 15 Jan 2004 16:17:47 +0000 + +rssh (2.1.1-3) unstable; urgency=low + + * Updated french (fr.po) translation file (Closes: #209173) + + -- Jesus Climent Thu, 11 Sep 2003 07:44:43 +0000 + +rssh (2.1.1-2) unstable; urgency=low + + * Somehow I uploaded the wrong copy of the package. Let's try again... + (Closes: #208739). + + -- Jesus Climent Thu, 4 Sep 2003 21:08:15 +0000 + +rssh (2.1.1-1) unstable; urgency=low + + * New upstream release (Closes: #201096) + * gettext is now used for debconf templates (Closes: #203673) + * Added french translation (Closes: #203674) + * rssh_chroot_helper moved to /usr/lib/rssh + * Standards version to 3.6.0 + + -- Jesus Climent Mon, 28 Jul 2003 13:43:20 +0000 + +rssh (2.0.4-1) unstable; urgency=low + + * New upstream release + + -- Jesus Climent Wed, 2 Jul 2003 21:58:08 +0000 + +rssh (2.0.3-2) unstable; urgency=low + + * $version did not get compared at all on debconf's config file. + + -- Jesus Climent Wed, 11 Jun 2003 21:56:35 +0000 + +rssh (2.0.3-1) unstable; urgency=low + + * New upstream release + * Standards-Version updated to 3.5.10 + + -- Jesus Climent Sat, 7 Jun 2003 17:04:09 +0000 + +rssh (2.0.2-1) unstable; urgency=low + + * New upstream release. + * We ask now for SUID option during installation: Closes: #188088. + * Small mistake in README.Debian: Closes: #188602. + + -- Jesus Climent Tue, 8 Apr 2003 11:02:52 +0300 + +rssh (2.0.1-1) unstable; urgency=low + + * New upstream release + + -- Jesus Climent Fri, 28 Feb 2003 18:27:47 +0000 + +rssh (2.0.0-1) unstable; urgency=low + + * New upstream release + * This release solves some problems upstream will include in the next + upstream release: correct COPYING file, Makefile.am problem,... + + -- Jesus Climent Mon, 24 Feb 2003 16:59:00 +0200 + +rssh (1.0.4-2) unstable; urgency=low + + * This time the description is _really_ not starting with "A". + + -- Jesus Climent Thu, 23 Jan 2003 13:43:53 +0200 + +rssh (1.0.4-1) unstable; urgency=low + + * New upstream release + + -- Jesus Climent Thu, 23 Jan 2003 13:43:36 +0200 + +rssh (1.0.3-2) unstable; urgency=low + + * Missing file SECURITY now included (Closes: #172018) + + -- Jesus Climent Wed, 11 Dec 2002 16:44:19 +0200 + +rssh (1.0.3-1) unstable; urgency=low + + * New upstream release + * Dependency upon new released ssh package (Closes: #168672) + + -- Jesus Climent Mon, 25 Nov 2002 08:07:08 +0200 + +rssh (1.0.1-3) unstable; urgency=low + + * Description starting with (Closes: #168556) + + -- Jesus Climent Thu, 14 Nov 2002 05:15:09 +0200 + +rssh (1.0.1-2) unstable; urgency=low + + * Link to the license directory in copyright. + + -- Jesus Climent Fri, 1 Nov 2002 19:58:51 +0200 + +rssh (1.0.1-1) unstable; urgency=low + + * New upstream release + * Static build is activated, and will deactivated when OpenSSH 3.5 is on + unstable. + + -- Jesus Climent Thu, 24 Oct 2002 14:08:37 +0300 + +rssh (1.0.0-1) unstable; urgency=low + + * New upstream release + * Closes: #160702. + + -- Jesus Climent Fri, 20 Sep 2002 17:48:24 +0300 + +rssh (0.9.3-2) unstable; urgency=low + + * debconf aware, showing the security note. + * the security note is shown just once. + * the security note is actually included in the package. + + -- Jesus Climent Tue, 17 Sep 2002 11:31:04 +0300 + +rssh (0.9.3-1) unstable; urgency=low + + * Initial Release. + + -- Jesus Climent Thu, 12 Sep 2002 23:23:59 +0300 + diff --git a/clean b/clean new file mode 100644 index 0000000..b82e8b4 --- /dev/null +++ b/clean @@ -0,0 +1 @@ +rssh.conf diff --git a/compat b/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +9 diff --git a/config b/config new file mode 100755 index 0000000..f636a68 --- /dev/null +++ b/config @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule +db_version 2.0 + +db_input medium rssh/chroot_helper_setuid || true +db_go + +exit 0 diff --git a/control b/control new file mode 100644 index 0000000..eb53123 --- /dev/null +++ b/control @@ -0,0 +1,29 @@ +Source: rssh +Section: net +Priority: optional +Maintainer: Russ Allbery +Build-Depends: + debhelper (>= 9), + dh-autoreconf, +Standards-Version: 3.9.8 +Homepage: http://www.pizzashack.org/rssh/ +Vcs-Git: https://anonscm.debian.org/git/collab-maint/rssh.git -b debian/master +Vcs-Browser: https://anonscm.debian.org/gitweb/?p=collab-maint/rssh.git + +Package: rssh +Architecture: any +Depends: + openssh-server, + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + cvs, + makejail, + rdist, + rsync, + subversion, +Description: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist + rssh is a restricted shell, used as a login shell, that allows users to + perform only scp, sftp, cvs, svnserve (Subversion), rdist, and/or rsync + operations. It can also optionally chroot user logins into a restricted + jail. diff --git a/copyright b/copyright new file mode 100644 index 0000000..57d0b57 --- /dev/null +++ b/copyright @@ -0,0 +1,56 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: http://www.pizzashack.org/rssh/ + +Files: * +Copyright: 2003-2010 Derek D. Martin ( code at pizzashack dot org ). +License: BSD-two-clause + +Files: conf_convert +Copyright: (C) 2009 Davide Scola +License: GPL-2.0+ + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2, or (at your option) any later + version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + . + A copy of the GNU General Public License version 2 is available in + /usr/share/common-licenses/GPL-2 on Debian systems. + +Files: debian/* +Copyright: 2002-2005 Jesus Climent + 2006-2013, 2016 Russ Allbery +License: BSD-two-clause +Comment: + Work by Jesus Climent has no explicit license. Presumably that work + may be redistributed under the same terms as rssh itself. + . + Changes by Russ Allbery and may be redistributed and/or modified under + the same terms as the rssh package. + +License: BSD-two-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + . + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. diff --git a/docs b/docs new file mode 100644 index 0000000..59c0950 --- /dev/null +++ b/docs @@ -0,0 +1,4 @@ +CHROOT +README +SECURITY +TODO diff --git a/examples b/examples new file mode 100644 index 0000000..9e2076b --- /dev/null +++ b/examples @@ -0,0 +1 @@ +mkchroot.sh diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..2541c07 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +debian-branch = debian/master +upstream-branch = upstream/latest diff --git a/install b/install new file mode 100644 index 0000000..01cd4dd --- /dev/null +++ b/install @@ -0,0 +1,4 @@ +conf_convert usr/share/rssh +rssh usr/bin +rssh.conf etc +rssh_chroot_helper usr/lib/rssh diff --git a/logcheck.ignore.server b/logcheck.ignore.server new file mode 100644 index 0000000..55f0fc3 --- /dev/null +++ b/logcheck.ignore.server @@ -0,0 +1,6 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: allowing [[:alnum:]]+ to (all users|user [^[:space:]]+)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: cmd '[[:alnum:]]+' approved$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: line [0-9]+: configuring user [^[:space:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: setting [^[:space:]]+ umask to [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: setting log facility to LOG_USER$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: setting umask to [0-9]+$ diff --git a/manpages b/manpages new file mode 100644 index 0000000..2f18c7e --- /dev/null +++ b/manpages @@ -0,0 +1,2 @@ +rssh.1 +rssh.conf.5 diff --git a/patches/0001-Fix-invalid-option-error.patch b/patches/0001-Fix-invalid-option-error.patch new file mode 100644 index 0000000..e07da90 --- /dev/null +++ b/patches/0001-Fix-invalid-option-error.patch @@ -0,0 +1,22 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Fix invalid option error + +Don't refer to all invalid options as invalid scp options. +--- + util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util.c b/util.c +index f98d2bc..3affc0a 100644 +--- a/util.c ++++ b/util.c +@@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) + while (vec && *vec){ + if (opt_exist(*vec, opt)){ + fprintf(stderr, "\nillegal insecure %c option", opt); +- log_msg("insecure %c option in scp command line!", opt); ++ log_msg("insecure %c option in command line!", opt); + return TRUE; + } + vec++; diff --git a/patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch b/patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch new file mode 100644 index 0000000..192b525 --- /dev/null +++ b/patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch @@ -0,0 +1,41 @@ +From: Simon Ruderich +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Honor CFLAGS/CPPFLAGS passed to configure + +The CFLAGS from dpkg-buildflags are missing because they are +overwritten in Makefile.am. + +The attached patch removes an incorrect build rule and passes the +custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are +still passed correctly. + +Signed-off-by: Russ Allbery +--- + Makefile.am | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index c5b1a8d..57a4305 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,8 +1,7 @@ + ## Process this file with automake to produce Makefile.in + AUTOMAKE_OPTIONS = nostdinc +-ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +-ourflags = @defcflags@ @static@ +-AM_CFLAGS = $(ourflags) ++AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" ++AM_CFLAGS = @defcflags@ @static@ + bin_PROGRAMS = rssh + libexec_PROGRAMS = rssh_chroot_helper + nodist_rssh_SOURCES = main.c pathnames.h config.h +@@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 + EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh + base=`echo @PACKAGE_STRING@|tr " " "-"` + +-.c.o: +- $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< +- + install-exec-hook: + chmod u+s $(libexecdir)/rssh_chroot_helper + diff --git a/patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch b/patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch new file mode 100644 index 0000000..af58a0a --- /dev/null +++ b/patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch @@ -0,0 +1,26 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Fix buffer allocation buffer for fail message + +The failure log message when the user isn't permitted to run the +command they're attempting includes a summary of the commands the +user is allowed to run. The allocation for that string was not +reserving space for the nul byte at the end of the string, causing +a one-byte overwrite past the end of the string. +--- + util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util.c b/util.c +index 3affc0a..ef1a5d8 100644 +--- a/util.c ++++ b/util.c +@@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) + /* create msg indicating what is allowed */ + if ( !size ) cmd = "This user is locked out."; + else { +- size += 18; ++ size += 18 + 1; + if ( !(cmd = (char *)malloc(size)) ){ + log_msg("fatal error: out of mem allocating log msg"); + exit(1); diff --git a/patches/0004-Lower-syslog-priority-to-debug.patch b/patches/0004-Lower-syslog-priority-to-debug.patch new file mode 100644 index 0000000..3100d41 --- /dev/null +++ b/patches/0004-Lower-syslog-priority-to-debug.patch @@ -0,0 +1,104 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Lower syslog priority to debug + +Lower priority of all of the routine syslog messages from info to debug +to cut down on log noise. +--- + rsshconf.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/rsshconf.c b/rsshconf.c +index 4b22766..564f747 100644 +--- a/rsshconf.c ++++ b/rsshconf.c +@@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing scp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SCP; +@@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing sftp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SFTP; +@@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing cvs to all users"); + } + opts->shell_flags |= RSSH_ALLOW_CVS; +@@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, + lineno); + return FALSE; + } +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + if (log){ + log_msg("allowing rdist to all users"); + opts->shell_flags |= RSSH_ALLOW_RDIST; +@@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing rsync to all users"); + } + opts->shell_flags |= RSSH_ALLOW_RSYNC; +@@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, + /* get rid of any old value for chroot path, assign new one */ + if ( opts->chroot_path ) free(opts->chroot_path); + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("chrooting all users to %s", temp); + } + /* we must not free temp, since opts points to it */ +@@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, + return FALSE; + } + if ( facname ){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + if (log) log_msg("setting log facility to %s", facname); + log_set_facility(fac); + return TRUE; +@@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("setting umask to %#o", mask); + } + opts->rssh_umask = mask; +@@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, + */ + if ( (strcmp(user, username)) ) return TRUE; + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("line %d: configuring user %s", lineno, user); + } + if ( !(len = eat_colon(temp + pos)) ){ +@@ -969,7 +969,7 @@ cleanup: + tmpmask = 077; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("setting %s's umask to %#o", user, tmpmask); + } + opts->rssh_umask = tmpmask; diff --git a/patches/0005-Fix-spelling-errors-in-manual-pages.patch b/patches/0005-Fix-spelling-errors-in-manual-pages.patch new file mode 100644 index 0000000..d28c7bf --- /dev/null +++ b/patches/0005-Fix-spelling-errors-in-manual-pages.patch @@ -0,0 +1,30 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Fix spelling errors in manual pages + +--- + rssh.1 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rssh.1 b/rssh.1 +index caa2636..a682f70 100644 +--- a/rssh.1 ++++ b/rssh.1 +@@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see + http://www.openssh.com), but may work with other implementations. + .P + The system administrator should install the shell on the restricted system. +-Then the password file entry of any user for whom it is desireable to provide ++Then the password file entry of any user for whom it is desirable to provide + restricted access should be edited, such that their shell is \fBrssh\fP. For + example: + .P +@@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you + are trying to provide. This prevents them from running standard system + commands. + .P +-Then, make sure the user's files inside the jail are on a seperate filesystem ++Then, make sure the user's files inside the jail are on a separate filesystem + from your system's executables. If possible in your environment, make sure + you mount this filesystem using the + .IR noexec " and " nosuid diff --git a/patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch b/patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch new file mode 100644 index 0000000..cf4e6ac --- /dev/null +++ b/patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch @@ -0,0 +1,187 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:56 -0800 +Subject: Fixes and improvements to mkchroot.sh + +Debian wants libnss_compat* in addition to libnss_files* for UID +lookups to work properly, and doesn't have a libnss1_files*. With +multiarch, these libraries have also been moved into a subdirectory of +/lib. + +Create the /dev/null device in the chroot, needed by sftp-server. +Create the /dev/log device in the chroot, for one less step. + +Update the code to copy over libraries to be able to parse the new +output from ldd. + +Update file paths for Debian. + +Add better error handling. + +Warn that /etc/passwd is being copied into the chroot jail and that +the user may wish to edit out some users and remove any sensitive +information. (Debian Bug#366655) + +Thanks to proctor mcduff and Jeremy Jongepier for their contributions. +--- + mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 81 insertions(+), 24 deletions(-) + +diff --git a/mkchroot.sh b/mkchroot.sh +index 9e17d5d..8bc1ecc 100755 +--- a/mkchroot.sh ++++ b/mkchroot.sh +@@ -1,13 +1,13 @@ +-#!/bin/sh ++#!/bin/bash + + ##################################################################### + ##################################################################### + ## + ## mkchroot.sh - set up a chroot jail. + ## +-## This script is written to work for Red Hat 8/9 systems, but may work on +-## other systems. Or, it may not... In fact, it may not work at all. Use at +-## your own risk. :) ++## This script is written to work for Red Hat 8/9 systems and adapted to work ++## on Debian systems, but may work on other systems. Or, it may not... In ++## fact, it may not work at all. Use at your own risk. :) + ## + + fail() { +@@ -96,9 +96,9 @@ fi + # copy SSH files + + scp_path="/usr/bin/scp" +-sftp_server_path="/usr/libexec/openssh/sftp-server" ++sftp_server_path="/usr/lib/openssh/sftp-server" + rssh_path="/usr/bin/rssh" +-chroot_helper_path="/usr/libexec/rssh_chroot_helper" ++chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" + + for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do + +@@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ + # + # identify and copy libraries needed in the jail + # ++# Sample ldd output: ++# ++# linux-gate.so.1 => (0xffffe000) ++# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) ++# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) ++# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) ++# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) ++# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) ++# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) ++# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) ++# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) ++# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) ++# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) ++# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) ++# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) ++# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) ++# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) ++# /lib/ld-linux.so.2 (0xb7f13000) ++# ++# either the first or the third column may contain a path ++# + +-for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do ++for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ ++ /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ ++ /lib/*/libnss_files*; do ++ if [ ! -f "$prog" ] ; then ++ continue ++ fi + echo "Copying libraries for $prog." +- libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` ++ libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` + for lib in $libs; do +- mkdir -p "$jail_dir$(dirname $lib)" ++ mkdir -p "$jail_dir$(dirname $lib)" || \ ++ fail "Error creating $(dirname $lib). Exiting" 6 + echo -e "\t$lib" +- cp "$lib" "$jail_dir$lib" ++ cp "$lib" "$jail_dir$lib" || \ ++ fail "Error copying $lib. Exiting" 6 + done + done + ++# On Debian with multiarch, the libnss files are in /lib/, where ++# is the relevant architecture triplet. Just copy everything ++# that's installed, since we're not sure which ones we'll need. + echo "copying name service resolution libraries..." +-tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' ++if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then ++ tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ ++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' ++else ++ tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ ++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' ++fi + + ##################################################################### + # +@@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se + # + + echo "Setting up /etc in the chroot jail" +-mkdir -p "$jail_dir/etc" +-cp /etc/nsswitch.conf "$jail_dir/etc/" +-cp /etc/passwd "$jail_dir/etc/" +-cp /etc/ld.* "$jail_dir/etc/" +- +-echo -e "Chroot jail configuration completed." +-echo -e "\nNOTE: if you are not using the passwd file for authentication," +-echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" +- ++mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 ++cp /etc/nsswitch.conf "$jail_dir/etc/" || \ ++ fail "Error copying /etc/nsswitch.conf. Exiting" 7 ++cp /etc/passwd "$jail_dir/etc/" || \ ++ fail "Error copying /etc/passwd. Exiting" 7 ++cp -r /etc/ld.* "$jail_dir/etc/" || \ ++ fail "Error copying /etc/ld.*. Exiting" 7 ++echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" ++echo -e "to edit out unnecessary users and remove any sensitive information" ++echo -e "from it." + + ##################################################################### + # +-# set up /dev/log ++# set up /dev + # + + mkdir -p "$jail_dir/dev" ++if [ `whoami` = "root" ]; then ++ cp -a /dev/log "$jail_dir/dev" || \ ++ fail "Error creating /dev/log. Exiting" 8 ++ cp -a /dev/null "$jail_dir/dev" || \ ++ fail "Error creating /dev/null. Exiting" 8 ++ cp -a /dev/zero "$jail_dir/dev" || \ ++ fail "Error creating /dev/zero. Exiting" 8 ++else ++ echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" ++ echo -e "You are not root.\n" ++fi ++ ++echo -e "Chroot jail configuration completed.\n" ++ ++echo -e "NOTE: if you are not using the passwd file for authentication," ++echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" ++ ++echo -e "NOTE: if you are using any programs other than scp and sftp, you will" ++echo -e "need to copy the server binaries and any libraries they depend on" ++echo -e "into the chroot manually. Use ldd on the binary to find the needed" ++echo -e "libraries.\n" + + echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" + echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," + echo -e "you will need to start syslog as:\n" +-echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" ++echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" + + echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" + echo -e "if it\ndoesn't, you're on your own. Sorry!\n" +- +- diff --git a/patches/0007-Handle-rsync-v3-e-protocol-option.patch b/patches/0007-Handle-rsync-v3-e-protocol-option.patch new file mode 100644 index 0000000..f3a823d --- /dev/null +++ b/patches/0007-Handle-rsync-v3-e-protocol-option.patch @@ -0,0 +1,126 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:56 -0800 +Subject: Handle rsync v3 -e protocol option + +As of rsync 3, rsync reused the -e option to pass protocol information +from the client to the server. We therefore cannot reject all -e +options to rsync, only ones not sent with --server or containing +something other than protocol information as an argument. + +Also scan the rsync command line for any --rsh option and reject it as +well. This replaces and improves the upstream strategy for rejecting +that command-line option, taking advantage of the parsing added to +check the -e option. + +Based on work by Robert Hardy. + +Debian Bug#471803 +--- + util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 72 insertions(+), 8 deletions(-) + +diff --git a/util.c b/util.c +index ef1a5d8..b70899f 100644 +--- a/util.c ++++ b/util.c +@@ -56,6 +56,7 @@ + #ifdef HAVE_LIBGEN_H + #include + #endif /* HAVE_LIBGEN_H */ ++#include + + /* LOCAL INCLUDES */ + #include "pathnames.h" +@@ -198,6 +199,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) + + + /* ++ * rsync_e_okay() - take the command line passed to rssh and look for an -e ++ * option. If one is found, make sure --server is provided ++ * and the option contains only the protocol information. ++ * Also check for and reject any --rsh option. Returns FALSE ++ * if the command line should not be allowed, TRUE if it is ++ * okay. ++ */ ++static int rsync_e_okay( char **vec ) ++{ ++ regex_t re; ++ int server = FALSE; ++ int e_found = FALSE; ++ ++ /* ++ * rsync will send -e, followed by either just "." (meaning no special ++ * protocol) or "N.N" (meaning a pre-release protocol version), ++ * followed by some number of alphabetic flags indicating various ++ * supported options. There may be other options between - and the e, ++ * but -e will always be the last option in the string. A typical ++ * option passed by the client is "-ltpre.iL". ++ * ++ * Note that if --server is given, this should never be parsed as a ++ * shell, but we'll tightly verify it anyway, just in case. ++ * ++ * This regex matches the acceptable flags containing -e, so if it ++ * does not match, the command line should be rejected. ++ */ ++ static const char pattern[] ++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; ++ ++ /* ++ * Only recognize --server if it's the first option. rsync itself ++ * always passes it that way, and if it's not the first argument, it ++ * could be hidden from the server as an argument to some other ++ * option. ++ */ ++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ ++ server = TRUE; ++ } ++ ++ /* Check the remaining options for -e or --rsh. */ ++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ ++ return FALSE; ++ } ++ while (vec && *vec){ ++ if ( strcmp(*vec, "--") == 0 ) break; ++ if ( strcmp(*vec, "--rsh") == 0 ++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ ++ e_found = TRUE; ++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ } ++ vec++; ++ } ++ regfree(&re); ++ if ( e_found && !server ) return FALSE; ++ return TRUE; ++} ++ ++ ++/* + * check_command_line() - take the command line passed to rssh, and verify + * that the specified command is one the user is + * allowed to run and validate the arguments. Return the +@@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) + + if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ +- if ( opt_filter(cl, 'e') ) return NULL; +- while (cl && *cl){ +- if ( strstr(*cl, "--rsh" ) ){ +- fprintf(stderr, "\ninsecure --rsh= not allowed."); +- log_msg("insecure --rsh option in rsync command line!"); +- return NULL; +- } +- cl++; ++ if ( !rsync_e_okay(cl) ){ ++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); ++ log_msg("insecure -e or --rsh option in rsync command line!"); ++ return NULL; + } + return PATH_RSYNC; + } diff --git a/patches/0008-Add-support-for-Subversion-svnserve.patch b/patches/0008-Add-support-for-Subversion-svnserve.patch new file mode 100644 index 0000000..a34d31f --- /dev/null +++ b/patches/0008-Add-support-for-Subversion-svnserve.patch @@ -0,0 +1,625 @@ +From: Davide Scola +Date: Sat, 7 Dec 2013 18:32:56 -0800 +Subject: Add support for Subversion (svnserve) + +Adds support for svn access via svnserve. This adds an additional +field to the bitmask in /etc/rssh.conf that's used to control Subversion +access. Users authorized to run svnserve may run only svnserve -t +exactly. + +Debian Bug#284756 + +Signed-off-by: Russ Allbery +--- + conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + conf_convert.sh | 45 --------------------------------------------- + configure.ac | 22 ++++++++++++++++++++-- + main.c.in | 5 ++++- + pathnames.h.in | 1 + + rssh.conf.5 | 17 +++++++++++------ + rssh.conf.5.in | 17 +++++++++++------ + rssh.conf.default | 28 +++++++++++++++------------- + rssh.h | 13 +++++++------ + rssh_chroot_helper.c | 3 +++ + rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- + util.c | 35 ++++++++++++++++++++++++++--------- + util.h | 3 ++- + 13 files changed, 194 insertions(+), 93 deletions(-) + create mode 100755 conf_convert + delete mode 100755 conf_convert.sh + +diff --git a/conf_convert b/conf_convert +new file mode 100755 +index 0000000..a47ecba +--- /dev/null ++++ b/conf_convert +@@ -0,0 +1,48 @@ ++#!/usr/bin/awk -f ++# ++# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format ++# to rssh 2.3.2 format config files adding svnserve ++# support ++# ++# Copyright (C) 2009 Davide Scola ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2, or (at your option) ++# any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. ++# ++BEGIN { ++ FS = OFS = ":"; ++} ++ ++{ ++ if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { ++ gsub(/^([01]+)/, replaceString( RLENGTH ), $3); ++ } ++ ++ print ++} ++ ++function replaceString(nitems) { ++ str = "&"; ++ ++ if(nitems == 2) { # config < v2.2 ++ str = "000&0"; ++ } ++ ++ else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) ++ str = "&0"; ++ } ++ ++ return str; ++} ++ +diff --git a/conf_convert.sh b/conf_convert.sh +deleted file mode 100755 +index fb0c999..0000000 +--- a/conf_convert.sh ++++ /dev/null +@@ -1,45 +0,0 @@ +-#!/bin/sh +- +-# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh +-# version 2.2 format config files. +- +-if [ -z "$TMPDIR" ]; then +- TMPDIR=/tmp +-fi +- +-tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` +-if [ ! -d "$tempdir" ]; then +- echo "$0: unable to make temporary directory" +- exit 1 +-fi +- +-if [ "$#" != "0" ]; then +- +- while [ -n "$1" ]; do +- +- if [ ! -f "$1" ]; then +- echo "$0: $1 does not exist. Skipping." >&2 +- continue +- fi +- +- sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" +- +- mv "$tempdir/tempconf" "$1.NEW" +- shift +- done +- +-else +- if [ ! -f /etc/rssh.conf ]; then +- echo "/etc/rssh.conf does not exist, and no parameters given." >&2 +- exit 2 +- fi +- +- sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" +- +- mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" +- +-fi +- +-rm -rf "$tempdir" +- +-exit 0 +diff --git a/configure.ac b/configure.ac +index ab145b4..caeae7d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then + fi + + +-# CVS, rdist, and rsync might not be installed. But we don't want to force +-# the user to configure bogus paths, so default to /usr/bin/* ++# CVS, rdist, rsync and svnserve might not be installed. But we don't want ++# to force the user to configure bogus paths, so default to /usr/bin/* + + # Check for cvs binary + +@@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then + fi + + ++# Check for svnserve binary ++ ++AC_ARG_WITH(svnserve, ++[ --with-svnserve specify path to svnserve binary], ++[svnserve_path="$withval"], [svnserve_path=""]) ++ ++AC_PATH_PROG(svnserve_path, svnserve, [], []) ++if test -z "$svnserve_path"; then ++ AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) ++ svnserve_path=/usr/bin/svnserve ++fi ++ ++if ! test -x "$svnserve_path"; then ++ AC_MSG_WARN([specified svnserve binary does not exist]) ++fi ++ ++ + # disable static configuration + + AC_ARG_ENABLE(static, +@@ -200,6 +217,7 @@ AC_SUBST(sftp_path) + AC_SUBST(cvs_path) + AC_SUBST(rdist_path) + AC_SUBST(rsync_path) ++AC_SUBST(svnserve_path) + AC_SUBST(prefix) + AC_SUBST(sysconfdir) + AC_SUBST(libexecdir) +diff --git a/main.c.in b/main.c.in +index 7d1695c..b3228e5 100644 +--- a/main.c.in ++++ b/main.c.in +@@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, + argvec[1] = "4"; + else if ( !(strcmp(*cmd, PATH_RSYNC)) ) + argvec[1] = "5"; ++ else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) ++ argvec[1] = "6"; + else { + log_set_priority(LOG_ERR); + log_msg("fatal error identifying the correct command " +@@ -267,7 +269,8 @@ void vers_info( void ) + printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); + printf("%20s = %s\n", "cvs binary path", PATH_CVS); + printf("%20s = %s\n", "rdist binary path", PATH_RDIST); +- printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); ++ printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); ++ printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); + } + + +diff --git a/pathnames.h.in b/pathnames.h.in +index 17e2fb7..043d7ae 100644 +--- a/pathnames.h.in ++++ b/pathnames.h.in +@@ -36,6 +36,7 @@ + #define PATH_CVS "@cvs_path@" + #define PATH_RDIST "@rdist_path@" + #define PATH_RSYNC "@rsync_path@" ++#define PATH_SVNSERVE "@svnserve_path@" + + /* these generally are overridden by the makefile */ + #ifndef PATH_RSSH_CONFIG +diff --git a/rssh.conf.5 b/rssh.conf.5 +index 5556468..227ef88 100644 +--- a/rssh.conf.5 ++++ b/rssh.conf.5 +@@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. + Tells the shell that rsync is allowed. + .RE + .P ++.B allowsvnserve ++.RS ++Tells the shell that svnserve is allowed. ++.RE ++.P + .B umask + .RS + Sets the umask value for file creations in the scp/sftp session. This is +@@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell + .RE + .B access bits + .RS +-Five binary digits, which indicate whether the user is allowed to use rsync, +-rdist, cvs, sftp, and scp, in that order. One means the command is allowed, +-zero means it is not. ++Six binary digits, which indicate whether the user is allowed to use rsync, ++rdist, cvs, sftp, scp and svnserve, in that order. One means the command is ++allowed, zero means it is not. + .RE + .B path + .RS +@@ -135,7 +140,7 @@ details. + .P + For example, you might have something like this: + .P +-user = luser:022:00001: ++user = luser:022:000010: + .P + This does the following: for the user with the username "luser", set the umask + to 022, disallow sftp, and allow scp. Because there is no chroot path +@@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the + chrootpath keyword. Remember that if there are spaces in the path, you need + to quote it, something like this: + .P +-user = "luser:022:00001:/usr/local/chroot dir" ++user = "luser:022:000010:/usr/local/chroot dir" + .P + See the default rssh.conf file for more examples. + .RE + + .SH SEE ALSO + \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), +-\fIsyslogd.conf\fP(5), \fIchroot\fP(2). ++\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). + + +diff --git a/rssh.conf.5.in b/rssh.conf.5.in +index 913ce9d..5e16acb 100644 +--- a/rssh.conf.5.in ++++ b/rssh.conf.5.in +@@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. + Tells the shell that rsync is allowed. + .RE + .P ++.B allowsvnserve ++.RS ++Tells the shell that svnserve is allowed. ++.RE ++.P + .B umask + .RS + Sets the umask value for file creations in the scp/sftp session. This is +@@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell + .RE + .B access bits + .RS +-Five binary digits, which indicate whether the user is allowed to use rsync, +-rdist, cvs, sftp, and scp, in that order. One means the command is allowed, +-zero means it is not. ++Six binary digits, which indicate whether the user is allowed to use rsync, ++rdist, cvs, sftp, scp and svnserve, in that order. One means the command is ++allowed, zero means it is not. + .RE + .B path + .RS +@@ -135,7 +140,7 @@ details. + .P + For example, you might have something like this: + .P +-user = luser:022:00001: ++user = luser:022:000010: + .P + This does the following: for the user with the username "luser", set the umask + to 022, disallow sftp, and allow scp. Because there is no chroot path +@@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the + chrootpath keyword. Remember that if there are spaces in the path, you need + to quote it, something like this: + .P +-user = "luser:022:00001:/usr/local/chroot dir" ++user = "luser:022:000010:/usr/local/chroot dir" + .P + See the default rssh.conf file for more examples. + .RE + + .SH SEE ALSO + \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), +-\fIsyslogd.conf\fP(5), \fIchroot\fP(2). ++\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). + + +diff --git a/rssh.conf.default b/rssh.conf.default +index c847565..88833c1 100644 +--- a/rssh.conf.default ++++ b/rssh.conf.default +@@ -11,6 +11,7 @@ logfacility = LOG_USER + #allowcvs + #allowrdist + #allowrsync ++#allowsvnserve + + # set the default umask + umask = 022 +@@ -28,24 +29,25 @@ umask = 022 + ########################################## + # EXAMPLES of configuring per-user options + +-#user=rudy:077:00010: # the path can simply be left out to not chroot +-#user=rudy:077:00010 # the ending colon is optional ++#user=rudy:077:000100: # the path can simply be left out to not chroot ++#user=rudy:077:000100 # the ending colon is optional + +-#user=rudy:011:00100: # cvs, with no chroot +-#user=rudy:011:01000: # rdist, with no chroot +-#user=rudy:011:10000: # rsync, with no chroot +-#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted +-#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! +-#user=rudy:'011:00001:/usr/local/chroot' # single quotes too ++#user=rudy:011:001000: # cvs, with no chroot ++#user=rudy:011:010000: # rdist, with no chroot ++#user=rudy:011:100000: # rsync, with no chroot ++#user=rudy:011:000001: # svnserve, with no chroot ++#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted ++#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! ++#user=rudy:'011:000010:/usr/local/chroot' # single quotes too + + # if your chroot_path contains spaces, it must be quoted... + # In the following examples, the chroot_path is "/usr/local/my chroot" +-#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot +-#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot +-#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot ++#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot ++#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot ++#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot + + # Spaces before or after the '=' are fine, but spaces in chrootpath need + # quotes. +-#user = "rudy:011:00001:/usr/local/my chroot" +-#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end ++#user = "rudy:011:000010:/usr/local/my chroot" ++#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end + +diff --git a/rssh.h b/rssh.h +index d15f645..111f9a0 100644 +--- a/rssh.h ++++ b/rssh.h +@@ -41,11 +41,12 @@ + + typedef char bool; + +-#define RSSH_ALLOW_SCP (1 << 0) +-#define RSSH_ALLOW_SFTP (1 << 1) +-#define RSSH_ALLOW_CVS (1 << 2) +-#define RSSH_ALLOW_RDIST (1 << 3) +-#define RSSH_ALLOW_RSYNC (1 << 4) +-#define RSSH_USE_CHROOT (1 << 5) ++#define RSSH_ALLOW_SCP (1 << 0) ++#define RSSH_ALLOW_SFTP (1 << 1) ++#define RSSH_ALLOW_CVS (1 << 2) ++#define RSSH_ALLOW_RDIST (1 << 3) ++#define RSSH_ALLOW_RSYNC (1 << 4) ++#define RSSH_ALLOW_SVNSERVE (1 << 5) ++#define RSSH_USE_CHROOT (1 << 6) + + #endif /* _rssh_h */ +diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c +index 7780c11..8a35cdc 100644 +--- a/rssh_chroot_helper.c ++++ b/rssh_chroot_helper.c +@@ -254,6 +254,9 @@ int main( int argc, char **argv ) + case 5: + cmd_path = PATH_RSYNC; + break; ++ case 6: ++ cmd_path = PATH_SVNSERVE; ++ break; + default: + log_msg("invalid command specified"); + exit(2); +diff --git a/rsshconf.c b/rsshconf.c +index 564f747..459b26b 100644 +--- a/rsshconf.c ++++ b/rsshconf.c +@@ -71,6 +71,7 @@ const char *keywords[] = { + "allowcvs", + "allowrdist", + "allowrsync", ++ "allowsvnserve", + "chrootpath", + "logfacility", + "umask", +@@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, + int process_allow_rsync( ShellOptions_t *opts, const char *line, + const int lineno ); + ++int process_allow_svnserve( ShellOptions_t *opts, const char *line, ++ const int lineno ); ++ + int get_token( const char *str, char *buf, const int buflen, + const bool colon, const bool ign_spc ); + +@@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, + return FALSE; + return TRUE; + case 6: ++ /* allow svnserve */ ++ if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) ++ return FALSE; ++ return TRUE; ++ case 7: + /* default chroot path */ + if ( !(process_chroot_path(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; +- case 7: ++ case 8: + /* syslog log facility */ + if ( !(process_log_facility(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; +- case 8: ++ case 9: + /* set the user's umask */ + if ( !(process_umask(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; +- case 9: ++ case 10: + /* user */ + if ( !(process_user(opts, line + pos, lineno) ) ) + return FALSE; +@@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, + } + + ++/* ++ * process_allow_svnserve() - make sure there are no tokens after the keyword, ++ * other than a possible comment. If there are ++ * additional tokens other than comments, there is a ++ * syntax error, and FALSE is returned. Otherwise, ++ * the line is ok, so opts are set to allow ++ * svnserve, and TRUE is returned. ++ */ ++int process_allow_svnserve( ShellOptions_t *opts, ++ const char *line, ++ const int lineno ) ++{ ++ int pos; ++ ++ if ( !(pos = eat_comment(line)) ){ ++ if (log) log_msg("line %d: syntax error parsing config file", ++ lineno); ++ return FALSE; ++ } ++ if (log){ ++ log_set_priority(LOG_DEBUG); ++ log_msg("allowing svnserve to all users"); ++ } ++ opts->shell_flags |= RSSH_ALLOW_SVNSERVE; ++ return TRUE; ++} ++ ++ + int process_chroot_path( ShellOptions_t *opts, + const char *line, + const int lineno ) +@@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, + bool allow_cvs; + bool allow_rdist; + bool allow_rsync; ++ bool allow_svnserve; + + /* make space for user options */ + if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ +@@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, + return FALSE; + } + if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, +- &allow_rdist, &allow_rsync) ){ ++ &allow_rdist, &allow_rsync, &allow_svnserve) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing access bits, line %d", lineno); +@@ -999,6 +1037,10 @@ cleanup: + if (log) log_msg("allowing rsync to user %s", user); + opts->shell_flags |= RSSH_ALLOW_RSYNC; + } ++ if ( allow_svnserve ){ ++ if (log) log_msg("allowing svnserve to user %s", user); ++ opts->shell_flags |= RSSH_ALLOW_SVNSERVE; ++ } + if ( path ){ + if (log) log_msg("chrooting %s to %s", user, path); + opts->shell_flags |= RSSH_USE_CHROOT; +diff --git a/util.c b/util.c +index b70899f..56f67ad 100644 +--- a/util.c ++++ b/util.c +@@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) + if ( flags & RSSH_ALLOW_SFTP ) size += 5; + if ( flags & RSSH_ALLOW_CVS ) size += 4; + if ( flags & RSSH_ALLOW_RDIST ) size += 6; +- if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ ++ if ( flags & RSSH_ALLOW_RSYNC ) size += 6; ++ if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ + + /* create msg indicating what is allowed */ + if ( !size ) cmd = "This user is locked out."; +@@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) + if ( flags & RSSH_ALLOW_RDIST ) + strncat(cmd, "rdist ", size); + if ( flags & RSSH_ALLOW_RSYNC ) +- strncat(cmd, "rsync", size); ++ strncat(cmd, "rsync ", size); ++ if ( flags & RSSH_ALLOW_SVNSERVE ) ++ strncat(cmd, "svnserve", size); + } + + /* print error message to user and log attempt */ +@@ -305,6 +308,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) + } + return PATH_RSYNC; + } ++ if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ ++ /* check command line */ ++ if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ ++ fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); ++ log_msg("unallowed option(s) in svnserver command line!"); ++ return NULL; ++ } ++ ++ return PATH_SVNSERVE; ++ } + /* No match, return NULL */ + return NULL; + } +@@ -329,6 +342,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) + return PATH_RDIST; + if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) + return PATH_RSYNC; ++ if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) ++ return PATH_SVNSERVE; + return NULL; + } + +@@ -394,22 +409,24 @@ int validate_umask( const char *temp, int *mask ) + * same name, and returns FALSE if the bits are not valid + */ + int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, +- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) ++ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, ++ bool *allow_svnserve ) + { + int i; + +-#define NUM_ACCESS_BITS 5 ++#define NUM_ACCESS_BITS 6 + + if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; + /* make sure the bits are valid */ + for ( i = 0; i < NUM_ACCESS_BITS; i++ ) + if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; + /* This is easier to read if we allign the = */ +- *allow_rsync = temp[0] - '0'; +- *allow_rdist = temp[1] - '0'; +- *allow_cvs = temp[2] - '0'; +- *allow_sftp = temp[3] - '0'; +- *allow_scp = temp[4] - '0'; ++ *allow_rsync = temp[0] - '0'; ++ *allow_rdist = temp[1] - '0'; ++ *allow_cvs = temp[2] - '0'; ++ *allow_sftp = temp[3] - '0'; ++ *allow_scp = temp[4] - '0'; ++ *allow_svnserve = temp[5] - '0'; + return TRUE; + } + +diff --git a/util.h b/util.h +index 8b81201..a67eb32 100644 +--- a/util.h ++++ b/util.h +@@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); + char *extract_root( char *root, char *path ); + int validate_umask( const char *temp, int *mask ); + int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, +- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); ++ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, ++ bool *allow_svnserve ); + bool opt_exist( char *cl, char opt ); + char *get_username( void ); + diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..06ad5a9 --- /dev/null +++ b/patches/series @@ -0,0 +1,8 @@ +0001-Fix-invalid-option-error.patch +0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch +0003-Fix-buffer-allocation-buffer-for-fail-message.patch +0004-Lower-syslog-priority-to-debug.patch +0005-Fix-spelling-errors-in-manual-pages.patch +0006-Fixes-and-improvements-to-mkchroot.sh.patch +0007-Handle-rsync-v3-e-protocol-option.patch +0008-Add-support-for-Subversion-svnserve.patch diff --git a/po/POTFILES.in b/po/POTFILES.in new file mode 100644 index 0000000..cef83a3 --- /dev/null +++ b/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/po/cs.po b/po/cs.po new file mode 100644 index 0000000..6cbfcc0 --- /dev/null +++ b/po/cs.po @@ -0,0 +1,49 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Martin Sin , 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-9.\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2009-06-17 07:50+0200\n" +"Last-Translator: Martin Sin \n" +"Language-Team: Czech \n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "PÅ™ejete si nainstalovat rssh_chroot_helper s setuid uživatele root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Pokud chcete používat vÄ›zení chroot i pro ostatní uživatele rssh, je potÅ™eba " +"nainstalovat program /usr/lib/rssh/rssh_chroot_helper s nastaveným setuid " +"uživatele root. Nebudete-li používat vÄ›zení chroot, je bezpeÄnÄ›jší toto " +"nastavení neprovádÄ›t." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Jste-li na pochybách, nainstalujte to bez setuid uživatele root. Jakmile " +"budete chtít pozdÄ›ji používat vÄ›zení chroot, zmÄ›níte toto nastavení " +"jednoduÅ¡e spuÅ¡tÄ›ním dpkg-reconfigure rssh." diff --git a/po/da.po b/po/da.po new file mode 100644 index 0000000..adcf024 --- /dev/null +++ b/po/da.po @@ -0,0 +1,50 @@ +# Danish translation rssh. +# Copyright (C) 2012 rssh & nedenstÃ¥ende oversættere. +# This file is distributed under the same license as the rssh package. +# Joe Hansen (joedalton2@yahoo.dk), 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2012-02-11 12:42+0000\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish \n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Ønsker du at rssh_chroot_helper skal installeres som setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Hvis du planlægger at bruge chrootfængsler, for brugerne der bruger rssh, sÃ¥ " +"skal programmet /usr/lib/rssh/rssh_chroot_helper installeres setuid root, sÃ¥ " +"at programmet kan chroote ind i fængslet nÃ¥r brugeren forbinder. Hvis du " +"ikke bruger chrootfængsler, sÃ¥ er det bedre ikke at installere setuid root-" +"programmer, du ikke skal bruge." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Hvis i tvivl, sÃ¥ installer uden setuid root. Hvis du senere beslutter at " +"bruge chrootfængsler, sÃ¥ kan du ændre denne konfiguration ved at køre dpkg-" +"reconfigure rssh." diff --git a/po/de.po b/po/de.po new file mode 100644 index 0000000..e6ac127 --- /dev/null +++ b/po/de.po @@ -0,0 +1,51 @@ +# Translation of rssh debconf templates to German +# Copyright (C) Jens Nachtigall , 2004. +# Copyright (C) Helge Kreutzmann , 2007. +# This file is distributed under the same license as the rssh package. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 19:01+0200\n" +"Last-Translator: Helge Kreutzmann \n" +"Language-Team: German \n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Möchten Sie, dass rssh_chroot_helper setuid root installiert wird?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Falls Sie für Benutzer, die rssh verwenden, eine Chroot-Umgebung planen, " +"muss das Programm /usr/lib/rssh/rssh_chroot_helper setuid root installiert " +"werden, so dass es bei der Verbindungsaufnahme eines Benutzers ein chroot in " +"das Gefängnis (jail) vornehmen kann. Falls Sie keine Chroot-Gefängnisse " +"verwenden, ist es besser, keine setuid root-Programme zu installieren, die " +"Sie nicht benötigen." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Falls Sie sich unsicher sind, installieren Sie es nicht setuid root. Falls " +"Sie sich später dazu entschließen, Chroot-Gefängnisse zu verwenden, können " +"Sie diese Entscheidung ändern, indem Sie »dpkg-reconfigure rssh« ausführen." diff --git a/po/es.po b/po/es.po new file mode 100644 index 0000000..f1d5de2 --- /dev/null +++ b/po/es.po @@ -0,0 +1,75 @@ +# rssh po-debconf translation to Spanish +# Copyright (C) 2007, 2008 Software in the Public Interest, SPI Inc. +# This file is distributed under the same license as the rssh package. +# +# Changes: +# - Initial translation +# Steve Lord Flaubert , 2007 +# +# - Updates +# Francisco Javier Cuadrado , 2008 +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor, lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-8\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2008-12-11 19:57+0100\n" +"Last-Translator: Francisco Javier Cuadrado \n" +"Language-Team: Debian Spanish \n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "¿Desea que rssh_chroot_helper se instale con el bit SUID de root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Si planea usar jaulas de chroot para los usuarios que usen rssh, el programa " +"«/usr/bin/rssh_chroot_helper» tiene que instalarse con el bit SUID de root " +"habilitado de modo que pueda cambiar a la jaula de chroot cuando el usuario " +"se conecte. Si no está usando jaulas de chroot, es mejor no instalar los " +"programas que no necesite con el SUID de root habilitado." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"En caso de duda, se sugiere que instale sin el SUID de root habilitado. Si " +"más tarde decide usar jaulas de chroot, puede cambiar esta configuración " +"ejecutando: «dpkg-reconfigure rssh»." diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 0000000..ea46bf9 --- /dev/null +++ b/po/fr.po @@ -0,0 +1,58 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh_2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-22 17:48+0200\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: French \n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "" +"Faut-il exécuter rssh_chroot_helper avec les privilèges du superutilisateur ?" + +#   +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Si vous avez l'intention d'utiliser la fonctionnalité d'environnement fermé " +"d'exécution (« chroot ») pour l'utilisation de rssh, le programme /usr/lib/" +"rssh/rssh_chroot_helper doit s'exécuter avec les privilèges du " +"superutilisateur (« setuid root »). Si vous n'utilisez pas d'environnement " +"fermé d'exécution, cette option est inutile." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Dans le doute, ne choisissez pas cette option. Si elle devenait nécessaire " +"plus tard, vous pourrez changer ce choix avec la commande « dpkg-reconfigure " +"rssh »." diff --git a/po/gl.po b/po/gl.po new file mode 100644 index 0000000..8340f66 --- /dev/null +++ b/po/gl.po @@ -0,0 +1,49 @@ +# Galician translation of rssh's debconf templates +# This file is distributed under the same license as the rssh package. +# Jacobo Tarrio , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2008-05-27 21:33+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "¿Quere instalar rssh_chroot_helper con \"setuid\" root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Se planea empregar gaiolas chroot para os usuarios que executan rssh, o " +"programa /usr/lib/rssh/rssh_chroot_helper ten que estar instalado con " +"\"setuid\" root para que poida facer \"chroot\" para dentro da gaiola ao se " +"conectar o usuario. Se non emprega gaiolas chroot, é mellor non instalar " +"programas con \"setuid\" root dos que non precisa." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Se non está seguro, instáleo sen \"setuid\" root. Se máis adiante decide " +"empregar gaiolas chroot, pode cambiar esta configuración executando \"dpkg-" +"reconfigure prssh\"." diff --git a/po/id.po b/po/id.po new file mode 100644 index 0000000..414c475 --- /dev/null +++ b/po/id.po @@ -0,0 +1,54 @@ +# Indonesian translation for podebconf rssh template. +# Copyright (C) 2016 THE rssh COPYRIGHT HOLDER +# This file is distributed under the same license as the rssh package. +# Translator: +# Izharul Haq , 2016. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.4-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2016-08-26 19:53+0700\n" +"Last-Translator: Izharul Haq \n" +"Language-Team: L10N Debian Indonesian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.6.10\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"Language: id\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Apakah anda ingin rssh_chroot_helper untuk dipasangkan setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Jika anda berencana menggunakan chroot jails untuk pengguna menggunakan " +"rssh, program /usr/lib/rssh/rssh_chroot_helper harus dipasang setuid root " +"sehingga chroot ke jail ketika pengguna terhubung. Jika anda tidak ingin " +"menggunakan chroot jails, akan lebih baik untuk tidak memasang program " +"setuid root karena anda tidak memerlukannya." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Jika ragu, pasang ia tanpa setuid root. Jika nantinya anda ingin " +"menggunakan chroot jails, anda dapat merubah konfigurasi ini dengan " +"menjalankan dpkg-reconfigure rssh." diff --git a/po/it.po b/po/it.po new file mode 100644 index 0000000..a2642af --- /dev/null +++ b/po/it.po @@ -0,0 +1,50 @@ +# Italian translation of po-debconf templates for rssh. +# Copyright (C) 2005 Software in the Public Interest +# This file is distributed under the same license as the rssh package. +# Luca Monducci , 2005-2007. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2 italian debconf templates\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-14 10:45+0200\n" +"Last-Translator: Luca Monducci \n" +"Language-Team: Italian \n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Si vuole che rssh_chroot_helper sia installato con setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Se si vogliono usare delle gabbie chroot per gli utenti che usano rssh, è " +"necessario che il programma /usr/lib/rssh/rssh_chroot_helper sia installato " +"con setuid root per poter inserire l'utente nella gabbia al momento della " +"connessione. Se non si usano le gabbie chroot, si consiglia di non " +"installare programmi con setuid root." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"In caso di dubbi, installare senza setuid root. Se in seguito si decide di " +"usare le gabbie chroot, modificare la configurazione con dpkg-reconfigure " +"rssh." diff --git a/po/ja.po b/po/ja.po new file mode 100644 index 0000000..c21cd95 --- /dev/null +++ b/po/ja.po @@ -0,0 +1,45 @@ +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-05-04 23:37+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "rssh_chroot_helper ã‚’ root ã« SUID ã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"rssh を利用ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ã« chroot jail ã‚’é©ç”¨ã™ã‚‹äºˆå®šã®å ´åˆã€ /usr/lib/rssh/" +"rssh_chroot_helper プログラム㯠SUID ビットを root ユーザã«ã‚»ãƒƒãƒˆã™ã‚‹å¿…è¦ãŒã‚" +"ã‚Šã¾ã™ã€‚ã“ã‚Œã§ã€ãƒ¦ãƒ¼ã‚¶ãŒæŽ¥ç¶šã™ã‚‹éš›ã« jail ã« chroot å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚chroot " +"jail を使ã‚ãªã„å ´åˆã€å¿…è¦ãªã„プログラムã«ã¯ root ã« SUID ã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãª" +"ã„æ–¹ãŒè‰¯ã„ã§ã—ょã†ã€‚" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"よãã‚ã‹ã‚‰ãªã„å ´åˆã€root ã« SUID ã‚’ã—ãªã„ã§ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾" +"ã™ã€‚後ã‹ã‚‰ chroot jail を利用ã—よã†ã¨è€ƒãˆç›´ã—ãŸå ´åˆã¯ã€dpkg-reconfigure rssh " +"を実行ã™ã‚‹ã“ã¨ã§è¨­å®šå¤‰æ›´ãŒå¯èƒ½ã§ã™ã€‚" diff --git a/po/nl.po b/po/nl.po new file mode 100644 index 0000000..607b05e --- /dev/null +++ b/po/nl.po @@ -0,0 +1,51 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 16:14+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Dutch\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Wilt u rssh_chroot_helper installeren met SUID-bit ingesteld op root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Als u van plan bent om 'chroot'-gevangenissen voor de rssh-gebruikers te " +"gebruiken dient het programma /usr/lib/rssh/rssh_chroot_helper geïnstalleerd " +"te worden met de SUID-bit ingesteld op root. Dit is nodig opdat de gebruik " +"chroot naar de gevangenis te kunnen schakellen bij het inloggen. Als u geen " +"'chroot'-gevangenissen gebruikt laat u de SUID-bit best gedeactiveerd." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Bij twijfel installeert u best met de SUID-bit gedeactiveerd. Als u later " +"alsnog 'chroot'-gevangenissen wilt gaan gebruiken kunt u dit altijd " +"aanpassen via het commando 'dpkg-reconfigure rssh'." diff --git a/po/pt.po b/po/pt.po new file mode 100644 index 0000000..c3e6afa --- /dev/null +++ b/po/pt.po @@ -0,0 +1,50 @@ +# Portuguese translation for rssh's debconf messages +# Copyright (C) 2007 Miguel Figueiredo +# This file is distributed under the same license as the rssh package. +# Miguel Figueiredo , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 19:48+0100\n" +"Last-Translator: Miguel Figueiredo \n" +"Language-Team: Portuguese \n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Deseja que o rssh_chroot_helper seja instalado com suid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Se planeia utilizar 'jails chroot' para os utilizadores que utilizam rssh, " +"tem de ser instalado o programa /usr/lib/rssh/rssh_chroot_helper com suid " +"root para que possa fazer chroot para a 'jail' quando o utilizador se " +"ligar. Se não está a utilizar 'jails chroot', é melhor não instalar " +"programas com suid root que não necessite." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Em caso de dúvida, instale sem suid root. Se mais tarde decidir utilizar " +"'jails chroot', você pode alterar esta configuração ao correr dpkg-" +"reconfigure rssh." diff --git a/po/pt_BR.po b/po/pt_BR.po new file mode 100644 index 0000000..625eefd --- /dev/null +++ b/po/pt_BR.po @@ -0,0 +1,53 @@ +# Debconf translations for rssh. +# Copyright (C) 2013 THE rssh'S COPYRIGHT HOLDER +# This file is distributed under the same license as the rssh package. +# Tiago Bortoletto Vaz , 2004. +# Fernando Ike de Oliveira , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.4-3\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2013-09-07 17:36-0300\n" +"Last-Translator: Fernando Ike de Oliveira \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "" +"Você deseja que o rssh_chroot_helper seja instalado com \"setuid root\"?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Caso você planeje utilizar jaulas chroot para usuários usando o rssh, o " +"programa /usr/lib/rssh/rssh_chroot_helper precisa ser instalado com \"setuid " +"root\" para que consiga efetuar chroot para dentro da jaula quando o usuário " +"conectar. Caso você não esteja usando jaulas chroot, é melhor não instalar " +"programas com \"setuid root\" que você não necessite." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Caso esteja em dúvida, instale-o sem o \"setuid root\". Caso você decida " +"usar jaulas chroot posteriormente, você poderá mudar essa configuração " +"executando dpkg-reconfigure rssh." diff --git a/po/ru.po b/po/ru.po new file mode 100644 index 0000000..6e4556e --- /dev/null +++ b/po/ru.po @@ -0,0 +1,54 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Yuri Kozlov , 2009. +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-9\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2009-07-07 20:47+0400\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "УÑтановить на rssh_chroot_helper (принадлежит root) бит setuid?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"ЕÑли вы планируете иÑпользовать ограничительное chroot-окружение Ð´Ð»Ñ " +"пользователей rssh, то у программы /usr/lib/rssh/rssh_chroot_helper должен " +"быть уÑтановлен бит setuid Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, чтобы она могла заходить в chroot-" +"окружение при подключении пользователÑ. ЕÑли вы не иÑпользуете " +"ограничительное chroot-окружение, то лучше не уÑтанавливать на программы бит " +"setuid." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"ЕÑли ÑомневаетеÑÑŒ, не уÑтанавливайте бит setuid. ЕÑли вы захотите " +"иÑпользовать ограничительное chroot-окружение позднее, то Ñможете изменить " +"Ñту наÑтройку запуÑтив dpkg-reconfigure rssh." diff --git a/po/sv.po b/po/sv.po new file mode 100644 index 0000000..dbdec3e --- /dev/null +++ b/po/sv.po @@ -0,0 +1,58 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.2.3-2\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 08:31+0100\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Vill du att rssh_chroot_helper ska installeras setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Om du planerar att använda chroot-fängelser för användare som använder rssh " +"måste programmet /usr/lib/rssh/rssh_chroot_helper installeras setuid root så " +"att det kan köra chroot in i fängelset när användaren ansluter. Om du väljer " +"att inte använda chroot-fängelser är det bättre att inte installera program " +"som du inte behöver som setuid root. " + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Om du är osäker bör du installera det utan setuid root. Om du bestämmer dig " +"senare för att använda chroot-fängelser kan du ändra den här konfigurationen " +"genom att köra dpkg-reconfigure rssh." diff --git a/po/templates.pot b/po/templates.pot new file mode 100644 index 0000000..ab16713 --- /dev/null +++ b/po/templates.pot @@ -0,0 +1,42 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" diff --git a/postinst b/postinst new file mode 100755 index 0000000..835170f --- /dev/null +++ b/postinst @@ -0,0 +1,53 @@ +#! /bin/sh +# postinst script for rssh + +set -e + +# Path to the helper program, which we may make setuid. +helper=/usr/lib/rssh/rssh_chroot_helper + +if [ "$1" = "configure" ] || [ "$1" = "reconfigure" ] ; then + . /usr/share/debconf/confmodule + db_get rssh/chroot_helper_setuid + setuid="$RET" + db_stop + + # We don't want to change the setuid status if the sysadmin has overridden + # it with dpkg-statoverride. + if dpkg-statoverride --list "$helper" > /dev/null ; then + status=0 + else + status=1 + fi + if [ "$status" != 0 ] ; then + if [ "$setuid" = "true" ] ; then + chmod 4755 "$helper" + else + chmod 0755 "$helper" + fi + fi + + # Older versions of rssh incorrectly added rssh to /etc/shells. We don't + # want that. Remove it from /etc/shells to clean up after older + # packages. See Bug#424672. + if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.3.2-5 ; then + remove-shell /usr/bin/rssh + fi + + # 2.3.2-9 added Subversion support, which requires adding another binary + # digit to the user configuration lines in rssh.conf. When upgrading, run + # the conf_convert script to do so. + if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.3.2-9 ; then + echo 'Adjusting /etc/rssh.conf for file format change' + /usr/share/rssh/conf_convert /etc/rssh.conf > /etc/rssh.conf.dpkg-tmp + if cmp /etc/rssh.conf.dpkg-tmp /etc/rssh.conf >/dev/null ; then + rm /etc/rssh.conf.dpkg-tmp + else + mv /etc/rssh.conf.dpkg-tmp /etc/rssh.conf + fi + fi +fi + +#DEBHELPER# + +exit 0 diff --git a/rules b/rules new file mode 100755 index 0000000..e5e5ede --- /dev/null +++ b/rules @@ -0,0 +1,28 @@ +#!/usr/bin/make -f + +# Enable compiler hardening flags. +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# Let the user build rssh static if they wish. +ifneq (,$(findstring static,$(DEB_CONFIGURE_OPTIONS))) + CONFIGURE_OPTIONS = --enable-static +else + CONFIGURE_OPTIONS = --disable-static +endif + +%: + dh $@ --with autoreconf + +override_dh_auto_configure: + chmod a+x conf_convert + dh_auto_configure -- --libexecdir=/usr/lib/rssh \ + --with-scp=/usr/bin/scp --with-cvs=/usr/bin/cvs \ + --with-sftp-server=/usr/lib/openssh/sftp-server \ + --with-rsync=/usr/bin/rsync --with-rdist=/usr/bin/rdist \ + --with-svnserve=/usr/bin/svnserve $(CONFIGURE_OPTIONS) + +override_dh_auto_install: + cp rssh.conf.default rssh.conf + +override_dh_compress: + dh_compress -Xexamples diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/options b/source/options new file mode 100644 index 0000000..b7bc1f2 --- /dev/null +++ b/source/options @@ -0,0 +1 @@ +compression = "xz" diff --git a/templates b/templates new file mode 100644 index 0000000..e7b8025 --- /dev/null +++ b/templates @@ -0,0 +1,13 @@ +Template: rssh/chroot_helper_setuid +Type: boolean +Default: false +_Description: Do you want rssh_chroot_helper to be installed setuid root? + If you plan to use chroot jails for the users using rssh, the program + /usr/lib/rssh/rssh_chroot_helper has to be installed setuid root so that + it can chroot into the jail when the user connects. If you are not using + chroot jails, it's better to not install setuid root programs you don't + need. + . + If in doubt, install it without setuid root. If you later decide to use + chroot jails, you can change this configuration by running + dpkg-reconfigure rssh. diff --git a/watch b/watch new file mode 100644 index 0000000..13ec360 --- /dev/null +++ b/watch @@ -0,0 +1,7 @@ +# This watch file works for getting the upstream version number, but probably +# won't work for the actual download due to the stupid Sourceforge +# redirection. Since I don't anticipate a new upstream release, at least from +# this location, this probably isn't enough of a problem to bother fixing. + +version=3 +http://sf.net/rssh/rssh-([\d.]+)\.tar\.gz$ -- cgit v1.2.3 From 2acc36a1f201a6c3c85e958818c9e3b341d05160 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix invalid option error Don't refer to all invalid options as invalid scp options. Gbp-Pq: Name 0001-Fix-invalid-option-error.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index f98d2bc..3affc0a 100644 --- a/util.c +++ b/util.c @@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) while (vec && *vec){ if (opt_exist(*vec, opt)){ fprintf(stderr, "\nillegal insecure %c option", opt); - log_msg("insecure %c option in scp command line!", opt); + log_msg("insecure %c option in command line!", opt); return TRUE; } vec++; -- cgit v1.2.3 From 6c9ba446929b9775a9d4aacb4136e5f144eed234 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Honor CFLAGS/CPPFLAGS passed to configure The CFLAGS from dpkg-buildflags are missing because they are overwritten in Makefile.am. The attached patch removes an incorrect build rule and passes the custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are still passed correctly. Signed-off-by: Russ Allbery Gbp-Pq: Name 0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch --- Makefile.am | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index c5b1a8d..57a4305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ## Process this file with automake to produce Makefile.in AUTOMAKE_OPTIONS = nostdinc -ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -ourflags = @defcflags@ @static@ -AM_CFLAGS = $(ourflags) +AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +AM_CFLAGS = @defcflags@ @static@ bin_PROGRAMS = rssh libexec_PROGRAMS = rssh_chroot_helper nodist_rssh_SOURCES = main.c pathnames.h config.h @@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh base=`echo @PACKAGE_STRING@|tr " " "-"` -.c.o: - $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - install-exec-hook: chmod u+s $(libexecdir)/rssh_chroot_helper -- cgit v1.2.3 From e4cc661b3cca18154b59a3f29d8994ff329e7dde Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix buffer allocation buffer for fail message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Gbp-Pq: Name 0003-Fix-buffer-allocation-buffer-for-fail-message.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 3affc0a..ef1a5d8 100644 --- a/util.c +++ b/util.c @@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; else { - size += 18; + size += 18 + 1; if ( !(cmd = (char *)malloc(size)) ){ log_msg("fatal error: out of mem allocating log msg"); exit(1); -- cgit v1.2.3 From ef0cd49a20ea94f7eb3b3a0333f00776f0c605b4 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Lower syslog priority to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Gbp-Pq: Name 0004-Lower-syslog-priority-to-debug.patch --- rsshconf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rsshconf.c b/rsshconf.c index 4b22766..564f747 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing scp to all users"); } opts->shell_flags |= RSSH_ALLOW_SCP; @@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing sftp to all users"); } opts->shell_flags |= RSSH_ALLOW_SFTP; @@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing cvs to all users"); } opts->shell_flags |= RSSH_ALLOW_CVS; @@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, lineno); return FALSE; } - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log){ log_msg("allowing rdist to all users"); opts->shell_flags |= RSSH_ALLOW_RDIST; @@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing rsync to all users"); } opts->shell_flags |= RSSH_ALLOW_RSYNC; @@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, /* get rid of any old value for chroot path, assign new one */ if ( opts->chroot_path ) free(opts->chroot_path); if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("chrooting all users to %s", temp); } /* we must not free temp, since opts points to it */ @@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, return FALSE; } if ( facname ){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log) log_msg("setting log facility to %s", facname); log_set_facility(fac); return TRUE; @@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting umask to %#o", mask); } opts->rssh_umask = mask; @@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, */ if ( (strcmp(user, username)) ) return TRUE; if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("line %d: configuring user %s", lineno, user); } if ( !(len = eat_colon(temp + pos)) ){ @@ -969,7 +969,7 @@ cleanup: tmpmask = 077; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting %s's umask to %#o", user, tmpmask); } opts->rssh_umask = tmpmask; -- cgit v1.2.3 From 74cc2826346afe6b3f147b26aa2342e5f1b16eca Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix spelling errors in manual pages Gbp-Pq: Name 0005-Fix-spelling-errors-in-manual-pages.patch --- rssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rssh.1 b/rssh.1 index caa2636..a682f70 100644 --- a/rssh.1 +++ b/rssh.1 @@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see http://www.openssh.com), but may work with other implementations. .P The system administrator should install the shell on the restricted system. -Then the password file entry of any user for whom it is desireable to provide +Then the password file entry of any user for whom it is desirable to provide restricted access should be edited, such that their shell is \fBrssh\fP. For example: .P @@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you are trying to provide. This prevents them from running standard system commands. .P -Then, make sure the user's files inside the jail are on a seperate filesystem +Then, make sure the user's files inside the jail are on a separate filesystem from your system's executables. If possible in your environment, make sure you mount this filesystem using the .IR noexec " and " nosuid -- cgit v1.2.3 From 0ae2a01e9dedff2ff2a4bc20046ebd74806e1dd1 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. With multiarch, these libraries have also been moved into a subdirectory of /lib. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff and Jeremy Jongepier for their contributions. Gbp-Pq: Name 0006-Fixes-and-improvements-to-mkchroot.sh.patch --- mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/mkchroot.sh b/mkchroot.sh index 9e17d5d..8bc1ecc 100755 --- a/mkchroot.sh +++ b/mkchroot.sh @@ -1,13 +1,13 @@ -#!/bin/sh +#!/bin/bash ##################################################################### ##################################################################### ## ## mkchroot.sh - set up a chroot jail. ## -## This script is written to work for Red Hat 8/9 systems, but may work on -## other systems. Or, it may not... In fact, it may not work at all. Use at -## your own risk. :) +## This script is written to work for Red Hat 8/9 systems and adapted to work +## on Debian systems, but may work on other systems. Or, it may not... In +## fact, it may not work at all. Use at your own risk. :) ## fail() { @@ -96,9 +96,9 @@ fi # copy SSH files scp_path="/usr/bin/scp" -sftp_server_path="/usr/libexec/openssh/sftp-server" +sftp_server_path="/usr/lib/openssh/sftp-server" rssh_path="/usr/bin/rssh" -chroot_helper_path="/usr/libexec/rssh_chroot_helper" +chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do @@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ # # identify and copy libraries needed in the jail # +# Sample ldd output: +# +# linux-gate.so.1 => (0xffffe000) +# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) +# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) +# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) +# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) +# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) +# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) +# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) +# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) +# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) +# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) +# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) +# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) +# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) +# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) +# /lib/ld-linux.so.2 (0xb7f13000) +# +# either the first or the third column may contain a path +# -for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ + /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ + /lib/*/libnss_files*; do + if [ ! -f "$prog" ] ; then + continue + fi echo "Copying libraries for $prog." - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` for lib in $libs; do - mkdir -p "$jail_dir$(dirname $lib)" + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 echo -e "\t$lib" - cp "$lib" "$jail_dir$lib" + cp "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 done done +# On Debian with multiarch, the libnss files are in /lib/, where +# is the relevant architecture triplet. Just copy everything +# that's installed, since we're not sure which ones we'll need. echo "copying name service resolution libraries..." -tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' +if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +else + tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +fi ##################################################################### # @@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se # echo "Setting up /etc in the chroot jail" -mkdir -p "$jail_dir/etc" -cp /etc/nsswitch.conf "$jail_dir/etc/" -cp /etc/passwd "$jail_dir/etc/" -cp /etc/ld.* "$jail_dir/etc/" - -echo -e "Chroot jail configuration completed." -echo -e "\nNOTE: if you are not using the passwd file for authentication," -echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" - +mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 +cp /etc/nsswitch.conf "$jail_dir/etc/" || \ + fail "Error copying /etc/nsswitch.conf. Exiting" 7 +cp /etc/passwd "$jail_dir/etc/" || \ + fail "Error copying /etc/passwd. Exiting" 7 +cp -r /etc/ld.* "$jail_dir/etc/" || \ + fail "Error copying /etc/ld.*. Exiting" 7 +echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" +echo -e "to edit out unnecessary users and remove any sensitive information" +echo -e "from it." ##################################################################### # -# set up /dev/log +# set up /dev # mkdir -p "$jail_dir/dev" +if [ `whoami` = "root" ]; then + cp -a /dev/log "$jail_dir/dev" || \ + fail "Error creating /dev/log. Exiting" 8 + cp -a /dev/null "$jail_dir/dev" || \ + fail "Error creating /dev/null. Exiting" 8 + cp -a /dev/zero "$jail_dir/dev" || \ + fail "Error creating /dev/zero. Exiting" 8 +else + echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" + echo -e "You are not root.\n" +fi + +echo -e "Chroot jail configuration completed.\n" + +echo -e "NOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + +echo -e "NOTE: if you are using any programs other than scp and sftp, you will" +echo -e "need to copy the server binaries and any libraries they depend on" +echo -e "into the chroot manually. Use ldd on the binary to find the needed" +echo -e "libraries.\n" echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," echo -e "you will need to start syslog as:\n" -echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" echo -e "if it\ndoesn't, you're on your own. Sorry!\n" - - -- cgit v1.2.3 From 5aa3b38f2b2af54053122e27d608be80d9918f41 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Handle rsync v3 -e protocol option As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Also scan the rsync command line for any --rsh option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. Based on work by Robert Hardy. Debian Bug#471803 Gbp-Pq: Name 0007-Handle-rsync-v3-e-protocol-option.patch --- util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 72 insertions(+), 8 deletions(-) diff --git a/util.c b/util.c index ef1a5d8..b70899f 100644 --- a/util.c +++ b/util.c @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include #endif /* HAVE_LIBGEN_H */ +#include /* LOCAL INCLUDES */ #include "pathnames.h" @@ -197,6 +198,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) } +/* + * rsync_e_okay() - take the command line passed to rssh and look for an -e + * option. If one is found, make sure --server is provided + * and the option contains only the protocol information. + * Also check for and reject any --rsh option. Returns FALSE + * if the command line should not be allowed, TRUE if it is + * okay. + */ +static int rsync_e_okay( char **vec ) +{ + regex_t re; + int server = FALSE; + int e_found = FALSE; + + /* + * rsync will send -e, followed by either just "." (meaning no special + * protocol) or "N.N" (meaning a pre-release protocol version), + * followed by some number of alphabetic flags indicating various + * supported options. There may be other options between - and the e, + * but -e will always be the last option in the string. A typical + * option passed by the client is "-ltpre.iL". + * + * Note that if --server is given, this should never be parsed as a + * shell, but we'll tightly verify it anyway, just in case. + * + * This regex matches the acceptable flags containing -e, so if it + * does not match, the command line should be rejected. + */ + static const char pattern[] + = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; + + /* + * Only recognize --server if it's the first option. rsync itself + * always passes it that way, and if it's not the first argument, it + * could be hidden from the server as an argument to some other + * option. + */ + if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ + server = TRUE; + } + + /* Check the remaining options for -e or --rsh. */ + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ + return FALSE; + } + while (vec && *vec){ + if ( strcmp(*vec, "--") == 0 ) break; + if ( strcmp(*vec, "--rsh") == 0 + || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ + regfree(&re); + return FALSE; + } + if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ + e_found = TRUE; + if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ + regfree(&re); + return FALSE; + } + } + vec++; + } + regfree(&re); + if ( e_found && !server ) return FALSE; + return TRUE; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ /* filter -e option */ - if ( opt_filter(cl, 'e') ) return NULL; - while (cl && *cl){ - if ( strstr(*cl, "--rsh" ) ){ - fprintf(stderr, "\ninsecure --rsh= not allowed."); - log_msg("insecure --rsh option in rsync command line!"); - return NULL; - } - cl++; + if ( !rsync_e_okay(cl) ){ + fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); + log_msg("insecure -e or --rsh option in rsync command line!"); + return NULL; } return PATH_RSYNC; } -- cgit v1.2.3 From d6b739a0bd0dfbe60fd10bf771fdf7f7f30c5b76 Mon Sep 17 00:00:00 2001 From: Davide Scola Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Add support for Subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Debian Bug#284756 Signed-off-by: Russ Allbery Gbp-Pq: Name 0008-Add-support-for-Subversion-svnserve.patch --- conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ conf_convert.sh | 45 --------------------------------------------- configure.ac | 22 ++++++++++++++++++++-- main.c.in | 5 ++++- pathnames.h.in | 1 + rssh.conf.5 | 17 +++++++++++------ rssh.conf.5.in | 17 +++++++++++------ rssh.conf.default | 28 +++++++++++++++------------- rssh.h | 13 +++++++------ rssh_chroot_helper.c | 3 +++ rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- util.c | 35 ++++++++++++++++++++++++++--------- util.h | 3 ++- 13 files changed, 194 insertions(+), 93 deletions(-) create mode 100644 conf_convert delete mode 100755 conf_convert.sh diff --git a/conf_convert b/conf_convert new file mode 100644 index 0000000..a47ecba --- /dev/null +++ b/conf_convert @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff --git a/conf_convert.sh b/conf_convert.sh deleted file mode 100755 index fb0c999..0000000 --- a/conf_convert.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff --git a/configure.ac b/configure.ac index ab145b4..caeae7d 100644 --- a/configure.ac +++ b/configure.ac @@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(sftp_path) AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff --git a/main.c.in b/main.c.in index 7d1695c..b3228e5 100644 --- a/main.c.in +++ b/main.c.in @@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -267,7 +269,8 @@ void vers_info( void ) printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff --git a/pathnames.h.in b/pathnames.h.in index 17e2fb7..043d7ae 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff --git a/rssh.conf.5 b/rssh.conf.5 index 5556468..227ef88 100644 --- a/rssh.conf.5 +++ b/rssh.conf.5 @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.5.in b/rssh.conf.5.in index 913ce9d..5e16acb 100644 --- a/rssh.conf.5.in +++ b/rssh.conf.5.in @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.default b/rssh.conf.default index c847565..88833c1 100644 --- a/rssh.conf.default +++ b/rssh.conf.default @@ -11,6 +11,7 @@ logfacility = LOG_USER #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ umask = 022 ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff --git a/rssh.h b/rssh.h index d15f645..111f9a0 100644 --- a/rssh.h +++ b/rssh.h @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 7780c11..8a35cdc 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -254,6 +254,9 @@ int main( int argc, char **argv ) case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff --git a/rsshconf.c b/rsshconf.c index 564f747..459b26b 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -71,6 +71,7 @@ const char *keywords[] = { "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, int process_allow_rsync( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_svnserve( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_DEBUG); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -999,6 +1037,10 @@ cleanup: if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff --git a/util.c b/util.c index b70899f..56f67ad 100644 --- a/util.c +++ b/util.c @@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -305,6 +308,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) } return PATH_RSYNC; } + if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } /* No match, return NULL */ return NULL; } @@ -329,6 +342,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) return PATH_RDIST; if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) return PATH_RSYNC; + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) + return PATH_SVNSERVE; return NULL; } @@ -394,22 +409,24 @@ int validate_umask( const char *temp, int *mask ) * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff --git a/util.h b/util.h index 8b81201..a67eb32 100644 --- a/util.h +++ b/util.h @@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void ); -- cgit v1.2.3 From e65dab158adba1d5fe54f98a71a9b19d70bd7701 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sun, 17 Dec 2017 16:21:18 -0800 Subject: Import rssh_2.3.4-6.debian.tar.xz [dgit import tarball rssh 2.3.4-6 rssh_2.3.4-6.debian.tar.xz] --- NEWS | 26 + README.Debian | 45 ++ changelog | 622 ++++++++++++++++++++ clean | 1 + compat | 1 + config | 11 + control | 29 + copyright | 56 ++ docs | 4 + examples | 1 + gbp.conf | 3 + install | 4 + logcheck.ignore.server | 6 + manpages | 2 + patches/0001-Fix-invalid-option-error.patch | 22 + ...Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch | 41 ++ ...buffer-allocation-buffer-for-fail-message.patch | 26 + patches/0004-Lower-syslog-priority-to-debug.patch | 104 ++++ .../0005-Fix-spelling-errors-in-manual-pages.patch | 30 + ...006-Fixes-and-improvements-to-mkchroot.sh.patch | 187 ++++++ .../0007-Handle-rsync-v3-e-protocol-option.patch | 126 +++++ .../0008-Add-support-for-Subversion-svnserve.patch | 625 +++++++++++++++++++++ patches/series | 8 + po/POTFILES.in | 1 + po/cs.po | 49 ++ po/da.po | 50 ++ po/de.po | 51 ++ po/es.po | 75 +++ po/fr.po | 58 ++ po/gl.po | 49 ++ po/id.po | 54 ++ po/it.po | 50 ++ po/ja.po | 45 ++ po/nl.po | 51 ++ po/pt.po | 50 ++ po/pt_BR.po | 53 ++ po/ru.po | 54 ++ po/sv.po | 58 ++ po/templates.pot | 42 ++ postinst | 53 ++ rules | 28 + source/format | 1 + source/options | 1 + templates | 13 + watch | 7 + 45 files changed, 2873 insertions(+) create mode 100644 NEWS create mode 100644 README.Debian create mode 100644 changelog create mode 100644 clean create mode 100644 compat create mode 100755 config create mode 100644 control create mode 100644 copyright create mode 100644 docs create mode 100644 examples create mode 100644 gbp.conf create mode 100644 install create mode 100644 logcheck.ignore.server create mode 100644 manpages create mode 100644 patches/0001-Fix-invalid-option-error.patch create mode 100644 patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch create mode 100644 patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch create mode 100644 patches/0004-Lower-syslog-priority-to-debug.patch create mode 100644 patches/0005-Fix-spelling-errors-in-manual-pages.patch create mode 100644 patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch create mode 100644 patches/0007-Handle-rsync-v3-e-protocol-option.patch create mode 100644 patches/0008-Add-support-for-Subversion-svnserve.patch create mode 100644 patches/series create mode 100644 po/POTFILES.in create mode 100644 po/cs.po create mode 100644 po/da.po create mode 100644 po/de.po create mode 100644 po/es.po create mode 100644 po/fr.po create mode 100644 po/gl.po create mode 100644 po/id.po create mode 100644 po/it.po create mode 100644 po/ja.po create mode 100644 po/nl.po create mode 100644 po/pt.po create mode 100644 po/pt_BR.po create mode 100644 po/ru.po create mode 100644 po/sv.po create mode 100644 po/templates.pot create mode 100755 postinst create mode 100755 rules create mode 100644 source/format create mode 100644 source/options create mode 100644 templates create mode 100644 watch diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..7adbe32 --- /dev/null +++ b/NEWS @@ -0,0 +1,26 @@ +rssh (2.3.2-9) unstable; urgency=low + + This version of the rssh package adds support for Subversion by adding + an additional configuration parameter that, if set, allows an rssh user + to run svnserve -t. + + This support requires changing the /etc/rssh.conf file format to add an + additional binary digit to the permissions field. The package will + attempt to make that change automatically during the upgrade, disabling + svnserve for all users by default, but you may want to double-check the + resulting /etc/rssh.conf file to be sure it's correct. + + -- Russ Allbery Sat, 04 Apr 2009 14:39:27 -0700 + +rssh (2.2.1-1) unstable; urgency=medium + + * This release contains 2 major updates: + - A minor security fix (which results only in disclosing some information + in chrooted jails about the non chrooted environment). + - New support for cvs, rdist and rsync. Due to the new protocols, a + modification needs to be done in the configuration file, which has not + been automated in the installation scripts. Read the packages' README + for more information. + + -- Jesus Climent Thu, 8 Jul 2004 02:37:24 -0300 + diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..8c71aae --- /dev/null +++ b/README.Debian @@ -0,0 +1,45 @@ +rssh for Debian +--------------- + +rssh provides a way of restricting a user to only using one or more of +scp, sftp, cvs, rsync, rdist, and svnserve. rssh also can optionally +chroot into a jail before running the command and has a configuration file +to specify which commands are allowed. + +Please thoroughly read the rssh man page before using this program. If +rssh is not configured correctly, it may not be secure. You may also want +to read the security history in /usr/share/doc/rssh/SECURITY. In +particular, if you're allowing ssh access, make sure that either the +restricted user cannot write to ~/.ssh or ~/.ssh/environment or that you +have PermitUserEnvironment set to no in /etc/sshd_config. + +/usr/share/doc/rssh/examples/mkchroot.sh automates much of the work of +setting up a chroot environment if you choose to configure rssh that way. +Alternately, you could try using makejail, which takes a more +comprehensive approach to figuring out what files are needed. makejail is +designed for daemons, so it's a bit difficult to use, but if you configure +makejail to run (via testCommandsInsideJail) the programs you want to +allow the user to run via rssh, it may be able to figure it out. + +rssh is built using shared libraries by default. If you want to recompile +it statically linked, build the source package with: + + DEB_CONFIGURE_OPTIONS=static + +in the environment. The rssh author recommends this, but static binaries +are not well-supported by glibc. + +Keep in mind that the software has been developed to be simple, trying to +avoid possible security problems, but cannot be assured. If you find a +security problem, please report it as soon as possible. Note that the +Debian bug tracking system is public; if you believe you have discovered a +serious security vulnerability, feel free to contact the maintainers +directly. + +Also note that the upstream maintainer of rssh does not plan to make any +further releases. If you are interested in support for additional +programs (such as passwd; see Debian Bug#323384) and you have the skills +to maintain a security-sensitive C program, consider taking over upstream +maintenance. + + -- Russ Allbery , Mon, 29 Mar 2010 11:23:15 -0700 diff --git a/changelog b/changelog new file mode 100644 index 0000000..f4e7772 --- /dev/null +++ b/changelog @@ -0,0 +1,622 @@ +rssh (2.3.4-6) unstable; urgency=medium + + * Add Rules-Requires-Root: no. + * Update to debhelper compatibility level V11. + - Remove now-useless build dependency on dh-autoreconf. + * Clean up trailing whitespace in debian/changelog. + * Update standards version to 4.1.2 (no changes required). + + -- Russ Allbery Sun, 17 Dec 2017 16:21:18 -0800 + +rssh (2.3.4-5) unstable; urgency=medium + + * Enable all hardening flags. + * Fix another spelling error in the rssh man page, caught by Lintian. + * Translation updates: + - Indonesian, thanks Izharul Haq. (Closes: #835621) + * Switch to the DEP-14 branch layout and update debian/gbp.conf and + Vcs-Git accordingly. + * Run wrap-and-sort -ast on packaging files. + * Switch to https for Vcs-Git and Vcs-Browser URLs. + * Fix duplicate license clause in debian/copyright. + * Update standards version to 3.9.8 (no changes required). + + -- Russ Allbery Mon, 05 Sep 2016 15:39:58 -0700 + +rssh (2.3.4-4) unstable; urgency=low + + * Fix typo in the example mkchroot script that causes it to fail to + copy the libnss compat modules. Patch from Jeremy Jongepier. + (Closes: #729294) + * This package is now maintained using gbp pq from git-buildpackage. + Remove the TopGit glue and the obsolete README.source package and + rename the patches based on the export convention of gbp pq. + * Drop override to use xz compression for the binary package. This is + now the default in dpkg-buildpackage. + * Update standards version to 3.9.5 (no changes required). + * Translation updates: + - Portuguese (Brazilian), thanks Fernando Ike de Oliveira. + (Closes: #723148) + * Reformat translations with debconf-updatepo. Add some missing + Language fields and update the Report-Msgid-Bugs-To address. + + -- Russ Allbery Sat, 07 Dec 2013 19:18:35 -0800 + +rssh (2.3.4-3) unstable; urgency=low + + * Patch the upstream build system to honor CFLAGS and CPPFLAGS as passed + to configure. This fixes use of hardening flags during the build. + Thanks to Simon Ruderich for the patch. (Closes: #709941) + + -- Russ Allbery Tue, 28 May 2013 14:37:10 -0700 + +rssh (2.3.4-2) unstable; urgency=low + + * Upload to unstable. + * Fix implicit function declaration compiler warning from the svnserve + patch. + * Use xz compression for the Debian source and binary package. + * Canonicalize the Vcs-Git and Vcs-Browser control fields. + * Update standards version to 3.9.4 (no changes required). + + -- Russ Allbery Sat, 11 May 2013 17:09:30 -0700 + +rssh (2.3.4-1) experimental; urgency=low + + * New upstream release. + - Merges fixes/command-line-checking. + - Fix a (probably not exploitable) flaw in determining the command + to run from the provided command line. + * Adjust the installation process for the new upstream behavior of + installing rssh.conf as rssh.conf.default. The Debian package + continues to install it as /etc/rssh.conf. + * Add new logcheck ignore line for a new upstream log message. + * Fix the log level for a notice of global svnserve access to use debug, + matching the (patched) behavior for the other program types. + * Fix the regular expression in the previous change to correctly match a + literal period instead of any character. (This fix is not critical, + but adds further defense in depth.) Remove an unused variable to + silence compiler warnings. Patch from Tomas Hoger. + * Change debian/watch to use the sf.net redirector. + + -- Russ Allbery Fri, 07 Dec 2012 16:14:37 -0800 + +rssh (2.3.3-6) unstable; urgency=high + + * Fix several flaws in validation of rsync options. Ensure --server + cannot be hidden from the server by putting it after -- or as the + argument to another option. Verify that the -e option's value matches + expectations rather than trying to look for invalid -e option values. + (CVE-2012-2251) + * Reject the rsync --rsh option even if it does not contain a trailing + equal sign. (CVE-2012-2252) + + -- Russ Allbery Thu, 22 Nov 2012 12:01:41 -0800 + +rssh (2.3.3-5) unstable; urgency=medium + + * Apply upstream patch to close security vulnerability that permitted + clever manipulation of environment variables on the ssh command line + to bypass rssh checking. (CVE-2012-3478) + + -- Russ Allbery Fri, 10 Aug 2012 22:14:34 -0700 + +rssh (2.3.3-4) unstable; urgency=low + + * Force libexecdir to /usr/lib/rssh. This is not a library package and + has no reason to be using the multiarch paths, but picked up the + modification to libexecdir as a side effect of the debhelper + compatibility level change. (Closes: #663011) + + -- Russ Allbery Wed, 07 Mar 2012 16:07:37 -0800 + +rssh (2.3.3-3) unstable; urgency=low + + * Translation updates: + - Danish, thanks Joe Dalton. (Closes: #659447) + * Update debian/copyright to copyright-format 1.0. + * Update standards version to 3.9.3 (no changes required). + + -- Russ Allbery Sun, 04 Mar 2012 21:43:29 -0800 + +rssh (2.3.3-2) unstable; urgency=low + + * Update examples/mkchroot.sh to include libnss modules in a multiarch + subdirectory of /lib if none exist directly in /lib. + * Update to debhelper compatibility level V9. + - Enable compiler hardening flags, including bindnow and PIE. + (Closes: #654155) + * Use dh-autoreconf to regenerate the Autotools build system rather than + rolling our own equivalent. + * Update standards version to 3.9.2 (no changes required). + + -- Russ Allbery Sun, 05 Feb 2012 19:51:55 -0800 + +rssh (2.3.3-1) unstable; urgency=low + + * New upstream release. + - Exit with non-zero status when fatal() is called. + - Merges Debian fixes/config-parse-fatal, fixes/man-page-hyphen, and + fixes/missing-config patches. + * In the example mkchroot script, also check for and copy over the + dependencies of any of the NSS libraries we copy over. This picks up + the libnsl library, which is now required. Print out a warning that + mkchroot doesn't copy over any of the libraries required for other + supporting programs (rsync, etc.), only those for scp and sftp. + (Closes: #611878) + * Update debian/copyright to the current DEP-5 format. + * Update to debhelper compatibility level V8. + * Update to standards version 3.9.1 (no changes required). + + -- Russ Allbery Mon, 28 Feb 2011 17:45:00 -0800 + +rssh (2.3.2-13) unstable; urgency=low + + * When allocating the buffer to tell a locked-out user what commands are + supported, add an additional byte for the nul at the end of the + string. (Closes: #601145) + + -- Russ Allbery Wed, 10 Nov 2010 11:23:07 -0800 + +rssh (2.3.2-12) unstable; urgency=low + + * If parsing the configuration file fails, abort with an error rather + than continuing on and applying the defaults, since the defaults may + be wrong for the current user. Patch from Jon Barber. + * Fix spelling error (seperate for separate) in rssh man page. + * Remove version from openssh-server dependency since it was older than + oldstable. + * Update standards version to 3.9.0 (no changes required). + + -- Russ Allbery Tue, 06 Jul 2010 18:07:47 -0700 + +rssh (2.3.2-11) unstable; urgency=low + + * Switch to 3.0 (quilt) source format. + - Remove build dependency on quilt and debian/rules machinery. + * Remove all of the files touched by autoreconf -i. + * Remove Jesus Climent from uploaders. He hasn't had time to work on + the package in a while. + * Update standards version to 3.8.4 (no changes required). + + -- Russ Allbery Mon, 29 Mar 2010 11:28:43 -0700 + +rssh (2.3.2-10) unstable; urgency=low + + * Update standards version 3.8.2 (no changes required). + * Translation updates: + - Czech, thanks Martin Šín. (Closes: #533389) + - Russian, thanks Yuri Kozlov. (Closes: #537062) + + -- Russ Allbery Sat, 18 Jul 2009 19:49:00 -0700 + +rssh (2.3.2-9) unstable; urgency=low + + * This package is now maintained using Git and TopGit. A quilt + patch series is exported from TopGit branches for the final Debian + package. Update debian/README.source, the Vcs-* control fields, and + debian/rules accordingly. + * Add support for svnserve (Subversion). This requires a change in the + format of /etc/rssh.conf to add an additional binary digit to the + permissions field. /etc/rssh.conf will be automatically updated as + part of the package upgrade using /usr/share/rssh/conf_convert. Patch + from Davide Scola. (Closes: #284756) + * In mkchroot, also install /dev/zero in the chroot. Noted in an + updated patch from Ross Davis sent to the rssh-discuss list. + * Remove postrm script that removed rssh from /etc/shells. We do that + in postinst on upgrade and have for some time, so this maintainer + script was unnecessary. + * Convert to the proposed new copyright format. + * Swap Maintainer and Uploaders, making me the primary maintainer. I've + done all of the recent uploads. + * Update debhelper compatibility level to V7. + - Use rule minimization with overrides. + - Move install, examples, and manpage lists into separate files. + - Add --enable-static if "static" is in DEB_CONFIGURE_OPTIONS rather + than requiring the variable be set to exactly --enable-static. + - Remove unnecessary debian/dirs. + * Update standards version to 3.8.1 (no changes required). + * Translation updates: + - Spanish, thanks Francisco Javier Cuadrado. (Closes: #509356) + + -- Russ Allbery Sat, 04 Apr 2009 15:41:07 -0700 + +rssh (2.3.2-8) unstable; urgency=low + + * The upstream mkchroot script uses echo -e, so make it a /bin/bash + script, which is less invasive than rewriting all of the echo + statements to printf. Thanks, Raphael Geissert. (Closes: #489653) + * Update standards version to 3.8.0. + - Add a README.source file pointing to the quilt documentation. + + -- Russ Allbery Sun, 13 Jul 2008 13:09:38 -0700 + +rssh (2.3.2-7) unstable; urgency=low + + * Translation updates: + - Galician, thanks Jacobo Tarrio. (Closes: #483220) + + -- Russ Allbery Tue, 27 May 2008 19:48:25 -0700 + +rssh (2.3.2-6) unstable; urgency=low + + * Allow the -e option to rsync in conjunction with --server when it + contains a protocol version. As of version three, rsync reused the -e + option to pass protocol information. (Closes: #471803) + * Avoid a segfault when logging is disabled and the configuration file + could not be opened. Thanks, Thomas Liske. (Closes: #470262) + * Update the example mkchroot.sh script, thanks to Carsten Maass and + proctor mcduff. (Closes: #465528) + - Fix the parsing of ldd output. + - Create /dev/null and /dev/log in the chroot. + - Update the sftp-server and rssh_chroot_helper paths for Debian. + - Copy /etc/ld.* files recursively. + - Add better error handling. + * Suggest makejail for the chroot setup. (Closes: #458563) + * Clean all patches of extraneous headers and timestamps. + * Mention in README.Debian that the upstream maintainer doesn't plan + future releases and therefore major new work (such as Subversion + support) may require taking over upstream maintenance. + * Add a Homepage control field and drop the XS-* prefixes for the Vcs + control fields. + * Add the upstream copyright statement and the complete license to + debian/copyright. + * Add a watch file. + * debian/rules cleanup: + - Use a stamp file for installation. + - Depend on the quilt stamp file to prevent repeating configure. + - Use touch $@ to create stamp files. + - Simplify the rule structure. + * Update standards version to 3.7.3 (no changes required). + + -- Russ Allbery Sun, 23 Mar 2008 12:46:52 -0700 + +rssh (2.3.2-5) unstable; urgency=low + + * Fix the logic for checking whether the setuid status of + rssh_chroot_helper was overridden by the sysadmin. The previous logic + would only make it setuid if dpkg-statoverride couldn't be found. + Thanks, Peter Baumann. (Closes: #425431) + * Don't add rssh to /etc/shells; restricted shells should not be listed + there. Remove it from /etc/shells if upgrading from an older version. + Also, we don't need to conditionalize running add-shell and + remove-shell, since debianutils is essential and has had add-shell and + remove-shell since etch. (Closes: #424672) + * Remove the obsolete security note from the config script. + * Fix the build system to not run configure twice. + * Add XS-Vcs-Svn and XS-Vcs-Browser control fields. + + -- Russ Allbery Mon, 21 May 2007 19:10:54 -0700 + +rssh (2.3.2-4) unstable; urgency=low + + * Rewrite the prompt for a setuid rssh_chroot_helper to follow the + DevRef debconf style guidelines and not mention an incorrect path in + /usr/bin. (Closes: #421000) + * Don't use config.status as a stamp file, since then the ordering of + removal causes make clean to fail after a build. (Closes: #424281) + * Translation updates: + - Swedish, thanks Daniel Nylander. + - Dutch, thanks cobaco. + - Portuguese, thanks Miguel Figueiredo. (Closes: #418924) + - German, thanks Helge Kreutzmann. (Closes: #419252) + - Italian, thanks Luca Monducci. (Closes: #419398) + - French, thanks Michel Grentzinger. (Closes: #420430) + - Japanese, thanks Hideki Yamane. (Closes: #422265) + + -- Russ Allbery Tue, 15 May 2007 15:59:24 -0700 + +rssh (2.3.2-3) unstable; urgency=low + + * In the example mkchroot script, warn that /etc/passwd is copied into + the chroot and the user may wish to remove unnecessary users and + sensitive information. (Closes: #366655) + * Let debhelper handle debconf purging in postrm properly, fixing + purging failures when debconf isn't installed. (Closes: #417009) + * Remove debconf update notes for versions that are now older than + oldstable. (Closes: #388957) + * Improve the README.Debian security information. Move the details from + the debconf security note to here to eliminate the rest of the debconf + note abuse. + * Fix incorrect hyphens in the rssh man page. + * Recognize reconfigure in postinst. + * Don't die on unknown actions in maintainer scripts. + * Only remove rssh from /etc/shells on remove and purge, not upgrade. + * Use $(CURDIR) instead of `pwd` in debian/rules. + * Update standards version to 3.7.2 (no changes required). + * Update debhelper compatibility level to V5. + * Translation updates: + - Spanish, thanks Steve Lord Flaubert. (Closes: #415185) + - Dutch, thanks cobaco. (Closes: #415505) + + -- Russ Allbery Wed, 11 Apr 2007 19:07:28 -0700 + +rssh (2.3.2-2) unstable; urgency=low + + * Translation updates: + - Portuguese, thanks Miguel Figueiredo. (Closes: #410869) + + -- Russ Allbery Thu, 15 Feb 2007 20:37:53 -0800 + +rssh (2.3.2-1) unstable; urgency=low + + * New co-maintainer. + * New upstream release. + - Incorporates fixes from NMU. (Closes: #346322, #355935, #357715) + - Incorporates missing va_end also fixed in NMU. (Closes: #339531) + * Don't compress example scripts. (Closes: #333923) + * Mention chroot and jail in the rssh description. (Closes: #335475) + * Add libnss_compat* to the chroot script. (Closes: #335384) + * Drop the ssh-krb5 alternative; it doesn't use the right sftp-server + path. Add Suggests pointing to the other supported commands. + * Drop the configuration caution from the package description; it's in + the man page and the long description isn't supposed to include + configuration information for the package. + * Rework README.Debian a little to point to the rssh man page instead of + SECURITY (upstream moved the security notes there) and emphasize + reading the documentation before using the package. + * Update logcheck rules. + * debian/rules and debian/control cleanup. + - Switch to quilt for patches. It works essentially the same as the + script the package was using but is more standard and is the current + recommended tool. + - Run dh_shlibdeps to pick up proper dependency information. + - Get the debconf dependency from debhelper. + - Use debian/compat instead of setting DH_COMPAT. + - Use dh_installman instead of the deprecated dh_installmanpages. + - Remove duplicate rssh.docs configuration file. + - Don't install config.{guess,sub}; configure doesn't use them. + - Rename NEWS.Debian to NEWS so that debhelper installs it. + - Install logcheck rules with debhelper. + - Simplify unused rules and remove some boilerplate. + * Translation updates. + - Swedish, thanks Daniel Nylander. (Closes: #341412) + + -- Russ Allbery Fri, 21 Apr 2006 20:45:25 -0700 + +rssh (2.3.0-1.1) unstable; urgency=high + + * NMU (with maintainer permission). + * Backport code changes from upstream 2.3.2 release. + - Fixes coding error that runs cvs instead of rsync and rdist and + bypasses various security checks. (Closes: #346322) + - Fixes use of uninitialized variables that crash the chroot helper + program. (Closes: #355935) + + -- Russ Allbery Sat, 18 Mar 2006 20:29:29 -0800 + +rssh (2.3.0-1) unstable; urgency=high + + * New upstream release. + * This package is a security update: + - closes CVE-2005-3345. + - Closes: #344424, #344395 + + -- Jesus Climent Mon, 19 Dec 2005 20:00:02 +0200 + +rssh (2.2.3-3) unstable; urgency=low + + * Changed the path of sftp-server to /usr/lib/openssh/sftp-server to + cope with ssh changes, in the helper script to create the chroots. + * Add rssh to /etc/shells (Closes: #312330). + * Added a logcheck file (Closes: #319802). + * Lowered the log output from INFO to DEBUG, to reduce the amount of + information rssh spits (Closes: #325684). + + -- Jesus Climent Sun, 9 Oct 2005 21:48:35 +0000 + +rssh (2.2.3-2) unstable; urgency=low + + * The "I spent DebConf5 without a single package upload" release. + * Added a dependency on openssh-server so that the change to the new + sftp-server does not affect us. + * Also, changed the path to the new sftp-server location. + * Added debconf-2.0 dependency. + + -- Jesus Climent Fri, 5 Aug 2005 12:23:47 +0000 + +rssh (2.2.3-1) unstable; urgency=high + + * New upstream release + * Security fix: CAN-2004-1161. Closes: #284207. + * Translations update: + - de.po: Jens Nachtigall (Closes: #276697) + - ja.po: Hideki Yamane (Closes: #272899) + - cs.po: Miroslav Kure (Closes: #287300) + - it.po: Luca Monducci (Closes: #288828) + * Urgency set to high due to the security fix and to get it into Sarge. + + -- Jesus Climent Wed, 19 Jan 2005 10:02:13 +0000 + +rssh (2.2.2-1) unstable; urgency=high + + * New upstream release (Closes: #278157) + * Urgency set to high due to the bug #278157, which happens to be a security + bug. Thanks to the reporters: Hideki Yamane and Florian Weimer. + + -- Jesus Climent Wed, 27 Oct 2004 09:44:54 +0000 + +rssh (2.2.1-5) unstable; urgency=low + + * Translations updated: + - French: fr.po (Closes: #267573) + - Brazilian: pt_BR.po (Closes: #272433) + - Japanese: ja.po (Closes: #236236) although might be outdated. + + -- Jesus Climent Tue, 21 Sep 2004 15:07:29 +0000 + +rssh (2.2.1-4) unstable; urgency=low + + * Files CHROOT and SECURITY added to the package (Closes: #272650) + * mkchroot script and CHROOT file have been adapted to Debian. + + -- Jesus Climent Tue, 21 Sep 2004 10:52:11 +0000 + +rssh (2.2.1-3) unstable; urgency=low + + * My mistake! I added an exit to test the scripts and did not erase it + (Closes: #269875) + + -- Jesus Climent Tue, 7 Sep 2004 06:33:03 +0000 + +rssh (2.2.1-2) unstable; urgency=low + + * Upload to unstable. + + -- Jesus Climent Thu, 5 Aug 2004 11:38:58 +0300 + +rssh (2.2.1-1) experimental; urgency=low + + * New upstream release + * NEWS.Debian + + -- Jesus Climent Thu, 8 Jul 2004 02:37:24 -0300 + +rssh (2.2.0-1) experimental; urgency=low + + * New upstream release + + -- Jesus Climent Thu, 27 May 2004 23:56:12 -0300 + +rssh (2.1.1-5) unstable; urgency=low + + * Corrected dependency on ssh-krb5 (Closes: #232575) + + -- Jesus Climent Fri, 13 Feb 2004 20:43:23 +0000 + +rssh (2.1.1-4) unstable; urgency=low + + * Updated Brazilain Portuguese (pt_BR) translation (Closes: #218808) + * Updated Japanese (ja.po) translation (Closes: #224178) + + -- Jesus Climent Thu, 15 Jan 2004 16:17:47 +0000 + +rssh (2.1.1-3) unstable; urgency=low + + * Updated french (fr.po) translation file (Closes: #209173) + + -- Jesus Climent Thu, 11 Sep 2003 07:44:43 +0000 + +rssh (2.1.1-2) unstable; urgency=low + + * Somehow I uploaded the wrong copy of the package. Let's try again... + (Closes: #208739). + + -- Jesus Climent Thu, 4 Sep 2003 21:08:15 +0000 + +rssh (2.1.1-1) unstable; urgency=low + + * New upstream release (Closes: #201096) + * gettext is now used for debconf templates (Closes: #203673) + * Added french translation (Closes: #203674) + * rssh_chroot_helper moved to /usr/lib/rssh + * Standards version to 3.6.0 + + -- Jesus Climent Mon, 28 Jul 2003 13:43:20 +0000 + +rssh (2.0.4-1) unstable; urgency=low + + * New upstream release + + -- Jesus Climent Wed, 2 Jul 2003 21:58:08 +0000 + +rssh (2.0.3-2) unstable; urgency=low + + * $version did not get compared at all on debconf's config file. + + -- Jesus Climent Wed, 11 Jun 2003 21:56:35 +0000 + +rssh (2.0.3-1) unstable; urgency=low + + * New upstream release + * Standards-Version updated to 3.5.10 + + -- Jesus Climent Sat, 7 Jun 2003 17:04:09 +0000 + +rssh (2.0.2-1) unstable; urgency=low + + * New upstream release. + * We ask now for SUID option during installation: Closes: #188088. + * Small mistake in README.Debian: Closes: #188602. + + -- Jesus Climent Tue, 8 Apr 2003 11:02:52 +0300 + +rssh (2.0.1-1) unstable; urgency=low + + * New upstream release + + -- Jesus Climent Fri, 28 Feb 2003 18:27:47 +0000 + +rssh (2.0.0-1) unstable; urgency=low + + * New upstream release + * This release solves some problems upstream will include in the next + upstream release: correct COPYING file, Makefile.am problem,... + + -- Jesus Climent Mon, 24 Feb 2003 16:59:00 +0200 + +rssh (1.0.4-2) unstable; urgency=low + + * This time the description is _really_ not starting with "A". + + -- Jesus Climent Thu, 23 Jan 2003 13:43:53 +0200 + +rssh (1.0.4-1) unstable; urgency=low + + * New upstream release + + -- Jesus Climent Thu, 23 Jan 2003 13:43:36 +0200 + +rssh (1.0.3-2) unstable; urgency=low + + * Missing file SECURITY now included (Closes: #172018) + + -- Jesus Climent Wed, 11 Dec 2002 16:44:19 +0200 + +rssh (1.0.3-1) unstable; urgency=low + + * New upstream release + * Dependency upon new released ssh package (Closes: #168672) + + -- Jesus Climent Mon, 25 Nov 2002 08:07:08 +0200 + +rssh (1.0.1-3) unstable; urgency=low + + * Description starting with (Closes: #168556) + + -- Jesus Climent Thu, 14 Nov 2002 05:15:09 +0200 + +rssh (1.0.1-2) unstable; urgency=low + + * Link to the license directory in copyright. + + -- Jesus Climent Fri, 1 Nov 2002 19:58:51 +0200 + +rssh (1.0.1-1) unstable; urgency=low + + * New upstream release + * Static build is activated, and will deactivated when OpenSSH 3.5 is on + unstable. + + -- Jesus Climent Thu, 24 Oct 2002 14:08:37 +0300 + +rssh (1.0.0-1) unstable; urgency=low + + * New upstream release + * Closes: #160702. + + -- Jesus Climent Fri, 20 Sep 2002 17:48:24 +0300 + +rssh (0.9.3-2) unstable; urgency=low + + * debconf aware, showing the security note. + * the security note is shown just once. + * the security note is actually included in the package. + + -- Jesus Climent Tue, 17 Sep 2002 11:31:04 +0300 + +rssh (0.9.3-1) unstable; urgency=low + + * Initial Release. + + -- Jesus Climent Thu, 12 Sep 2002 23:23:59 +0300 diff --git a/clean b/clean new file mode 100644 index 0000000..b82e8b4 --- /dev/null +++ b/clean @@ -0,0 +1 @@ +rssh.conf diff --git a/compat b/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +11 diff --git a/config b/config new file mode 100755 index 0000000..f636a68 --- /dev/null +++ b/config @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule +db_version 2.0 + +db_input medium rssh/chroot_helper_setuid || true +db_go + +exit 0 diff --git a/control b/control new file mode 100644 index 0000000..0181090 --- /dev/null +++ b/control @@ -0,0 +1,29 @@ +Source: rssh +Section: net +Priority: optional +Maintainer: Russ Allbery +Build-Depends: + debhelper (>= 11), +Rules-Requires-Root: no +Standards-Version: 4.1.2 +Homepage: http://www.pizzashack.org/rssh/ +Vcs-Git: https://anonscm.debian.org/git/collab-maint/rssh.git -b debian/master +Vcs-Browser: https://anonscm.debian.org/gitweb/?p=collab-maint/rssh.git + +Package: rssh +Architecture: any +Depends: + openssh-server, + ${misc:Depends}, + ${shlibs:Depends}, +Suggests: + cvs, + makejail, + rdist, + rsync, + subversion, +Description: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist + rssh is a restricted shell, used as a login shell, that allows users to + perform only scp, sftp, cvs, svnserve (Subversion), rdist, and/or rsync + operations. It can also optionally chroot user logins into a restricted + jail. diff --git a/copyright b/copyright new file mode 100644 index 0000000..d92d0fd --- /dev/null +++ b/copyright @@ -0,0 +1,56 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: http://www.pizzashack.org/rssh/ + +Files: * +Copyright: 2003-2010 Derek D. Martin ( code at pizzashack dot org ). +License: BSD-two-clause + +Files: conf_convert +Copyright: (C) 2009 Davide Scola +License: GPL-2.0+ + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2, or (at your option) any later + version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + . + A copy of the GNU General Public License version 2 is available in + /usr/share/common-licenses/GPL-2 on Debian systems. + +Files: debian/* +Copyright: 2002-2005 Jesus Climent + 2006-2013, 2016-2017 Russ Allbery +License: BSD-two-clause +Comment: + Work by Jesus Climent has no explicit license. Presumably that work + may be redistributed under the same terms as rssh itself. + . + Changes by Russ Allbery and may be redistributed and/or modified under + the same terms as the rssh package. + +License: BSD-two-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + . + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. diff --git a/docs b/docs new file mode 100644 index 0000000..59c0950 --- /dev/null +++ b/docs @@ -0,0 +1,4 @@ +CHROOT +README +SECURITY +TODO diff --git a/examples b/examples new file mode 100644 index 0000000..9e2076b --- /dev/null +++ b/examples @@ -0,0 +1 @@ +mkchroot.sh diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..2541c07 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +debian-branch = debian/master +upstream-branch = upstream/latest diff --git a/install b/install new file mode 100644 index 0000000..01cd4dd --- /dev/null +++ b/install @@ -0,0 +1,4 @@ +conf_convert usr/share/rssh +rssh usr/bin +rssh.conf etc +rssh_chroot_helper usr/lib/rssh diff --git a/logcheck.ignore.server b/logcheck.ignore.server new file mode 100644 index 0000000..55f0fc3 --- /dev/null +++ b/logcheck.ignore.server @@ -0,0 +1,6 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: allowing [[:alnum:]]+ to (all users|user [^[:space:]]+)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: cmd '[[:alnum:]]+' approved$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: line [0-9]+: configuring user [^[:space:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: setting [^[:space:]]+ umask to [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: setting log facility to LOG_USER$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rssh\[[0-9]+\]: setting umask to [0-9]+$ diff --git a/manpages b/manpages new file mode 100644 index 0000000..2f18c7e --- /dev/null +++ b/manpages @@ -0,0 +1,2 @@ +rssh.1 +rssh.conf.5 diff --git a/patches/0001-Fix-invalid-option-error.patch b/patches/0001-Fix-invalid-option-error.patch new file mode 100644 index 0000000..e07da90 --- /dev/null +++ b/patches/0001-Fix-invalid-option-error.patch @@ -0,0 +1,22 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Fix invalid option error + +Don't refer to all invalid options as invalid scp options. +--- + util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util.c b/util.c +index f98d2bc..3affc0a 100644 +--- a/util.c ++++ b/util.c +@@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) + while (vec && *vec){ + if (opt_exist(*vec, opt)){ + fprintf(stderr, "\nillegal insecure %c option", opt); +- log_msg("insecure %c option in scp command line!", opt); ++ log_msg("insecure %c option in command line!", opt); + return TRUE; + } + vec++; diff --git a/patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch b/patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch new file mode 100644 index 0000000..192b525 --- /dev/null +++ b/patches/0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch @@ -0,0 +1,41 @@ +From: Simon Ruderich +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Honor CFLAGS/CPPFLAGS passed to configure + +The CFLAGS from dpkg-buildflags are missing because they are +overwritten in Makefile.am. + +The attached patch removes an incorrect build rule and passes the +custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are +still passed correctly. + +Signed-off-by: Russ Allbery +--- + Makefile.am | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index c5b1a8d..57a4305 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,8 +1,7 @@ + ## Process this file with automake to produce Makefile.in + AUTOMAKE_OPTIONS = nostdinc +-ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +-ourflags = @defcflags@ @static@ +-AM_CFLAGS = $(ourflags) ++AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" ++AM_CFLAGS = @defcflags@ @static@ + bin_PROGRAMS = rssh + libexec_PROGRAMS = rssh_chroot_helper + nodist_rssh_SOURCES = main.c pathnames.h config.h +@@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 + EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh + base=`echo @PACKAGE_STRING@|tr " " "-"` + +-.c.o: +- $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< +- + install-exec-hook: + chmod u+s $(libexecdir)/rssh_chroot_helper + diff --git a/patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch b/patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch new file mode 100644 index 0000000..af58a0a --- /dev/null +++ b/patches/0003-Fix-buffer-allocation-buffer-for-fail-message.patch @@ -0,0 +1,26 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Fix buffer allocation buffer for fail message + +The failure log message when the user isn't permitted to run the +command they're attempting includes a summary of the commands the +user is allowed to run. The allocation for that string was not +reserving space for the nul byte at the end of the string, causing +a one-byte overwrite past the end of the string. +--- + util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util.c b/util.c +index 3affc0a..ef1a5d8 100644 +--- a/util.c ++++ b/util.c +@@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) + /* create msg indicating what is allowed */ + if ( !size ) cmd = "This user is locked out."; + else { +- size += 18; ++ size += 18 + 1; + if ( !(cmd = (char *)malloc(size)) ){ + log_msg("fatal error: out of mem allocating log msg"); + exit(1); diff --git a/patches/0004-Lower-syslog-priority-to-debug.patch b/patches/0004-Lower-syslog-priority-to-debug.patch new file mode 100644 index 0000000..3100d41 --- /dev/null +++ b/patches/0004-Lower-syslog-priority-to-debug.patch @@ -0,0 +1,104 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Lower syslog priority to debug + +Lower priority of all of the routine syslog messages from info to debug +to cut down on log noise. +--- + rsshconf.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/rsshconf.c b/rsshconf.c +index 4b22766..564f747 100644 +--- a/rsshconf.c ++++ b/rsshconf.c +@@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing scp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SCP; +@@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing sftp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SFTP; +@@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing cvs to all users"); + } + opts->shell_flags |= RSSH_ALLOW_CVS; +@@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, + lineno); + return FALSE; + } +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + if (log){ + log_msg("allowing rdist to all users"); + opts->shell_flags |= RSSH_ALLOW_RDIST; +@@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing rsync to all users"); + } + opts->shell_flags |= RSSH_ALLOW_RSYNC; +@@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, + /* get rid of any old value for chroot path, assign new one */ + if ( opts->chroot_path ) free(opts->chroot_path); + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("chrooting all users to %s", temp); + } + /* we must not free temp, since opts points to it */ +@@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, + return FALSE; + } + if ( facname ){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + if (log) log_msg("setting log facility to %s", facname); + log_set_facility(fac); + return TRUE; +@@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("setting umask to %#o", mask); + } + opts->rssh_umask = mask; +@@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, + */ + if ( (strcmp(user, username)) ) return TRUE; + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("line %d: configuring user %s", lineno, user); + } + if ( !(len = eat_colon(temp + pos)) ){ +@@ -969,7 +969,7 @@ cleanup: + tmpmask = 077; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("setting %s's umask to %#o", user, tmpmask); + } + opts->rssh_umask = tmpmask; diff --git a/patches/0005-Fix-spelling-errors-in-manual-pages.patch b/patches/0005-Fix-spelling-errors-in-manual-pages.patch new file mode 100644 index 0000000..d28c7bf --- /dev/null +++ b/patches/0005-Fix-spelling-errors-in-manual-pages.patch @@ -0,0 +1,30 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:55 -0800 +Subject: Fix spelling errors in manual pages + +--- + rssh.1 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rssh.1 b/rssh.1 +index caa2636..a682f70 100644 +--- a/rssh.1 ++++ b/rssh.1 +@@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see + http://www.openssh.com), but may work with other implementations. + .P + The system administrator should install the shell on the restricted system. +-Then the password file entry of any user for whom it is desireable to provide ++Then the password file entry of any user for whom it is desirable to provide + restricted access should be edited, such that their shell is \fBrssh\fP. For + example: + .P +@@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you + are trying to provide. This prevents them from running standard system + commands. + .P +-Then, make sure the user's files inside the jail are on a seperate filesystem ++Then, make sure the user's files inside the jail are on a separate filesystem + from your system's executables. If possible in your environment, make sure + you mount this filesystem using the + .IR noexec " and " nosuid diff --git a/patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch b/patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch new file mode 100644 index 0000000..cf4e6ac --- /dev/null +++ b/patches/0006-Fixes-and-improvements-to-mkchroot.sh.patch @@ -0,0 +1,187 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:56 -0800 +Subject: Fixes and improvements to mkchroot.sh + +Debian wants libnss_compat* in addition to libnss_files* for UID +lookups to work properly, and doesn't have a libnss1_files*. With +multiarch, these libraries have also been moved into a subdirectory of +/lib. + +Create the /dev/null device in the chroot, needed by sftp-server. +Create the /dev/log device in the chroot, for one less step. + +Update the code to copy over libraries to be able to parse the new +output from ldd. + +Update file paths for Debian. + +Add better error handling. + +Warn that /etc/passwd is being copied into the chroot jail and that +the user may wish to edit out some users and remove any sensitive +information. (Debian Bug#366655) + +Thanks to proctor mcduff and Jeremy Jongepier for their contributions. +--- + mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 81 insertions(+), 24 deletions(-) + +diff --git a/mkchroot.sh b/mkchroot.sh +index 9e17d5d..8bc1ecc 100755 +--- a/mkchroot.sh ++++ b/mkchroot.sh +@@ -1,13 +1,13 @@ +-#!/bin/sh ++#!/bin/bash + + ##################################################################### + ##################################################################### + ## + ## mkchroot.sh - set up a chroot jail. + ## +-## This script is written to work for Red Hat 8/9 systems, but may work on +-## other systems. Or, it may not... In fact, it may not work at all. Use at +-## your own risk. :) ++## This script is written to work for Red Hat 8/9 systems and adapted to work ++## on Debian systems, but may work on other systems. Or, it may not... In ++## fact, it may not work at all. Use at your own risk. :) + ## + + fail() { +@@ -96,9 +96,9 @@ fi + # copy SSH files + + scp_path="/usr/bin/scp" +-sftp_server_path="/usr/libexec/openssh/sftp-server" ++sftp_server_path="/usr/lib/openssh/sftp-server" + rssh_path="/usr/bin/rssh" +-chroot_helper_path="/usr/libexec/rssh_chroot_helper" ++chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" + + for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do + +@@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ + # + # identify and copy libraries needed in the jail + # ++# Sample ldd output: ++# ++# linux-gate.so.1 => (0xffffe000) ++# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) ++# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) ++# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) ++# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) ++# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) ++# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) ++# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) ++# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) ++# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) ++# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) ++# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) ++# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) ++# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) ++# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) ++# /lib/ld-linux.so.2 (0xb7f13000) ++# ++# either the first or the third column may contain a path ++# + +-for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do ++for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ ++ /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ ++ /lib/*/libnss_files*; do ++ if [ ! -f "$prog" ] ; then ++ continue ++ fi + echo "Copying libraries for $prog." +- libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` ++ libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` + for lib in $libs; do +- mkdir -p "$jail_dir$(dirname $lib)" ++ mkdir -p "$jail_dir$(dirname $lib)" || \ ++ fail "Error creating $(dirname $lib). Exiting" 6 + echo -e "\t$lib" +- cp "$lib" "$jail_dir$lib" ++ cp "$lib" "$jail_dir$lib" || \ ++ fail "Error copying $lib. Exiting" 6 + done + done + ++# On Debian with multiarch, the libnss files are in /lib/, where ++# is the relevant architecture triplet. Just copy everything ++# that's installed, since we're not sure which ones we'll need. + echo "copying name service resolution libraries..." +-tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' ++if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then ++ tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ ++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' ++else ++ tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ ++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' ++fi + + ##################################################################### + # +@@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se + # + + echo "Setting up /etc in the chroot jail" +-mkdir -p "$jail_dir/etc" +-cp /etc/nsswitch.conf "$jail_dir/etc/" +-cp /etc/passwd "$jail_dir/etc/" +-cp /etc/ld.* "$jail_dir/etc/" +- +-echo -e "Chroot jail configuration completed." +-echo -e "\nNOTE: if you are not using the passwd file for authentication," +-echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" +- ++mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 ++cp /etc/nsswitch.conf "$jail_dir/etc/" || \ ++ fail "Error copying /etc/nsswitch.conf. Exiting" 7 ++cp /etc/passwd "$jail_dir/etc/" || \ ++ fail "Error copying /etc/passwd. Exiting" 7 ++cp -r /etc/ld.* "$jail_dir/etc/" || \ ++ fail "Error copying /etc/ld.*. Exiting" 7 ++echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" ++echo -e "to edit out unnecessary users and remove any sensitive information" ++echo -e "from it." + + ##################################################################### + # +-# set up /dev/log ++# set up /dev + # + + mkdir -p "$jail_dir/dev" ++if [ `whoami` = "root" ]; then ++ cp -a /dev/log "$jail_dir/dev" || \ ++ fail "Error creating /dev/log. Exiting" 8 ++ cp -a /dev/null "$jail_dir/dev" || \ ++ fail "Error creating /dev/null. Exiting" 8 ++ cp -a /dev/zero "$jail_dir/dev" || \ ++ fail "Error creating /dev/zero. Exiting" 8 ++else ++ echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" ++ echo -e "You are not root.\n" ++fi ++ ++echo -e "Chroot jail configuration completed.\n" ++ ++echo -e "NOTE: if you are not using the passwd file for authentication," ++echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" ++ ++echo -e "NOTE: if you are using any programs other than scp and sftp, you will" ++echo -e "need to copy the server binaries and any libraries they depend on" ++echo -e "into the chroot manually. Use ldd on the binary to find the needed" ++echo -e "libraries.\n" + + echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" + echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," + echo -e "you will need to start syslog as:\n" +-echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" ++echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" + + echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" + echo -e "if it\ndoesn't, you're on your own. Sorry!\n" +- +- diff --git a/patches/0007-Handle-rsync-v3-e-protocol-option.patch b/patches/0007-Handle-rsync-v3-e-protocol-option.patch new file mode 100644 index 0000000..f3a823d --- /dev/null +++ b/patches/0007-Handle-rsync-v3-e-protocol-option.patch @@ -0,0 +1,126 @@ +From: Russ Allbery +Date: Sat, 7 Dec 2013 18:32:56 -0800 +Subject: Handle rsync v3 -e protocol option + +As of rsync 3, rsync reused the -e option to pass protocol information +from the client to the server. We therefore cannot reject all -e +options to rsync, only ones not sent with --server or containing +something other than protocol information as an argument. + +Also scan the rsync command line for any --rsh option and reject it as +well. This replaces and improves the upstream strategy for rejecting +that command-line option, taking advantage of the parsing added to +check the -e option. + +Based on work by Robert Hardy. + +Debian Bug#471803 +--- + util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 72 insertions(+), 8 deletions(-) + +diff --git a/util.c b/util.c +index ef1a5d8..b70899f 100644 +--- a/util.c ++++ b/util.c +@@ -56,6 +56,7 @@ + #ifdef HAVE_LIBGEN_H + #include + #endif /* HAVE_LIBGEN_H */ ++#include + + /* LOCAL INCLUDES */ + #include "pathnames.h" +@@ -198,6 +199,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) + + + /* ++ * rsync_e_okay() - take the command line passed to rssh and look for an -e ++ * option. If one is found, make sure --server is provided ++ * and the option contains only the protocol information. ++ * Also check for and reject any --rsh option. Returns FALSE ++ * if the command line should not be allowed, TRUE if it is ++ * okay. ++ */ ++static int rsync_e_okay( char **vec ) ++{ ++ regex_t re; ++ int server = FALSE; ++ int e_found = FALSE; ++ ++ /* ++ * rsync will send -e, followed by either just "." (meaning no special ++ * protocol) or "N.N" (meaning a pre-release protocol version), ++ * followed by some number of alphabetic flags indicating various ++ * supported options. There may be other options between - and the e, ++ * but -e will always be the last option in the string. A typical ++ * option passed by the client is "-ltpre.iL". ++ * ++ * Note that if --server is given, this should never be parsed as a ++ * shell, but we'll tightly verify it anyway, just in case. ++ * ++ * This regex matches the acceptable flags containing -e, so if it ++ * does not match, the command line should be rejected. ++ */ ++ static const char pattern[] ++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; ++ ++ /* ++ * Only recognize --server if it's the first option. rsync itself ++ * always passes it that way, and if it's not the first argument, it ++ * could be hidden from the server as an argument to some other ++ * option. ++ */ ++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ ++ server = TRUE; ++ } ++ ++ /* Check the remaining options for -e or --rsh. */ ++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ ++ return FALSE; ++ } ++ while (vec && *vec){ ++ if ( strcmp(*vec, "--") == 0 ) break; ++ if ( strcmp(*vec, "--rsh") == 0 ++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ ++ e_found = TRUE; ++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ } ++ vec++; ++ } ++ regfree(&re); ++ if ( e_found && !server ) return FALSE; ++ return TRUE; ++} ++ ++ ++/* + * check_command_line() - take the command line passed to rssh, and verify + * that the specified command is one the user is + * allowed to run and validate the arguments. Return the +@@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) + + if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ +- if ( opt_filter(cl, 'e') ) return NULL; +- while (cl && *cl){ +- if ( strstr(*cl, "--rsh" ) ){ +- fprintf(stderr, "\ninsecure --rsh= not allowed."); +- log_msg("insecure --rsh option in rsync command line!"); +- return NULL; +- } +- cl++; ++ if ( !rsync_e_okay(cl) ){ ++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); ++ log_msg("insecure -e or --rsh option in rsync command line!"); ++ return NULL; + } + return PATH_RSYNC; + } diff --git a/patches/0008-Add-support-for-Subversion-svnserve.patch b/patches/0008-Add-support-for-Subversion-svnserve.patch new file mode 100644 index 0000000..a34d31f --- /dev/null +++ b/patches/0008-Add-support-for-Subversion-svnserve.patch @@ -0,0 +1,625 @@ +From: Davide Scola +Date: Sat, 7 Dec 2013 18:32:56 -0800 +Subject: Add support for Subversion (svnserve) + +Adds support for svn access via svnserve. This adds an additional +field to the bitmask in /etc/rssh.conf that's used to control Subversion +access. Users authorized to run svnserve may run only svnserve -t +exactly. + +Debian Bug#284756 + +Signed-off-by: Russ Allbery +--- + conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + conf_convert.sh | 45 --------------------------------------------- + configure.ac | 22 ++++++++++++++++++++-- + main.c.in | 5 ++++- + pathnames.h.in | 1 + + rssh.conf.5 | 17 +++++++++++------ + rssh.conf.5.in | 17 +++++++++++------ + rssh.conf.default | 28 +++++++++++++++------------- + rssh.h | 13 +++++++------ + rssh_chroot_helper.c | 3 +++ + rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- + util.c | 35 ++++++++++++++++++++++++++--------- + util.h | 3 ++- + 13 files changed, 194 insertions(+), 93 deletions(-) + create mode 100755 conf_convert + delete mode 100755 conf_convert.sh + +diff --git a/conf_convert b/conf_convert +new file mode 100755 +index 0000000..a47ecba +--- /dev/null ++++ b/conf_convert +@@ -0,0 +1,48 @@ ++#!/usr/bin/awk -f ++# ++# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format ++# to rssh 2.3.2 format config files adding svnserve ++# support ++# ++# Copyright (C) 2009 Davide Scola ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2, or (at your option) ++# any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. ++# ++BEGIN { ++ FS = OFS = ":"; ++} ++ ++{ ++ if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { ++ gsub(/^([01]+)/, replaceString( RLENGTH ), $3); ++ } ++ ++ print ++} ++ ++function replaceString(nitems) { ++ str = "&"; ++ ++ if(nitems == 2) { # config < v2.2 ++ str = "000&0"; ++ } ++ ++ else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) ++ str = "&0"; ++ } ++ ++ return str; ++} ++ +diff --git a/conf_convert.sh b/conf_convert.sh +deleted file mode 100755 +index fb0c999..0000000 +--- a/conf_convert.sh ++++ /dev/null +@@ -1,45 +0,0 @@ +-#!/bin/sh +- +-# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh +-# version 2.2 format config files. +- +-if [ -z "$TMPDIR" ]; then +- TMPDIR=/tmp +-fi +- +-tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` +-if [ ! -d "$tempdir" ]; then +- echo "$0: unable to make temporary directory" +- exit 1 +-fi +- +-if [ "$#" != "0" ]; then +- +- while [ -n "$1" ]; do +- +- if [ ! -f "$1" ]; then +- echo "$0: $1 does not exist. Skipping." >&2 +- continue +- fi +- +- sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" +- +- mv "$tempdir/tempconf" "$1.NEW" +- shift +- done +- +-else +- if [ ! -f /etc/rssh.conf ]; then +- echo "/etc/rssh.conf does not exist, and no parameters given." >&2 +- exit 2 +- fi +- +- sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" +- +- mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" +- +-fi +- +-rm -rf "$tempdir" +- +-exit 0 +diff --git a/configure.ac b/configure.ac +index ab145b4..caeae7d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then + fi + + +-# CVS, rdist, and rsync might not be installed. But we don't want to force +-# the user to configure bogus paths, so default to /usr/bin/* ++# CVS, rdist, rsync and svnserve might not be installed. But we don't want ++# to force the user to configure bogus paths, so default to /usr/bin/* + + # Check for cvs binary + +@@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then + fi + + ++# Check for svnserve binary ++ ++AC_ARG_WITH(svnserve, ++[ --with-svnserve specify path to svnserve binary], ++[svnserve_path="$withval"], [svnserve_path=""]) ++ ++AC_PATH_PROG(svnserve_path, svnserve, [], []) ++if test -z "$svnserve_path"; then ++ AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) ++ svnserve_path=/usr/bin/svnserve ++fi ++ ++if ! test -x "$svnserve_path"; then ++ AC_MSG_WARN([specified svnserve binary does not exist]) ++fi ++ ++ + # disable static configuration + + AC_ARG_ENABLE(static, +@@ -200,6 +217,7 @@ AC_SUBST(sftp_path) + AC_SUBST(cvs_path) + AC_SUBST(rdist_path) + AC_SUBST(rsync_path) ++AC_SUBST(svnserve_path) + AC_SUBST(prefix) + AC_SUBST(sysconfdir) + AC_SUBST(libexecdir) +diff --git a/main.c.in b/main.c.in +index 7d1695c..b3228e5 100644 +--- a/main.c.in ++++ b/main.c.in +@@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, + argvec[1] = "4"; + else if ( !(strcmp(*cmd, PATH_RSYNC)) ) + argvec[1] = "5"; ++ else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) ++ argvec[1] = "6"; + else { + log_set_priority(LOG_ERR); + log_msg("fatal error identifying the correct command " +@@ -267,7 +269,8 @@ void vers_info( void ) + printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); + printf("%20s = %s\n", "cvs binary path", PATH_CVS); + printf("%20s = %s\n", "rdist binary path", PATH_RDIST); +- printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); ++ printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); ++ printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); + } + + +diff --git a/pathnames.h.in b/pathnames.h.in +index 17e2fb7..043d7ae 100644 +--- a/pathnames.h.in ++++ b/pathnames.h.in +@@ -36,6 +36,7 @@ + #define PATH_CVS "@cvs_path@" + #define PATH_RDIST "@rdist_path@" + #define PATH_RSYNC "@rsync_path@" ++#define PATH_SVNSERVE "@svnserve_path@" + + /* these generally are overridden by the makefile */ + #ifndef PATH_RSSH_CONFIG +diff --git a/rssh.conf.5 b/rssh.conf.5 +index 5556468..227ef88 100644 +--- a/rssh.conf.5 ++++ b/rssh.conf.5 +@@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. + Tells the shell that rsync is allowed. + .RE + .P ++.B allowsvnserve ++.RS ++Tells the shell that svnserve is allowed. ++.RE ++.P + .B umask + .RS + Sets the umask value for file creations in the scp/sftp session. This is +@@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell + .RE + .B access bits + .RS +-Five binary digits, which indicate whether the user is allowed to use rsync, +-rdist, cvs, sftp, and scp, in that order. One means the command is allowed, +-zero means it is not. ++Six binary digits, which indicate whether the user is allowed to use rsync, ++rdist, cvs, sftp, scp and svnserve, in that order. One means the command is ++allowed, zero means it is not. + .RE + .B path + .RS +@@ -135,7 +140,7 @@ details. + .P + For example, you might have something like this: + .P +-user = luser:022:00001: ++user = luser:022:000010: + .P + This does the following: for the user with the username "luser", set the umask + to 022, disallow sftp, and allow scp. Because there is no chroot path +@@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the + chrootpath keyword. Remember that if there are spaces in the path, you need + to quote it, something like this: + .P +-user = "luser:022:00001:/usr/local/chroot dir" ++user = "luser:022:000010:/usr/local/chroot dir" + .P + See the default rssh.conf file for more examples. + .RE + + .SH SEE ALSO + \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), +-\fIsyslogd.conf\fP(5), \fIchroot\fP(2). ++\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). + + +diff --git a/rssh.conf.5.in b/rssh.conf.5.in +index 913ce9d..5e16acb 100644 +--- a/rssh.conf.5.in ++++ b/rssh.conf.5.in +@@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. + Tells the shell that rsync is allowed. + .RE + .P ++.B allowsvnserve ++.RS ++Tells the shell that svnserve is allowed. ++.RE ++.P + .B umask + .RS + Sets the umask value for file creations in the scp/sftp session. This is +@@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell + .RE + .B access bits + .RS +-Five binary digits, which indicate whether the user is allowed to use rsync, +-rdist, cvs, sftp, and scp, in that order. One means the command is allowed, +-zero means it is not. ++Six binary digits, which indicate whether the user is allowed to use rsync, ++rdist, cvs, sftp, scp and svnserve, in that order. One means the command is ++allowed, zero means it is not. + .RE + .B path + .RS +@@ -135,7 +140,7 @@ details. + .P + For example, you might have something like this: + .P +-user = luser:022:00001: ++user = luser:022:000010: + .P + This does the following: for the user with the username "luser", set the umask + to 022, disallow sftp, and allow scp. Because there is no chroot path +@@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the + chrootpath keyword. Remember that if there are spaces in the path, you need + to quote it, something like this: + .P +-user = "luser:022:00001:/usr/local/chroot dir" ++user = "luser:022:000010:/usr/local/chroot dir" + .P + See the default rssh.conf file for more examples. + .RE + + .SH SEE ALSO + \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), +-\fIsyslogd.conf\fP(5), \fIchroot\fP(2). ++\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). + + +diff --git a/rssh.conf.default b/rssh.conf.default +index c847565..88833c1 100644 +--- a/rssh.conf.default ++++ b/rssh.conf.default +@@ -11,6 +11,7 @@ logfacility = LOG_USER + #allowcvs + #allowrdist + #allowrsync ++#allowsvnserve + + # set the default umask + umask = 022 +@@ -28,24 +29,25 @@ umask = 022 + ########################################## + # EXAMPLES of configuring per-user options + +-#user=rudy:077:00010: # the path can simply be left out to not chroot +-#user=rudy:077:00010 # the ending colon is optional ++#user=rudy:077:000100: # the path can simply be left out to not chroot ++#user=rudy:077:000100 # the ending colon is optional + +-#user=rudy:011:00100: # cvs, with no chroot +-#user=rudy:011:01000: # rdist, with no chroot +-#user=rudy:011:10000: # rsync, with no chroot +-#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted +-#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! +-#user=rudy:'011:00001:/usr/local/chroot' # single quotes too ++#user=rudy:011:001000: # cvs, with no chroot ++#user=rudy:011:010000: # rdist, with no chroot ++#user=rudy:011:100000: # rsync, with no chroot ++#user=rudy:011:000001: # svnserve, with no chroot ++#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted ++#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! ++#user=rudy:'011:000010:/usr/local/chroot' # single quotes too + + # if your chroot_path contains spaces, it must be quoted... + # In the following examples, the chroot_path is "/usr/local/my chroot" +-#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot +-#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot +-#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot ++#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot ++#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot ++#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot + + # Spaces before or after the '=' are fine, but spaces in chrootpath need + # quotes. +-#user = "rudy:011:00001:/usr/local/my chroot" +-#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end ++#user = "rudy:011:000010:/usr/local/my chroot" ++#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end + +diff --git a/rssh.h b/rssh.h +index d15f645..111f9a0 100644 +--- a/rssh.h ++++ b/rssh.h +@@ -41,11 +41,12 @@ + + typedef char bool; + +-#define RSSH_ALLOW_SCP (1 << 0) +-#define RSSH_ALLOW_SFTP (1 << 1) +-#define RSSH_ALLOW_CVS (1 << 2) +-#define RSSH_ALLOW_RDIST (1 << 3) +-#define RSSH_ALLOW_RSYNC (1 << 4) +-#define RSSH_USE_CHROOT (1 << 5) ++#define RSSH_ALLOW_SCP (1 << 0) ++#define RSSH_ALLOW_SFTP (1 << 1) ++#define RSSH_ALLOW_CVS (1 << 2) ++#define RSSH_ALLOW_RDIST (1 << 3) ++#define RSSH_ALLOW_RSYNC (1 << 4) ++#define RSSH_ALLOW_SVNSERVE (1 << 5) ++#define RSSH_USE_CHROOT (1 << 6) + + #endif /* _rssh_h */ +diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c +index 7780c11..8a35cdc 100644 +--- a/rssh_chroot_helper.c ++++ b/rssh_chroot_helper.c +@@ -254,6 +254,9 @@ int main( int argc, char **argv ) + case 5: + cmd_path = PATH_RSYNC; + break; ++ case 6: ++ cmd_path = PATH_SVNSERVE; ++ break; + default: + log_msg("invalid command specified"); + exit(2); +diff --git a/rsshconf.c b/rsshconf.c +index 564f747..459b26b 100644 +--- a/rsshconf.c ++++ b/rsshconf.c +@@ -71,6 +71,7 @@ const char *keywords[] = { + "allowcvs", + "allowrdist", + "allowrsync", ++ "allowsvnserve", + "chrootpath", + "logfacility", + "umask", +@@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, + int process_allow_rsync( ShellOptions_t *opts, const char *line, + const int lineno ); + ++int process_allow_svnserve( ShellOptions_t *opts, const char *line, ++ const int lineno ); ++ + int get_token( const char *str, char *buf, const int buflen, + const bool colon, const bool ign_spc ); + +@@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, + return FALSE; + return TRUE; + case 6: ++ /* allow svnserve */ ++ if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) ++ return FALSE; ++ return TRUE; ++ case 7: + /* default chroot path */ + if ( !(process_chroot_path(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; +- case 7: ++ case 8: + /* syslog log facility */ + if ( !(process_log_facility(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; +- case 8: ++ case 9: + /* set the user's umask */ + if ( !(process_umask(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; +- case 9: ++ case 10: + /* user */ + if ( !(process_user(opts, line + pos, lineno) ) ) + return FALSE; +@@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, + } + + ++/* ++ * process_allow_svnserve() - make sure there are no tokens after the keyword, ++ * other than a possible comment. If there are ++ * additional tokens other than comments, there is a ++ * syntax error, and FALSE is returned. Otherwise, ++ * the line is ok, so opts are set to allow ++ * svnserve, and TRUE is returned. ++ */ ++int process_allow_svnserve( ShellOptions_t *opts, ++ const char *line, ++ const int lineno ) ++{ ++ int pos; ++ ++ if ( !(pos = eat_comment(line)) ){ ++ if (log) log_msg("line %d: syntax error parsing config file", ++ lineno); ++ return FALSE; ++ } ++ if (log){ ++ log_set_priority(LOG_DEBUG); ++ log_msg("allowing svnserve to all users"); ++ } ++ opts->shell_flags |= RSSH_ALLOW_SVNSERVE; ++ return TRUE; ++} ++ ++ + int process_chroot_path( ShellOptions_t *opts, + const char *line, + const int lineno ) +@@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, + bool allow_cvs; + bool allow_rdist; + bool allow_rsync; ++ bool allow_svnserve; + + /* make space for user options */ + if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ +@@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, + return FALSE; + } + if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, +- &allow_rdist, &allow_rsync) ){ ++ &allow_rdist, &allow_rsync, &allow_svnserve) ){ + if (log){ + log_set_priority(LOG_ERR); + log_msg("syntax error parsing access bits, line %d", lineno); +@@ -999,6 +1037,10 @@ cleanup: + if (log) log_msg("allowing rsync to user %s", user); + opts->shell_flags |= RSSH_ALLOW_RSYNC; + } ++ if ( allow_svnserve ){ ++ if (log) log_msg("allowing svnserve to user %s", user); ++ opts->shell_flags |= RSSH_ALLOW_SVNSERVE; ++ } + if ( path ){ + if (log) log_msg("chrooting %s to %s", user, path); + opts->shell_flags |= RSSH_USE_CHROOT; +diff --git a/util.c b/util.c +index b70899f..56f67ad 100644 +--- a/util.c ++++ b/util.c +@@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) + if ( flags & RSSH_ALLOW_SFTP ) size += 5; + if ( flags & RSSH_ALLOW_CVS ) size += 4; + if ( flags & RSSH_ALLOW_RDIST ) size += 6; +- if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ ++ if ( flags & RSSH_ALLOW_RSYNC ) size += 6; ++ if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ + + /* create msg indicating what is allowed */ + if ( !size ) cmd = "This user is locked out."; +@@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) + if ( flags & RSSH_ALLOW_RDIST ) + strncat(cmd, "rdist ", size); + if ( flags & RSSH_ALLOW_RSYNC ) +- strncat(cmd, "rsync", size); ++ strncat(cmd, "rsync ", size); ++ if ( flags & RSSH_ALLOW_SVNSERVE ) ++ strncat(cmd, "svnserve", size); + } + + /* print error message to user and log attempt */ +@@ -305,6 +308,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) + } + return PATH_RSYNC; + } ++ if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ ++ /* check command line */ ++ if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ ++ fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); ++ log_msg("unallowed option(s) in svnserver command line!"); ++ return NULL; ++ } ++ ++ return PATH_SVNSERVE; ++ } + /* No match, return NULL */ + return NULL; + } +@@ -329,6 +342,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) + return PATH_RDIST; + if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) + return PATH_RSYNC; ++ if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) ++ return PATH_SVNSERVE; + return NULL; + } + +@@ -394,22 +409,24 @@ int validate_umask( const char *temp, int *mask ) + * same name, and returns FALSE if the bits are not valid + */ + int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, +- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) ++ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, ++ bool *allow_svnserve ) + { + int i; + +-#define NUM_ACCESS_BITS 5 ++#define NUM_ACCESS_BITS 6 + + if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; + /* make sure the bits are valid */ + for ( i = 0; i < NUM_ACCESS_BITS; i++ ) + if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; + /* This is easier to read if we allign the = */ +- *allow_rsync = temp[0] - '0'; +- *allow_rdist = temp[1] - '0'; +- *allow_cvs = temp[2] - '0'; +- *allow_sftp = temp[3] - '0'; +- *allow_scp = temp[4] - '0'; ++ *allow_rsync = temp[0] - '0'; ++ *allow_rdist = temp[1] - '0'; ++ *allow_cvs = temp[2] - '0'; ++ *allow_sftp = temp[3] - '0'; ++ *allow_scp = temp[4] - '0'; ++ *allow_svnserve = temp[5] - '0'; + return TRUE; + } + +diff --git a/util.h b/util.h +index 8b81201..a67eb32 100644 +--- a/util.h ++++ b/util.h +@@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); + char *extract_root( char *root, char *path ); + int validate_umask( const char *temp, int *mask ); + int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, +- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); ++ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, ++ bool *allow_svnserve ); + bool opt_exist( char *cl, char opt ); + char *get_username( void ); + diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..06ad5a9 --- /dev/null +++ b/patches/series @@ -0,0 +1,8 @@ +0001-Fix-invalid-option-error.patch +0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch +0003-Fix-buffer-allocation-buffer-for-fail-message.patch +0004-Lower-syslog-priority-to-debug.patch +0005-Fix-spelling-errors-in-manual-pages.patch +0006-Fixes-and-improvements-to-mkchroot.sh.patch +0007-Handle-rsync-v3-e-protocol-option.patch +0008-Add-support-for-Subversion-svnserve.patch diff --git a/po/POTFILES.in b/po/POTFILES.in new file mode 100644 index 0000000..cef83a3 --- /dev/null +++ b/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/po/cs.po b/po/cs.po new file mode 100644 index 0000000..6cbfcc0 --- /dev/null +++ b/po/cs.po @@ -0,0 +1,49 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Martin Sin , 2009. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-9.\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2009-06-17 07:50+0200\n" +"Last-Translator: Martin Sin \n" +"Language-Team: Czech \n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "PÅ™ejete si nainstalovat rssh_chroot_helper s setuid uživatele root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Pokud chcete používat vÄ›zení chroot i pro ostatní uživatele rssh, je potÅ™eba " +"nainstalovat program /usr/lib/rssh/rssh_chroot_helper s nastaveným setuid " +"uživatele root. Nebudete-li používat vÄ›zení chroot, je bezpeÄnÄ›jší toto " +"nastavení neprovádÄ›t." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Jste-li na pochybách, nainstalujte to bez setuid uživatele root. Jakmile " +"budete chtít pozdÄ›ji používat vÄ›zení chroot, zmÄ›níte toto nastavení " +"jednoduÅ¡e spuÅ¡tÄ›ním dpkg-reconfigure rssh." diff --git a/po/da.po b/po/da.po new file mode 100644 index 0000000..adcf024 --- /dev/null +++ b/po/da.po @@ -0,0 +1,50 @@ +# Danish translation rssh. +# Copyright (C) 2012 rssh & nedenstÃ¥ende oversættere. +# This file is distributed under the same license as the rssh package. +# Joe Hansen (joedalton2@yahoo.dk), 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2012-02-11 12:42+0000\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish \n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Ønsker du at rssh_chroot_helper skal installeres som setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Hvis du planlægger at bruge chrootfængsler, for brugerne der bruger rssh, sÃ¥ " +"skal programmet /usr/lib/rssh/rssh_chroot_helper installeres setuid root, sÃ¥ " +"at programmet kan chroote ind i fængslet nÃ¥r brugeren forbinder. Hvis du " +"ikke bruger chrootfængsler, sÃ¥ er det bedre ikke at installere setuid root-" +"programmer, du ikke skal bruge." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Hvis i tvivl, sÃ¥ installer uden setuid root. Hvis du senere beslutter at " +"bruge chrootfængsler, sÃ¥ kan du ændre denne konfiguration ved at køre dpkg-" +"reconfigure rssh." diff --git a/po/de.po b/po/de.po new file mode 100644 index 0000000..e6ac127 --- /dev/null +++ b/po/de.po @@ -0,0 +1,51 @@ +# Translation of rssh debconf templates to German +# Copyright (C) Jens Nachtigall , 2004. +# Copyright (C) Helge Kreutzmann , 2007. +# This file is distributed under the same license as the rssh package. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 19:01+0200\n" +"Last-Translator: Helge Kreutzmann \n" +"Language-Team: German \n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Möchten Sie, dass rssh_chroot_helper setuid root installiert wird?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Falls Sie für Benutzer, die rssh verwenden, eine Chroot-Umgebung planen, " +"muss das Programm /usr/lib/rssh/rssh_chroot_helper setuid root installiert " +"werden, so dass es bei der Verbindungsaufnahme eines Benutzers ein chroot in " +"das Gefängnis (jail) vornehmen kann. Falls Sie keine Chroot-Gefängnisse " +"verwenden, ist es besser, keine setuid root-Programme zu installieren, die " +"Sie nicht benötigen." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Falls Sie sich unsicher sind, installieren Sie es nicht setuid root. Falls " +"Sie sich später dazu entschließen, Chroot-Gefängnisse zu verwenden, können " +"Sie diese Entscheidung ändern, indem Sie »dpkg-reconfigure rssh« ausführen." diff --git a/po/es.po b/po/es.po new file mode 100644 index 0000000..f1d5de2 --- /dev/null +++ b/po/es.po @@ -0,0 +1,75 @@ +# rssh po-debconf translation to Spanish +# Copyright (C) 2007, 2008 Software in the Public Interest, SPI Inc. +# This file is distributed under the same license as the rssh package. +# +# Changes: +# - Initial translation +# Steve Lord Flaubert , 2007 +# +# - Updates +# Francisco Javier Cuadrado , 2008 +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor, lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-8\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2008-12-11 19:57+0100\n" +"Last-Translator: Francisco Javier Cuadrado \n" +"Language-Team: Debian Spanish \n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "¿Desea que rssh_chroot_helper se instale con el bit SUID de root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Si planea usar jaulas de chroot para los usuarios que usen rssh, el programa " +"«/usr/bin/rssh_chroot_helper» tiene que instalarse con el bit SUID de root " +"habilitado de modo que pueda cambiar a la jaula de chroot cuando el usuario " +"se conecte. Si no está usando jaulas de chroot, es mejor no instalar los " +"programas que no necesite con el SUID de root habilitado." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"En caso de duda, se sugiere que instale sin el SUID de root habilitado. Si " +"más tarde decide usar jaulas de chroot, puede cambiar esta configuración " +"ejecutando: «dpkg-reconfigure rssh»." diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 0000000..ea46bf9 --- /dev/null +++ b/po/fr.po @@ -0,0 +1,58 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh_2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-22 17:48+0200\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: French \n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "" +"Faut-il exécuter rssh_chroot_helper avec les privilèges du superutilisateur ?" + +#   +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Si vous avez l'intention d'utiliser la fonctionnalité d'environnement fermé " +"d'exécution (« chroot ») pour l'utilisation de rssh, le programme /usr/lib/" +"rssh/rssh_chroot_helper doit s'exécuter avec les privilèges du " +"superutilisateur (« setuid root »). Si vous n'utilisez pas d'environnement " +"fermé d'exécution, cette option est inutile." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Dans le doute, ne choisissez pas cette option. Si elle devenait nécessaire " +"plus tard, vous pourrez changer ce choix avec la commande « dpkg-reconfigure " +"rssh »." diff --git a/po/gl.po b/po/gl.po new file mode 100644 index 0000000..8340f66 --- /dev/null +++ b/po/gl.po @@ -0,0 +1,49 @@ +# Galician translation of rssh's debconf templates +# This file is distributed under the same license as the rssh package. +# Jacobo Tarrio , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2008-05-27 21:33+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "¿Quere instalar rssh_chroot_helper con \"setuid\" root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Se planea empregar gaiolas chroot para os usuarios que executan rssh, o " +"programa /usr/lib/rssh/rssh_chroot_helper ten que estar instalado con " +"\"setuid\" root para que poida facer \"chroot\" para dentro da gaiola ao se " +"conectar o usuario. Se non emprega gaiolas chroot, é mellor non instalar " +"programas con \"setuid\" root dos que non precisa." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Se non está seguro, instáleo sen \"setuid\" root. Se máis adiante decide " +"empregar gaiolas chroot, pode cambiar esta configuración executando \"dpkg-" +"reconfigure prssh\"." diff --git a/po/id.po b/po/id.po new file mode 100644 index 0000000..414c475 --- /dev/null +++ b/po/id.po @@ -0,0 +1,54 @@ +# Indonesian translation for podebconf rssh template. +# Copyright (C) 2016 THE rssh COPYRIGHT HOLDER +# This file is distributed under the same license as the rssh package. +# Translator: +# Izharul Haq , 2016. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.4-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2016-08-26 19:53+0700\n" +"Last-Translator: Izharul Haq \n" +"Language-Team: L10N Debian Indonesian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.6.10\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"Language: id\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Apakah anda ingin rssh_chroot_helper untuk dipasangkan setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Jika anda berencana menggunakan chroot jails untuk pengguna menggunakan " +"rssh, program /usr/lib/rssh/rssh_chroot_helper harus dipasang setuid root " +"sehingga chroot ke jail ketika pengguna terhubung. Jika anda tidak ingin " +"menggunakan chroot jails, akan lebih baik untuk tidak memasang program " +"setuid root karena anda tidak memerlukannya." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Jika ragu, pasang ia tanpa setuid root. Jika nantinya anda ingin " +"menggunakan chroot jails, anda dapat merubah konfigurasi ini dengan " +"menjalankan dpkg-reconfigure rssh." diff --git a/po/it.po b/po/it.po new file mode 100644 index 0000000..a2642af --- /dev/null +++ b/po/it.po @@ -0,0 +1,50 @@ +# Italian translation of po-debconf templates for rssh. +# Copyright (C) 2005 Software in the Public Interest +# This file is distributed under the same license as the rssh package. +# Luca Monducci , 2005-2007. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2 italian debconf templates\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-14 10:45+0200\n" +"Last-Translator: Luca Monducci \n" +"Language-Team: Italian \n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Si vuole che rssh_chroot_helper sia installato con setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Se si vogliono usare delle gabbie chroot per gli utenti che usano rssh, è " +"necessario che il programma /usr/lib/rssh/rssh_chroot_helper sia installato " +"con setuid root per poter inserire l'utente nella gabbia al momento della " +"connessione. Se non si usano le gabbie chroot, si consiglia di non " +"installare programmi con setuid root." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"In caso di dubbi, installare senza setuid root. Se in seguito si decide di " +"usare le gabbie chroot, modificare la configurazione con dpkg-reconfigure " +"rssh." diff --git a/po/ja.po b/po/ja.po new file mode 100644 index 0000000..c21cd95 --- /dev/null +++ b/po/ja.po @@ -0,0 +1,45 @@ +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-05-04 23:37+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "rssh_chroot_helper ã‚’ root ã« SUID ã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"rssh を利用ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ã« chroot jail ã‚’é©ç”¨ã™ã‚‹äºˆå®šã®å ´åˆã€ /usr/lib/rssh/" +"rssh_chroot_helper プログラム㯠SUID ビットを root ユーザã«ã‚»ãƒƒãƒˆã™ã‚‹å¿…è¦ãŒã‚" +"ã‚Šã¾ã™ã€‚ã“ã‚Œã§ã€ãƒ¦ãƒ¼ã‚¶ãŒæŽ¥ç¶šã™ã‚‹éš›ã« jail ã« chroot å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚chroot " +"jail を使ã‚ãªã„å ´åˆã€å¿…è¦ãªã„プログラムã«ã¯ root ã« SUID ã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãª" +"ã„æ–¹ãŒè‰¯ã„ã§ã—ょã†ã€‚" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"よãã‚ã‹ã‚‰ãªã„å ´åˆã€root ã« SUID ã‚’ã—ãªã„ã§ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾" +"ã™ã€‚後ã‹ã‚‰ chroot jail を利用ã—よã†ã¨è€ƒãˆç›´ã—ãŸå ´åˆã¯ã€dpkg-reconfigure rssh " +"を実行ã™ã‚‹ã“ã¨ã§è¨­å®šå¤‰æ›´ãŒå¯èƒ½ã§ã™ã€‚" diff --git a/po/nl.po b/po/nl.po new file mode 100644 index 0000000..607b05e --- /dev/null +++ b/po/nl.po @@ -0,0 +1,51 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 16:14+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Dutch\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Wilt u rssh_chroot_helper installeren met SUID-bit ingesteld op root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Als u van plan bent om 'chroot'-gevangenissen voor de rssh-gebruikers te " +"gebruiken dient het programma /usr/lib/rssh/rssh_chroot_helper geïnstalleerd " +"te worden met de SUID-bit ingesteld op root. Dit is nodig opdat de gebruik " +"chroot naar de gevangenis te kunnen schakellen bij het inloggen. Als u geen " +"'chroot'-gevangenissen gebruikt laat u de SUID-bit best gedeactiveerd." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Bij twijfel installeert u best met de SUID-bit gedeactiveerd. Als u later " +"alsnog 'chroot'-gevangenissen wilt gaan gebruiken kunt u dit altijd " +"aanpassen via het commando 'dpkg-reconfigure rssh'." diff --git a/po/pt.po b/po/pt.po new file mode 100644 index 0000000..c3e6afa --- /dev/null +++ b/po/pt.po @@ -0,0 +1,50 @@ +# Portuguese translation for rssh's debconf messages +# Copyright (C) 2007 Miguel Figueiredo +# This file is distributed under the same license as the rssh package. +# Miguel Figueiredo , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-4\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 19:48+0100\n" +"Last-Translator: Miguel Figueiredo \n" +"Language-Team: Portuguese \n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Deseja que o rssh_chroot_helper seja instalado com suid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Se planeia utilizar 'jails chroot' para os utilizadores que utilizam rssh, " +"tem de ser instalado o programa /usr/lib/rssh/rssh_chroot_helper com suid " +"root para que possa fazer chroot para a 'jail' quando o utilizador se " +"ligar. Se não está a utilizar 'jails chroot', é melhor não instalar " +"programas com suid root que não necessite." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Em caso de dúvida, instale sem suid root. Se mais tarde decidir utilizar " +"'jails chroot', você pode alterar esta configuração ao correr dpkg-" +"reconfigure rssh." diff --git a/po/pt_BR.po b/po/pt_BR.po new file mode 100644 index 0000000..625eefd --- /dev/null +++ b/po/pt_BR.po @@ -0,0 +1,53 @@ +# Debconf translations for rssh. +# Copyright (C) 2013 THE rssh'S COPYRIGHT HOLDER +# This file is distributed under the same license as the rssh package. +# Tiago Bortoletto Vaz , 2004. +# Fernando Ike de Oliveira , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.4-3\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2013-09-07 17:36-0300\n" +"Last-Translator: Fernando Ike de Oliveira \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "" +"Você deseja que o rssh_chroot_helper seja instalado com \"setuid root\"?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Caso você planeje utilizar jaulas chroot para usuários usando o rssh, o " +"programa /usr/lib/rssh/rssh_chroot_helper precisa ser instalado com \"setuid " +"root\" para que consiga efetuar chroot para dentro da jaula quando o usuário " +"conectar. Caso você não esteja usando jaulas chroot, é melhor não instalar " +"programas com \"setuid root\" que você não necessite." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Caso esteja em dúvida, instale-o sem o \"setuid root\". Caso você decida " +"usar jaulas chroot posteriormente, você poderá mudar essa configuração " +"executando dpkg-reconfigure rssh." diff --git a/po/ru.po b/po/ru.po new file mode 100644 index 0000000..6e4556e --- /dev/null +++ b/po/ru.po @@ -0,0 +1,54 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Yuri Kozlov , 2009. +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.3.2-9\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2009-07-07 20:47+0400\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "УÑтановить на rssh_chroot_helper (принадлежит root) бит setuid?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"ЕÑли вы планируете иÑпользовать ограничительное chroot-окружение Ð´Ð»Ñ " +"пользователей rssh, то у программы /usr/lib/rssh/rssh_chroot_helper должен " +"быть уÑтановлен бит setuid Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, чтобы она могла заходить в chroot-" +"окружение при подключении пользователÑ. ЕÑли вы не иÑпользуете " +"ограничительное chroot-окружение, то лучше не уÑтанавливать на программы бит " +"setuid." + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"ЕÑли ÑомневаетеÑÑŒ, не уÑтанавливайте бит setuid. ЕÑли вы захотите " +"иÑпользовать ограничительное chroot-окружение позднее, то Ñможете изменить " +"Ñту наÑтройку запуÑтив dpkg-reconfigure rssh." diff --git a/po/sv.po b/po/sv.po new file mode 100644 index 0000000..dbdec3e --- /dev/null +++ b/po/sv.po @@ -0,0 +1,58 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: rssh 2.2.3-2\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: 2007-04-12 08:31+0100\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "Vill du att rssh_chroot_helper ska installeras setuid root?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" +"Om du planerar att använda chroot-fängelser för användare som använder rssh " +"måste programmet /usr/lib/rssh/rssh_chroot_helper installeras setuid root så " +"att det kan köra chroot in i fängelset när användaren ansluter. Om du väljer " +"att inte använda chroot-fängelser är det bättre att inte installera program " +"som du inte behöver som setuid root. " + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" +"Om du är osäker bör du installera det utan setuid root. Om du bestämmer dig " +"senare för att använda chroot-fängelser kan du ändra den här konfigurationen " +"genom att köra dpkg-reconfigure rssh." diff --git a/po/templates.pot b/po/templates.pot new file mode 100644 index 0000000..ab16713 --- /dev/null +++ b/po/templates.pot @@ -0,0 +1,42 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: rra@debian.org\n" +"POT-Creation-Date: 2007-04-11 19:20-0700\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Do you want rssh_chroot_helper to be installed setuid root?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If you plan to use chroot jails for the users using rssh, the program /usr/" +"lib/rssh/rssh_chroot_helper has to be installed setuid root so that it can " +"chroot into the jail when the user connects. If you are not using chroot " +"jails, it's better to not install setuid root programs you don't need." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"If in doubt, install it without setuid root. If you later decide to use " +"chroot jails, you can change this configuration by running dpkg-reconfigure " +"rssh." +msgstr "" diff --git a/postinst b/postinst new file mode 100755 index 0000000..835170f --- /dev/null +++ b/postinst @@ -0,0 +1,53 @@ +#! /bin/sh +# postinst script for rssh + +set -e + +# Path to the helper program, which we may make setuid. +helper=/usr/lib/rssh/rssh_chroot_helper + +if [ "$1" = "configure" ] || [ "$1" = "reconfigure" ] ; then + . /usr/share/debconf/confmodule + db_get rssh/chroot_helper_setuid + setuid="$RET" + db_stop + + # We don't want to change the setuid status if the sysadmin has overridden + # it with dpkg-statoverride. + if dpkg-statoverride --list "$helper" > /dev/null ; then + status=0 + else + status=1 + fi + if [ "$status" != 0 ] ; then + if [ "$setuid" = "true" ] ; then + chmod 4755 "$helper" + else + chmod 0755 "$helper" + fi + fi + + # Older versions of rssh incorrectly added rssh to /etc/shells. We don't + # want that. Remove it from /etc/shells to clean up after older + # packages. See Bug#424672. + if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.3.2-5 ; then + remove-shell /usr/bin/rssh + fi + + # 2.3.2-9 added Subversion support, which requires adding another binary + # digit to the user configuration lines in rssh.conf. When upgrading, run + # the conf_convert script to do so. + if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.3.2-9 ; then + echo 'Adjusting /etc/rssh.conf for file format change' + /usr/share/rssh/conf_convert /etc/rssh.conf > /etc/rssh.conf.dpkg-tmp + if cmp /etc/rssh.conf.dpkg-tmp /etc/rssh.conf >/dev/null ; then + rm /etc/rssh.conf.dpkg-tmp + else + mv /etc/rssh.conf.dpkg-tmp /etc/rssh.conf + fi + fi +fi + +#DEBHELPER# + +exit 0 diff --git a/rules b/rules new file mode 100755 index 0000000..25f2483 --- /dev/null +++ b/rules @@ -0,0 +1,28 @@ +#!/usr/bin/make -f + +# Enable compiler hardening flags. +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# Let the user build rssh static if they wish. +ifneq (,$(findstring static,$(DEB_CONFIGURE_OPTIONS))) + CONFIGURE_OPTIONS = --enable-static +else + CONFIGURE_OPTIONS = --disable-static +endif + +%: + dh $@ + +override_dh_auto_configure: + chmod a+x conf_convert + dh_auto_configure -- --libexecdir=/usr/lib/rssh \ + --with-scp=/usr/bin/scp --with-cvs=/usr/bin/cvs \ + --with-sftp-server=/usr/lib/openssh/sftp-server \ + --with-rsync=/usr/bin/rsync --with-rdist=/usr/bin/rdist \ + --with-svnserve=/usr/bin/svnserve $(CONFIGURE_OPTIONS) + +override_dh_auto_install: + cp rssh.conf.default rssh.conf + +override_dh_compress: + dh_compress -Xexamples diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/options b/source/options new file mode 100644 index 0000000..b7bc1f2 --- /dev/null +++ b/source/options @@ -0,0 +1 @@ +compression = "xz" diff --git a/templates b/templates new file mode 100644 index 0000000..e7b8025 --- /dev/null +++ b/templates @@ -0,0 +1,13 @@ +Template: rssh/chroot_helper_setuid +Type: boolean +Default: false +_Description: Do you want rssh_chroot_helper to be installed setuid root? + If you plan to use chroot jails for the users using rssh, the program + /usr/lib/rssh/rssh_chroot_helper has to be installed setuid root so that + it can chroot into the jail when the user connects. If you are not using + chroot jails, it's better to not install setuid root programs you don't + need. + . + If in doubt, install it without setuid root. If you later decide to use + chroot jails, you can change this configuration by running + dpkg-reconfigure rssh. diff --git a/watch b/watch new file mode 100644 index 0000000..13ec360 --- /dev/null +++ b/watch @@ -0,0 +1,7 @@ +# This watch file works for getting the upstream version number, but probably +# won't work for the actual download due to the stupid Sourceforge +# redirection. Since I don't anticipate a new upstream release, at least from +# this location, this probably isn't enough of a problem to bother fixing. + +version=3 +http://sf.net/rssh/rssh-([\d.]+)\.tar\.gz$ -- cgit v1.2.3 From 7fbaa021ad671da37ed5410f25c6281fa209c0fe Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix invalid option error Don't refer to all invalid options as invalid scp options. Gbp-Pq: Name 0001-Fix-invalid-option-error.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index f98d2bc..3affc0a 100644 --- a/util.c +++ b/util.c @@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) while (vec && *vec){ if (opt_exist(*vec, opt)){ fprintf(stderr, "\nillegal insecure %c option", opt); - log_msg("insecure %c option in scp command line!", opt); + log_msg("insecure %c option in command line!", opt); return TRUE; } vec++; -- cgit v1.2.3 From 15439b64801d24b01f1c09e9b053625fbc89163e Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Honor CFLAGS/CPPFLAGS passed to configure The CFLAGS from dpkg-buildflags are missing because they are overwritten in Makefile.am. The attached patch removes an incorrect build rule and passes the custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are still passed correctly. Signed-off-by: Russ Allbery Gbp-Pq: Name 0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch --- Makefile.am | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index c5b1a8d..57a4305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ## Process this file with automake to produce Makefile.in AUTOMAKE_OPTIONS = nostdinc -ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -ourflags = @defcflags@ @static@ -AM_CFLAGS = $(ourflags) +AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +AM_CFLAGS = @defcflags@ @static@ bin_PROGRAMS = rssh libexec_PROGRAMS = rssh_chroot_helper nodist_rssh_SOURCES = main.c pathnames.h config.h @@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh base=`echo @PACKAGE_STRING@|tr " " "-"` -.c.o: - $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - install-exec-hook: chmod u+s $(libexecdir)/rssh_chroot_helper -- cgit v1.2.3 From 9986a547f9ebc8df44da469aaedc0c544d485729 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix buffer allocation buffer for fail message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Gbp-Pq: Name 0003-Fix-buffer-allocation-buffer-for-fail-message.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 3affc0a..ef1a5d8 100644 --- a/util.c +++ b/util.c @@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; else { - size += 18; + size += 18 + 1; if ( !(cmd = (char *)malloc(size)) ){ log_msg("fatal error: out of mem allocating log msg"); exit(1); -- cgit v1.2.3 From 1a01d4ff131f1a8367da7400459cf4e1ed9a41b6 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Lower syslog priority to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Gbp-Pq: Name 0004-Lower-syslog-priority-to-debug.patch --- rsshconf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rsshconf.c b/rsshconf.c index 4b22766..564f747 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing scp to all users"); } opts->shell_flags |= RSSH_ALLOW_SCP; @@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing sftp to all users"); } opts->shell_flags |= RSSH_ALLOW_SFTP; @@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing cvs to all users"); } opts->shell_flags |= RSSH_ALLOW_CVS; @@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, lineno); return FALSE; } - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log){ log_msg("allowing rdist to all users"); opts->shell_flags |= RSSH_ALLOW_RDIST; @@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing rsync to all users"); } opts->shell_flags |= RSSH_ALLOW_RSYNC; @@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, /* get rid of any old value for chroot path, assign new one */ if ( opts->chroot_path ) free(opts->chroot_path); if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("chrooting all users to %s", temp); } /* we must not free temp, since opts points to it */ @@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, return FALSE; } if ( facname ){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log) log_msg("setting log facility to %s", facname); log_set_facility(fac); return TRUE; @@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting umask to %#o", mask); } opts->rssh_umask = mask; @@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, */ if ( (strcmp(user, username)) ) return TRUE; if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("line %d: configuring user %s", lineno, user); } if ( !(len = eat_colon(temp + pos)) ){ @@ -969,7 +969,7 @@ cleanup: tmpmask = 077; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting %s's umask to %#o", user, tmpmask); } opts->rssh_umask = tmpmask; -- cgit v1.2.3 From 91ec960a41d1dff980565c1b18cad1e36b554e60 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix spelling errors in manual pages Gbp-Pq: Name 0005-Fix-spelling-errors-in-manual-pages.patch --- rssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rssh.1 b/rssh.1 index caa2636..a682f70 100644 --- a/rssh.1 +++ b/rssh.1 @@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see http://www.openssh.com), but may work with other implementations. .P The system administrator should install the shell on the restricted system. -Then the password file entry of any user for whom it is desireable to provide +Then the password file entry of any user for whom it is desirable to provide restricted access should be edited, such that their shell is \fBrssh\fP. For example: .P @@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you are trying to provide. This prevents them from running standard system commands. .P -Then, make sure the user's files inside the jail are on a seperate filesystem +Then, make sure the user's files inside the jail are on a separate filesystem from your system's executables. If possible in your environment, make sure you mount this filesystem using the .IR noexec " and " nosuid -- cgit v1.2.3 From b9bd4e3adb08ac7a1e9868e2ad539e136958b0b2 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. With multiarch, these libraries have also been moved into a subdirectory of /lib. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff and Jeremy Jongepier for their contributions. Gbp-Pq: Name 0006-Fixes-and-improvements-to-mkchroot.sh.patch --- mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/mkchroot.sh b/mkchroot.sh index 9e17d5d..8bc1ecc 100755 --- a/mkchroot.sh +++ b/mkchroot.sh @@ -1,13 +1,13 @@ -#!/bin/sh +#!/bin/bash ##################################################################### ##################################################################### ## ## mkchroot.sh - set up a chroot jail. ## -## This script is written to work for Red Hat 8/9 systems, but may work on -## other systems. Or, it may not... In fact, it may not work at all. Use at -## your own risk. :) +## This script is written to work for Red Hat 8/9 systems and adapted to work +## on Debian systems, but may work on other systems. Or, it may not... In +## fact, it may not work at all. Use at your own risk. :) ## fail() { @@ -96,9 +96,9 @@ fi # copy SSH files scp_path="/usr/bin/scp" -sftp_server_path="/usr/libexec/openssh/sftp-server" +sftp_server_path="/usr/lib/openssh/sftp-server" rssh_path="/usr/bin/rssh" -chroot_helper_path="/usr/libexec/rssh_chroot_helper" +chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do @@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ # # identify and copy libraries needed in the jail # +# Sample ldd output: +# +# linux-gate.so.1 => (0xffffe000) +# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) +# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) +# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) +# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) +# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) +# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) +# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) +# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) +# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) +# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) +# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) +# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) +# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) +# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) +# /lib/ld-linux.so.2 (0xb7f13000) +# +# either the first or the third column may contain a path +# -for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ + /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ + /lib/*/libnss_files*; do + if [ ! -f "$prog" ] ; then + continue + fi echo "Copying libraries for $prog." - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` for lib in $libs; do - mkdir -p "$jail_dir$(dirname $lib)" + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 echo -e "\t$lib" - cp "$lib" "$jail_dir$lib" + cp "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 done done +# On Debian with multiarch, the libnss files are in /lib/, where +# is the relevant architecture triplet. Just copy everything +# that's installed, since we're not sure which ones we'll need. echo "copying name service resolution libraries..." -tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' +if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +else + tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +fi ##################################################################### # @@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se # echo "Setting up /etc in the chroot jail" -mkdir -p "$jail_dir/etc" -cp /etc/nsswitch.conf "$jail_dir/etc/" -cp /etc/passwd "$jail_dir/etc/" -cp /etc/ld.* "$jail_dir/etc/" - -echo -e "Chroot jail configuration completed." -echo -e "\nNOTE: if you are not using the passwd file for authentication," -echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" - +mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 +cp /etc/nsswitch.conf "$jail_dir/etc/" || \ + fail "Error copying /etc/nsswitch.conf. Exiting" 7 +cp /etc/passwd "$jail_dir/etc/" || \ + fail "Error copying /etc/passwd. Exiting" 7 +cp -r /etc/ld.* "$jail_dir/etc/" || \ + fail "Error copying /etc/ld.*. Exiting" 7 +echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" +echo -e "to edit out unnecessary users and remove any sensitive information" +echo -e "from it." ##################################################################### # -# set up /dev/log +# set up /dev # mkdir -p "$jail_dir/dev" +if [ `whoami` = "root" ]; then + cp -a /dev/log "$jail_dir/dev" || \ + fail "Error creating /dev/log. Exiting" 8 + cp -a /dev/null "$jail_dir/dev" || \ + fail "Error creating /dev/null. Exiting" 8 + cp -a /dev/zero "$jail_dir/dev" || \ + fail "Error creating /dev/zero. Exiting" 8 +else + echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" + echo -e "You are not root.\n" +fi + +echo -e "Chroot jail configuration completed.\n" + +echo -e "NOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + +echo -e "NOTE: if you are using any programs other than scp and sftp, you will" +echo -e "need to copy the server binaries and any libraries they depend on" +echo -e "into the chroot manually. Use ldd on the binary to find the needed" +echo -e "libraries.\n" echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," echo -e "you will need to start syslog as:\n" -echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" echo -e "if it\ndoesn't, you're on your own. Sorry!\n" - - -- cgit v1.2.3 From c55538a47c090570cf5c0b1012b40004a3857493 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Handle rsync v3 -e protocol option As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Also scan the rsync command line for any --rsh option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. Based on work by Robert Hardy. Debian Bug#471803 Gbp-Pq: Name 0007-Handle-rsync-v3-e-protocol-option.patch --- util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 72 insertions(+), 8 deletions(-) diff --git a/util.c b/util.c index ef1a5d8..b70899f 100644 --- a/util.c +++ b/util.c @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include #endif /* HAVE_LIBGEN_H */ +#include /* LOCAL INCLUDES */ #include "pathnames.h" @@ -197,6 +198,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) } +/* + * rsync_e_okay() - take the command line passed to rssh and look for an -e + * option. If one is found, make sure --server is provided + * and the option contains only the protocol information. + * Also check for and reject any --rsh option. Returns FALSE + * if the command line should not be allowed, TRUE if it is + * okay. + */ +static int rsync_e_okay( char **vec ) +{ + regex_t re; + int server = FALSE; + int e_found = FALSE; + + /* + * rsync will send -e, followed by either just "." (meaning no special + * protocol) or "N.N" (meaning a pre-release protocol version), + * followed by some number of alphabetic flags indicating various + * supported options. There may be other options between - and the e, + * but -e will always be the last option in the string. A typical + * option passed by the client is "-ltpre.iL". + * + * Note that if --server is given, this should never be parsed as a + * shell, but we'll tightly verify it anyway, just in case. + * + * This regex matches the acceptable flags containing -e, so if it + * does not match, the command line should be rejected. + */ + static const char pattern[] + = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; + + /* + * Only recognize --server if it's the first option. rsync itself + * always passes it that way, and if it's not the first argument, it + * could be hidden from the server as an argument to some other + * option. + */ + if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ + server = TRUE; + } + + /* Check the remaining options for -e or --rsh. */ + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ + return FALSE; + } + while (vec && *vec){ + if ( strcmp(*vec, "--") == 0 ) break; + if ( strcmp(*vec, "--rsh") == 0 + || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ + regfree(&re); + return FALSE; + } + if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ + e_found = TRUE; + if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ + regfree(&re); + return FALSE; + } + } + vec++; + } + regfree(&re); + if ( e_found && !server ) return FALSE; + return TRUE; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ /* filter -e option */ - if ( opt_filter(cl, 'e') ) return NULL; - while (cl && *cl){ - if ( strstr(*cl, "--rsh" ) ){ - fprintf(stderr, "\ninsecure --rsh= not allowed."); - log_msg("insecure --rsh option in rsync command line!"); - return NULL; - } - cl++; + if ( !rsync_e_okay(cl) ){ + fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); + log_msg("insecure -e or --rsh option in rsync command line!"); + return NULL; } return PATH_RSYNC; } -- cgit v1.2.3 From 7580bcf9f3b66ed13887c2bd6281550463d63c99 Mon Sep 17 00:00:00 2001 From: Davide Scola Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Add support for Subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Debian Bug#284756 Signed-off-by: Russ Allbery Gbp-Pq: Name 0008-Add-support-for-Subversion-svnserve.patch --- conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ conf_convert.sh | 45 --------------------------------------------- configure.ac | 22 ++++++++++++++++++++-- main.c.in | 5 ++++- pathnames.h.in | 1 + rssh.conf.5 | 17 +++++++++++------ rssh.conf.5.in | 17 +++++++++++------ rssh.conf.default | 28 +++++++++++++++------------- rssh.h | 13 +++++++------ rssh_chroot_helper.c | 3 +++ rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- util.c | 35 ++++++++++++++++++++++++++--------- util.h | 3 ++- 13 files changed, 194 insertions(+), 93 deletions(-) create mode 100644 conf_convert delete mode 100755 conf_convert.sh diff --git a/conf_convert b/conf_convert new file mode 100644 index 0000000..a47ecba --- /dev/null +++ b/conf_convert @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff --git a/conf_convert.sh b/conf_convert.sh deleted file mode 100755 index fb0c999..0000000 --- a/conf_convert.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff --git a/configure.ac b/configure.ac index ab145b4..caeae7d 100644 --- a/configure.ac +++ b/configure.ac @@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(sftp_path) AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff --git a/main.c.in b/main.c.in index 7d1695c..b3228e5 100644 --- a/main.c.in +++ b/main.c.in @@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -267,7 +269,8 @@ void vers_info( void ) printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff --git a/pathnames.h.in b/pathnames.h.in index 17e2fb7..043d7ae 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff --git a/rssh.conf.5 b/rssh.conf.5 index 5556468..227ef88 100644 --- a/rssh.conf.5 +++ b/rssh.conf.5 @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.5.in b/rssh.conf.5.in index 913ce9d..5e16acb 100644 --- a/rssh.conf.5.in +++ b/rssh.conf.5.in @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.default b/rssh.conf.default index c847565..88833c1 100644 --- a/rssh.conf.default +++ b/rssh.conf.default @@ -11,6 +11,7 @@ logfacility = LOG_USER #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ umask = 022 ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff --git a/rssh.h b/rssh.h index d15f645..111f9a0 100644 --- a/rssh.h +++ b/rssh.h @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 7780c11..8a35cdc 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -254,6 +254,9 @@ int main( int argc, char **argv ) case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff --git a/rsshconf.c b/rsshconf.c index 564f747..459b26b 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -71,6 +71,7 @@ const char *keywords[] = { "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, int process_allow_rsync( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_svnserve( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_DEBUG); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -999,6 +1037,10 @@ cleanup: if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff --git a/util.c b/util.c index b70899f..56f67ad 100644 --- a/util.c +++ b/util.c @@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -305,6 +308,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) } return PATH_RSYNC; } + if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } /* No match, return NULL */ return NULL; } @@ -329,6 +342,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) return PATH_RDIST; if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) return PATH_RSYNC; + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) + return PATH_SVNSERVE; return NULL; } @@ -394,22 +409,24 @@ int validate_umask( const char *temp, int *mask ) * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff --git a/util.h b/util.h index 8b81201..a67eb32 100644 --- a/util.h +++ b/util.h @@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void ); -- cgit v1.2.3 From cc20fc7b96aa5328244b7912eb313a71795554f2 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix invalid option error Don't refer to all invalid options as invalid scp options. Gbp-Pq: Name 0001-Fix-invalid-option-error.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index f98d2bc..3affc0a 100644 --- a/util.c +++ b/util.c @@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) while (vec && *vec){ if (opt_exist(*vec, opt)){ fprintf(stderr, "\nillegal insecure %c option", opt); - log_msg("insecure %c option in scp command line!", opt); + log_msg("insecure %c option in command line!", opt); return TRUE; } vec++; -- cgit v1.2.3 From 47a9cd33a230b625e969184c6aac9754c7b72ed0 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Honor CFLAGS/CPPFLAGS passed to configure The CFLAGS from dpkg-buildflags are missing because they are overwritten in Makefile.am. The attached patch removes an incorrect build rule and passes the custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are still passed correctly. Signed-off-by: Russ Allbery Gbp-Pq: Name 0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch --- Makefile.am | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index c5b1a8d..57a4305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ## Process this file with automake to produce Makefile.in AUTOMAKE_OPTIONS = nostdinc -ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -ourflags = @defcflags@ @static@ -AM_CFLAGS = $(ourflags) +AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +AM_CFLAGS = @defcflags@ @static@ bin_PROGRAMS = rssh libexec_PROGRAMS = rssh_chroot_helper nodist_rssh_SOURCES = main.c pathnames.h config.h @@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh base=`echo @PACKAGE_STRING@|tr " " "-"` -.c.o: - $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - install-exec-hook: chmod u+s $(libexecdir)/rssh_chroot_helper -- cgit v1.2.3 From 80026ee961a78b0012c673fb1e8644a6e599320a Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix buffer allocation buffer for fail message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Gbp-Pq: Name 0003-Fix-buffer-allocation-buffer-for-fail-message.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 3affc0a..ef1a5d8 100644 --- a/util.c +++ b/util.c @@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; else { - size += 18; + size += 18 + 1; if ( !(cmd = (char *)malloc(size)) ){ log_msg("fatal error: out of mem allocating log msg"); exit(1); -- cgit v1.2.3 From ed6d5f4112a03e5d825463033e324fbc51dc85fa Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Lower syslog priority to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Gbp-Pq: Name 0004-Lower-syslog-priority-to-debug.patch --- rsshconf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rsshconf.c b/rsshconf.c index 4b22766..564f747 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing scp to all users"); } opts->shell_flags |= RSSH_ALLOW_SCP; @@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing sftp to all users"); } opts->shell_flags |= RSSH_ALLOW_SFTP; @@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing cvs to all users"); } opts->shell_flags |= RSSH_ALLOW_CVS; @@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, lineno); return FALSE; } - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log){ log_msg("allowing rdist to all users"); opts->shell_flags |= RSSH_ALLOW_RDIST; @@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing rsync to all users"); } opts->shell_flags |= RSSH_ALLOW_RSYNC; @@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, /* get rid of any old value for chroot path, assign new one */ if ( opts->chroot_path ) free(opts->chroot_path); if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("chrooting all users to %s", temp); } /* we must not free temp, since opts points to it */ @@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, return FALSE; } if ( facname ){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log) log_msg("setting log facility to %s", facname); log_set_facility(fac); return TRUE; @@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting umask to %#o", mask); } opts->rssh_umask = mask; @@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, */ if ( (strcmp(user, username)) ) return TRUE; if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("line %d: configuring user %s", lineno, user); } if ( !(len = eat_colon(temp + pos)) ){ @@ -969,7 +969,7 @@ cleanup: tmpmask = 077; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting %s's umask to %#o", user, tmpmask); } opts->rssh_umask = tmpmask; -- cgit v1.2.3 From afc12258928ed553e3cdf3f442bbe28a2ec5f662 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix spelling errors in manual pages Gbp-Pq: Name 0005-Fix-spelling-errors-in-manual-pages.patch --- rssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rssh.1 b/rssh.1 index caa2636..a682f70 100644 --- a/rssh.1 +++ b/rssh.1 @@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see http://www.openssh.com), but may work with other implementations. .P The system administrator should install the shell on the restricted system. -Then the password file entry of any user for whom it is desireable to provide +Then the password file entry of any user for whom it is desirable to provide restricted access should be edited, such that their shell is \fBrssh\fP. For example: .P @@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you are trying to provide. This prevents them from running standard system commands. .P -Then, make sure the user's files inside the jail are on a seperate filesystem +Then, make sure the user's files inside the jail are on a separate filesystem from your system's executables. If possible in your environment, make sure you mount this filesystem using the .IR noexec " and " nosuid -- cgit v1.2.3 From f2530b4c2ee45ce566bdeb9b15da8eedc37cf450 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. With multiarch, these libraries have also been moved into a subdirectory of /lib. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff and Jeremy Jongepier for their contributions. Gbp-Pq: Name 0006-Fixes-and-improvements-to-mkchroot.sh.patch --- mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/mkchroot.sh b/mkchroot.sh index 9e17d5d..8bc1ecc 100755 --- a/mkchroot.sh +++ b/mkchroot.sh @@ -1,13 +1,13 @@ -#!/bin/sh +#!/bin/bash ##################################################################### ##################################################################### ## ## mkchroot.sh - set up a chroot jail. ## -## This script is written to work for Red Hat 8/9 systems, but may work on -## other systems. Or, it may not... In fact, it may not work at all. Use at -## your own risk. :) +## This script is written to work for Red Hat 8/9 systems and adapted to work +## on Debian systems, but may work on other systems. Or, it may not... In +## fact, it may not work at all. Use at your own risk. :) ## fail() { @@ -96,9 +96,9 @@ fi # copy SSH files scp_path="/usr/bin/scp" -sftp_server_path="/usr/libexec/openssh/sftp-server" +sftp_server_path="/usr/lib/openssh/sftp-server" rssh_path="/usr/bin/rssh" -chroot_helper_path="/usr/libexec/rssh_chroot_helper" +chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do @@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ # # identify and copy libraries needed in the jail # +# Sample ldd output: +# +# linux-gate.so.1 => (0xffffe000) +# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) +# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) +# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) +# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) +# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) +# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) +# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) +# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) +# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) +# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) +# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) +# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) +# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) +# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) +# /lib/ld-linux.so.2 (0xb7f13000) +# +# either the first or the third column may contain a path +# -for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ + /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ + /lib/*/libnss_files*; do + if [ ! -f "$prog" ] ; then + continue + fi echo "Copying libraries for $prog." - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` for lib in $libs; do - mkdir -p "$jail_dir$(dirname $lib)" + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 echo -e "\t$lib" - cp "$lib" "$jail_dir$lib" + cp "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 done done +# On Debian with multiarch, the libnss files are in /lib/, where +# is the relevant architecture triplet. Just copy everything +# that's installed, since we're not sure which ones we'll need. echo "copying name service resolution libraries..." -tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' +if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +else + tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +fi ##################################################################### # @@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se # echo "Setting up /etc in the chroot jail" -mkdir -p "$jail_dir/etc" -cp /etc/nsswitch.conf "$jail_dir/etc/" -cp /etc/passwd "$jail_dir/etc/" -cp /etc/ld.* "$jail_dir/etc/" - -echo -e "Chroot jail configuration completed." -echo -e "\nNOTE: if you are not using the passwd file for authentication," -echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" - +mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 +cp /etc/nsswitch.conf "$jail_dir/etc/" || \ + fail "Error copying /etc/nsswitch.conf. Exiting" 7 +cp /etc/passwd "$jail_dir/etc/" || \ + fail "Error copying /etc/passwd. Exiting" 7 +cp -r /etc/ld.* "$jail_dir/etc/" || \ + fail "Error copying /etc/ld.*. Exiting" 7 +echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" +echo -e "to edit out unnecessary users and remove any sensitive information" +echo -e "from it." ##################################################################### # -# set up /dev/log +# set up /dev # mkdir -p "$jail_dir/dev" +if [ `whoami` = "root" ]; then + cp -a /dev/log "$jail_dir/dev" || \ + fail "Error creating /dev/log. Exiting" 8 + cp -a /dev/null "$jail_dir/dev" || \ + fail "Error creating /dev/null. Exiting" 8 + cp -a /dev/zero "$jail_dir/dev" || \ + fail "Error creating /dev/zero. Exiting" 8 +else + echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" + echo -e "You are not root.\n" +fi + +echo -e "Chroot jail configuration completed.\n" + +echo -e "NOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + +echo -e "NOTE: if you are using any programs other than scp and sftp, you will" +echo -e "need to copy the server binaries and any libraries they depend on" +echo -e "into the chroot manually. Use ldd on the binary to find the needed" +echo -e "libraries.\n" echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," echo -e "you will need to start syslog as:\n" -echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" echo -e "if it\ndoesn't, you're on your own. Sorry!\n" - - -- cgit v1.2.3 From 0b35d42f6dea773650033116961015d3cc62b1fb Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Handle rsync v3 -e protocol option As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Also scan the rsync command line for any --rsh option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. Based on work by Robert Hardy. Debian Bug#471803 Gbp-Pq: Name 0007-Handle-rsync-v3-e-protocol-option.patch --- util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 72 insertions(+), 8 deletions(-) diff --git a/util.c b/util.c index ef1a5d8..b70899f 100644 --- a/util.c +++ b/util.c @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include #endif /* HAVE_LIBGEN_H */ +#include /* LOCAL INCLUDES */ #include "pathnames.h" @@ -197,6 +198,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) } +/* + * rsync_e_okay() - take the command line passed to rssh and look for an -e + * option. If one is found, make sure --server is provided + * and the option contains only the protocol information. + * Also check for and reject any --rsh option. Returns FALSE + * if the command line should not be allowed, TRUE if it is + * okay. + */ +static int rsync_e_okay( char **vec ) +{ + regex_t re; + int server = FALSE; + int e_found = FALSE; + + /* + * rsync will send -e, followed by either just "." (meaning no special + * protocol) or "N.N" (meaning a pre-release protocol version), + * followed by some number of alphabetic flags indicating various + * supported options. There may be other options between - and the e, + * but -e will always be the last option in the string. A typical + * option passed by the client is "-ltpre.iL". + * + * Note that if --server is given, this should never be parsed as a + * shell, but we'll tightly verify it anyway, just in case. + * + * This regex matches the acceptable flags containing -e, so if it + * does not match, the command line should be rejected. + */ + static const char pattern[] + = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; + + /* + * Only recognize --server if it's the first option. rsync itself + * always passes it that way, and if it's not the first argument, it + * could be hidden from the server as an argument to some other + * option. + */ + if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ + server = TRUE; + } + + /* Check the remaining options for -e or --rsh. */ + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ + return FALSE; + } + while (vec && *vec){ + if ( strcmp(*vec, "--") == 0 ) break; + if ( strcmp(*vec, "--rsh") == 0 + || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ + regfree(&re); + return FALSE; + } + if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ + e_found = TRUE; + if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ + regfree(&re); + return FALSE; + } + } + vec++; + } + regfree(&re); + if ( e_found && !server ) return FALSE; + return TRUE; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ /* filter -e option */ - if ( opt_filter(cl, 'e') ) return NULL; - while (cl && *cl){ - if ( strstr(*cl, "--rsh" ) ){ - fprintf(stderr, "\ninsecure --rsh= not allowed."); - log_msg("insecure --rsh option in rsync command line!"); - return NULL; - } - cl++; + if ( !rsync_e_okay(cl) ){ + fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); + log_msg("insecure -e or --rsh option in rsync command line!"); + return NULL; } return PATH_RSYNC; } -- cgit v1.2.3 From 1ed958e0eeb127085d685821c9c999f0bc873d90 Mon Sep 17 00:00:00 2001 From: Davide Scola Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Add support for Subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Debian Bug#284756 Signed-off-by: Russ Allbery Gbp-Pq: Name 0008-Add-support-for-Subversion-svnserve.patch --- conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ conf_convert.sh | 45 --------------------------------------------- configure.ac | 22 ++++++++++++++++++++-- main.c.in | 5 ++++- pathnames.h.in | 1 + rssh.conf.5 | 17 +++++++++++------ rssh.conf.5.in | 17 +++++++++++------ rssh.conf.default | 28 +++++++++++++++------------- rssh.h | 13 +++++++------ rssh_chroot_helper.c | 3 +++ rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- util.c | 35 ++++++++++++++++++++++++++--------- util.h | 3 ++- 13 files changed, 194 insertions(+), 93 deletions(-) create mode 100644 conf_convert delete mode 100755 conf_convert.sh diff --git a/conf_convert b/conf_convert new file mode 100644 index 0000000..a47ecba --- /dev/null +++ b/conf_convert @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff --git a/conf_convert.sh b/conf_convert.sh deleted file mode 100755 index fb0c999..0000000 --- a/conf_convert.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff --git a/configure.ac b/configure.ac index ab145b4..caeae7d 100644 --- a/configure.ac +++ b/configure.ac @@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(sftp_path) AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff --git a/main.c.in b/main.c.in index 7d1695c..b3228e5 100644 --- a/main.c.in +++ b/main.c.in @@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -267,7 +269,8 @@ void vers_info( void ) printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff --git a/pathnames.h.in b/pathnames.h.in index 17e2fb7..043d7ae 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff --git a/rssh.conf.5 b/rssh.conf.5 index 5556468..227ef88 100644 --- a/rssh.conf.5 +++ b/rssh.conf.5 @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.5.in b/rssh.conf.5.in index 913ce9d..5e16acb 100644 --- a/rssh.conf.5.in +++ b/rssh.conf.5.in @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.default b/rssh.conf.default index c847565..88833c1 100644 --- a/rssh.conf.default +++ b/rssh.conf.default @@ -11,6 +11,7 @@ logfacility = LOG_USER #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ umask = 022 ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff --git a/rssh.h b/rssh.h index d15f645..111f9a0 100644 --- a/rssh.h +++ b/rssh.h @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 7780c11..8a35cdc 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -254,6 +254,9 @@ int main( int argc, char **argv ) case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff --git a/rsshconf.c b/rsshconf.c index 564f747..459b26b 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -71,6 +71,7 @@ const char *keywords[] = { "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, int process_allow_rsync( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_svnserve( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_DEBUG); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -999,6 +1037,10 @@ cleanup: if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff --git a/util.c b/util.c index b70899f..56f67ad 100644 --- a/util.c +++ b/util.c @@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -305,6 +308,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) } return PATH_RSYNC; } + if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } /* No match, return NULL */ return NULL; } @@ -329,6 +342,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) return PATH_RDIST; if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) return PATH_RSYNC; + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) + return PATH_SVNSERVE; return NULL; } @@ -394,22 +409,24 @@ int validate_umask( const char *temp, int *mask ) * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff --git a/util.h b/util.h index 8b81201..a67eb32 100644 --- a/util.h +++ b/util.h @@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void ); -- cgit v1.2.3 From a4df85beb77b6ac375ba6137e630497dd7744c16 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix invalid option error Don't refer to all invalid options as invalid scp options. Gbp-Pq: Name 0001-Fix-invalid-option-error.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index f98d2bc..3affc0a 100644 --- a/util.c +++ b/util.c @@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) while (vec && *vec){ if (opt_exist(*vec, opt)){ fprintf(stderr, "\nillegal insecure %c option", opt); - log_msg("insecure %c option in scp command line!", opt); + log_msg("insecure %c option in command line!", opt); return TRUE; } vec++; -- cgit v1.2.3 From 468d1926aa56c091e5a70faf73b95cd87bf5d958 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Honor CFLAGS/CPPFLAGS passed to configure The CFLAGS from dpkg-buildflags are missing because they are overwritten in Makefile.am. The attached patch removes an incorrect build rule and passes the custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are still passed correctly. Signed-off-by: Russ Allbery Gbp-Pq: Name 0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch --- Makefile.am | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index c5b1a8d..57a4305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ## Process this file with automake to produce Makefile.in AUTOMAKE_OPTIONS = nostdinc -ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -ourflags = @defcflags@ @static@ -AM_CFLAGS = $(ourflags) +AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +AM_CFLAGS = @defcflags@ @static@ bin_PROGRAMS = rssh libexec_PROGRAMS = rssh_chroot_helper nodist_rssh_SOURCES = main.c pathnames.h config.h @@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh base=`echo @PACKAGE_STRING@|tr " " "-"` -.c.o: - $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - install-exec-hook: chmod u+s $(libexecdir)/rssh_chroot_helper -- cgit v1.2.3 From 838843c3b8de4dfc5084b3fcfdf5e2b8f2b93853 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix buffer allocation buffer for fail message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Gbp-Pq: Name 0003-Fix-buffer-allocation-buffer-for-fail-message.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 3affc0a..ef1a5d8 100644 --- a/util.c +++ b/util.c @@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; else { - size += 18; + size += 18 + 1; if ( !(cmd = (char *)malloc(size)) ){ log_msg("fatal error: out of mem allocating log msg"); exit(1); -- cgit v1.2.3 From ea2521d08867e2751ad163422a9f343cfe7f7099 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Lower syslog priority to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Gbp-Pq: Name 0004-Lower-syslog-priority-to-debug.patch --- rsshconf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rsshconf.c b/rsshconf.c index 4b22766..564f747 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing scp to all users"); } opts->shell_flags |= RSSH_ALLOW_SCP; @@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing sftp to all users"); } opts->shell_flags |= RSSH_ALLOW_SFTP; @@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing cvs to all users"); } opts->shell_flags |= RSSH_ALLOW_CVS; @@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, lineno); return FALSE; } - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log){ log_msg("allowing rdist to all users"); opts->shell_flags |= RSSH_ALLOW_RDIST; @@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing rsync to all users"); } opts->shell_flags |= RSSH_ALLOW_RSYNC; @@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, /* get rid of any old value for chroot path, assign new one */ if ( opts->chroot_path ) free(opts->chroot_path); if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("chrooting all users to %s", temp); } /* we must not free temp, since opts points to it */ @@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, return FALSE; } if ( facname ){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log) log_msg("setting log facility to %s", facname); log_set_facility(fac); return TRUE; @@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting umask to %#o", mask); } opts->rssh_umask = mask; @@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, */ if ( (strcmp(user, username)) ) return TRUE; if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("line %d: configuring user %s", lineno, user); } if ( !(len = eat_colon(temp + pos)) ){ @@ -969,7 +969,7 @@ cleanup: tmpmask = 077; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting %s's umask to %#o", user, tmpmask); } opts->rssh_umask = tmpmask; -- cgit v1.2.3 From 5e59643563bd22df0b6340c5a7ebf1e5a6296875 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix spelling errors in manual pages Gbp-Pq: Name 0005-Fix-spelling-errors-in-manual-pages.patch --- rssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rssh.1 b/rssh.1 index caa2636..a682f70 100644 --- a/rssh.1 +++ b/rssh.1 @@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see http://www.openssh.com), but may work with other implementations. .P The system administrator should install the shell on the restricted system. -Then the password file entry of any user for whom it is desireable to provide +Then the password file entry of any user for whom it is desirable to provide restricted access should be edited, such that their shell is \fBrssh\fP. For example: .P @@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you are trying to provide. This prevents them from running standard system commands. .P -Then, make sure the user's files inside the jail are on a seperate filesystem +Then, make sure the user's files inside the jail are on a separate filesystem from your system's executables. If possible in your environment, make sure you mount this filesystem using the .IR noexec " and " nosuid -- cgit v1.2.3 From 15f4dc1d1aac0e34c94ed52c5512fe4439a7457d Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. With multiarch, these libraries have also been moved into a subdirectory of /lib. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff and Jeremy Jongepier for their contributions. Gbp-Pq: Name 0006-Fixes-and-improvements-to-mkchroot.sh.patch --- mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/mkchroot.sh b/mkchroot.sh index 9e17d5d..8bc1ecc 100755 --- a/mkchroot.sh +++ b/mkchroot.sh @@ -1,13 +1,13 @@ -#!/bin/sh +#!/bin/bash ##################################################################### ##################################################################### ## ## mkchroot.sh - set up a chroot jail. ## -## This script is written to work for Red Hat 8/9 systems, but may work on -## other systems. Or, it may not... In fact, it may not work at all. Use at -## your own risk. :) +## This script is written to work for Red Hat 8/9 systems and adapted to work +## on Debian systems, but may work on other systems. Or, it may not... In +## fact, it may not work at all. Use at your own risk. :) ## fail() { @@ -96,9 +96,9 @@ fi # copy SSH files scp_path="/usr/bin/scp" -sftp_server_path="/usr/libexec/openssh/sftp-server" +sftp_server_path="/usr/lib/openssh/sftp-server" rssh_path="/usr/bin/rssh" -chroot_helper_path="/usr/libexec/rssh_chroot_helper" +chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do @@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ # # identify and copy libraries needed in the jail # +# Sample ldd output: +# +# linux-gate.so.1 => (0xffffe000) +# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) +# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) +# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) +# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) +# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) +# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) +# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) +# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) +# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) +# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) +# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) +# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) +# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) +# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) +# /lib/ld-linux.so.2 (0xb7f13000) +# +# either the first or the third column may contain a path +# -for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ + /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ + /lib/*/libnss_files*; do + if [ ! -f "$prog" ] ; then + continue + fi echo "Copying libraries for $prog." - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` for lib in $libs; do - mkdir -p "$jail_dir$(dirname $lib)" + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 echo -e "\t$lib" - cp "$lib" "$jail_dir$lib" + cp "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 done done +# On Debian with multiarch, the libnss files are in /lib/, where +# is the relevant architecture triplet. Just copy everything +# that's installed, since we're not sure which ones we'll need. echo "copying name service resolution libraries..." -tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' +if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +else + tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +fi ##################################################################### # @@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se # echo "Setting up /etc in the chroot jail" -mkdir -p "$jail_dir/etc" -cp /etc/nsswitch.conf "$jail_dir/etc/" -cp /etc/passwd "$jail_dir/etc/" -cp /etc/ld.* "$jail_dir/etc/" - -echo -e "Chroot jail configuration completed." -echo -e "\nNOTE: if you are not using the passwd file for authentication," -echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" - +mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 +cp /etc/nsswitch.conf "$jail_dir/etc/" || \ + fail "Error copying /etc/nsswitch.conf. Exiting" 7 +cp /etc/passwd "$jail_dir/etc/" || \ + fail "Error copying /etc/passwd. Exiting" 7 +cp -r /etc/ld.* "$jail_dir/etc/" || \ + fail "Error copying /etc/ld.*. Exiting" 7 +echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" +echo -e "to edit out unnecessary users and remove any sensitive information" +echo -e "from it." ##################################################################### # -# set up /dev/log +# set up /dev # mkdir -p "$jail_dir/dev" +if [ `whoami` = "root" ]; then + cp -a /dev/log "$jail_dir/dev" || \ + fail "Error creating /dev/log. Exiting" 8 + cp -a /dev/null "$jail_dir/dev" || \ + fail "Error creating /dev/null. Exiting" 8 + cp -a /dev/zero "$jail_dir/dev" || \ + fail "Error creating /dev/zero. Exiting" 8 +else + echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" + echo -e "You are not root.\n" +fi + +echo -e "Chroot jail configuration completed.\n" + +echo -e "NOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + +echo -e "NOTE: if you are using any programs other than scp and sftp, you will" +echo -e "need to copy the server binaries and any libraries they depend on" +echo -e "into the chroot manually. Use ldd on the binary to find the needed" +echo -e "libraries.\n" echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," echo -e "you will need to start syslog as:\n" -echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" echo -e "if it\ndoesn't, you're on your own. Sorry!\n" - - -- cgit v1.2.3 From a9c61203b9b7e381bde1795889d4b98002219af9 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Handle rsync v3 -e protocol option As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Also scan the rsync command line for any --rsh option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. Based on work by Robert Hardy. Debian Bug#471803 Gbp-Pq: Name 0007-Handle-rsync-v3-e-protocol-option.patch --- util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 72 insertions(+), 8 deletions(-) diff --git a/util.c b/util.c index ef1a5d8..b70899f 100644 --- a/util.c +++ b/util.c @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include #endif /* HAVE_LIBGEN_H */ +#include /* LOCAL INCLUDES */ #include "pathnames.h" @@ -197,6 +198,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) } +/* + * rsync_e_okay() - take the command line passed to rssh and look for an -e + * option. If one is found, make sure --server is provided + * and the option contains only the protocol information. + * Also check for and reject any --rsh option. Returns FALSE + * if the command line should not be allowed, TRUE if it is + * okay. + */ +static int rsync_e_okay( char **vec ) +{ + regex_t re; + int server = FALSE; + int e_found = FALSE; + + /* + * rsync will send -e, followed by either just "." (meaning no special + * protocol) or "N.N" (meaning a pre-release protocol version), + * followed by some number of alphabetic flags indicating various + * supported options. There may be other options between - and the e, + * but -e will always be the last option in the string. A typical + * option passed by the client is "-ltpre.iL". + * + * Note that if --server is given, this should never be parsed as a + * shell, but we'll tightly verify it anyway, just in case. + * + * This regex matches the acceptable flags containing -e, so if it + * does not match, the command line should be rejected. + */ + static const char pattern[] + = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; + + /* + * Only recognize --server if it's the first option. rsync itself + * always passes it that way, and if it's not the first argument, it + * could be hidden from the server as an argument to some other + * option. + */ + if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ + server = TRUE; + } + + /* Check the remaining options for -e or --rsh. */ + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ + return FALSE; + } + while (vec && *vec){ + if ( strcmp(*vec, "--") == 0 ) break; + if ( strcmp(*vec, "--rsh") == 0 + || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ + regfree(&re); + return FALSE; + } + if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ + e_found = TRUE; + if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ + regfree(&re); + return FALSE; + } + } + vec++; + } + regfree(&re); + if ( e_found && !server ) return FALSE; + return TRUE; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ /* filter -e option */ - if ( opt_filter(cl, 'e') ) return NULL; - while (cl && *cl){ - if ( strstr(*cl, "--rsh" ) ){ - fprintf(stderr, "\ninsecure --rsh= not allowed."); - log_msg("insecure --rsh option in rsync command line!"); - return NULL; - } - cl++; + if ( !rsync_e_okay(cl) ){ + fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); + log_msg("insecure -e or --rsh option in rsync command line!"); + return NULL; } return PATH_RSYNC; } -- cgit v1.2.3 From 25a2defadfd93396bfeb2f4c5051c997076a7aab Mon Sep 17 00:00:00 2001 From: Davide Scola Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Add support for Subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Debian Bug#284756 Signed-off-by: Russ Allbery Gbp-Pq: Name 0008-Add-support-for-Subversion-svnserve.patch --- conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ conf_convert.sh | 45 --------------------------------------------- configure.ac | 22 ++++++++++++++++++++-- main.c.in | 5 ++++- pathnames.h.in | 1 + rssh.conf.5 | 17 +++++++++++------ rssh.conf.5.in | 17 +++++++++++------ rssh.conf.default | 28 +++++++++++++++------------- rssh.h | 13 +++++++------ rssh_chroot_helper.c | 3 +++ rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- util.c | 35 ++++++++++++++++++++++++++--------- util.h | 3 ++- 13 files changed, 194 insertions(+), 93 deletions(-) create mode 100644 conf_convert delete mode 100755 conf_convert.sh diff --git a/conf_convert b/conf_convert new file mode 100644 index 0000000..a47ecba --- /dev/null +++ b/conf_convert @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff --git a/conf_convert.sh b/conf_convert.sh deleted file mode 100755 index fb0c999..0000000 --- a/conf_convert.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff --git a/configure.ac b/configure.ac index ab145b4..caeae7d 100644 --- a/configure.ac +++ b/configure.ac @@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(sftp_path) AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff --git a/main.c.in b/main.c.in index 7d1695c..b3228e5 100644 --- a/main.c.in +++ b/main.c.in @@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -267,7 +269,8 @@ void vers_info( void ) printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff --git a/pathnames.h.in b/pathnames.h.in index 17e2fb7..043d7ae 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff --git a/rssh.conf.5 b/rssh.conf.5 index 5556468..227ef88 100644 --- a/rssh.conf.5 +++ b/rssh.conf.5 @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.5.in b/rssh.conf.5.in index 913ce9d..5e16acb 100644 --- a/rssh.conf.5.in +++ b/rssh.conf.5.in @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.default b/rssh.conf.default index c847565..88833c1 100644 --- a/rssh.conf.default +++ b/rssh.conf.default @@ -11,6 +11,7 @@ logfacility = LOG_USER #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ umask = 022 ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff --git a/rssh.h b/rssh.h index d15f645..111f9a0 100644 --- a/rssh.h +++ b/rssh.h @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 7780c11..8a35cdc 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -254,6 +254,9 @@ int main( int argc, char **argv ) case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff --git a/rsshconf.c b/rsshconf.c index 564f747..459b26b 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -71,6 +71,7 @@ const char *keywords[] = { "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, int process_allow_rsync( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_svnserve( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_DEBUG); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -999,6 +1037,10 @@ cleanup: if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff --git a/util.c b/util.c index b70899f..56f67ad 100644 --- a/util.c +++ b/util.c @@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -305,6 +308,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) } return PATH_RSYNC; } + if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } /* No match, return NULL */ return NULL; } @@ -329,6 +342,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) return PATH_RDIST; if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) return PATH_RSYNC; + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) + return PATH_SVNSERVE; return NULL; } @@ -394,22 +409,24 @@ int validate_umask( const char *temp, int *mask ) * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff --git a/util.h b/util.h index 8b81201..a67eb32 100644 --- a/util.h +++ b/util.h @@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void ); -- cgit v1.2.3 From e11dc96a04525874470a17826d2df7b9d6443272 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix invalid option error Don't refer to all invalid options as invalid scp options. Gbp-Pq: Name 0001-Fix-invalid-option-error.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index f98d2bc..3affc0a 100644 --- a/util.c +++ b/util.c @@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) while (vec && *vec){ if (opt_exist(*vec, opt)){ fprintf(stderr, "\nillegal insecure %c option", opt); - log_msg("insecure %c option in scp command line!", opt); + log_msg("insecure %c option in command line!", opt); return TRUE; } vec++; -- cgit v1.2.3 From e789dad687b7703e1246ef47746fc7e3f77b5ef7 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Honor CFLAGS/CPPFLAGS passed to configure The CFLAGS from dpkg-buildflags are missing because they are overwritten in Makefile.am. The attached patch removes an incorrect build rule and passes the custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are still passed correctly. Signed-off-by: Russ Allbery Gbp-Pq: Name 0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch --- Makefile.am | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index c5b1a8d..57a4305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ## Process this file with automake to produce Makefile.in AUTOMAKE_OPTIONS = nostdinc -ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -ourflags = @defcflags@ @static@ -AM_CFLAGS = $(ourflags) +AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +AM_CFLAGS = @defcflags@ @static@ bin_PROGRAMS = rssh libexec_PROGRAMS = rssh_chroot_helper nodist_rssh_SOURCES = main.c pathnames.h config.h @@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh base=`echo @PACKAGE_STRING@|tr " " "-"` -.c.o: - $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - install-exec-hook: chmod u+s $(libexecdir)/rssh_chroot_helper -- cgit v1.2.3 From ee3ef5fabb1d137faf173d32061a34afcbfa40a3 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix buffer allocation buffer for fail message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Gbp-Pq: Name 0003-Fix-buffer-allocation-buffer-for-fail-message.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 3affc0a..ef1a5d8 100644 --- a/util.c +++ b/util.c @@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; else { - size += 18; + size += 18 + 1; if ( !(cmd = (char *)malloc(size)) ){ log_msg("fatal error: out of mem allocating log msg"); exit(1); -- cgit v1.2.3 From a850fd148ec4fb3e5cf7a71f1bed0221a4a12314 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Lower syslog priority to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Gbp-Pq: Name 0004-Lower-syslog-priority-to-debug.patch --- rsshconf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rsshconf.c b/rsshconf.c index 4b22766..564f747 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing scp to all users"); } opts->shell_flags |= RSSH_ALLOW_SCP; @@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing sftp to all users"); } opts->shell_flags |= RSSH_ALLOW_SFTP; @@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing cvs to all users"); } opts->shell_flags |= RSSH_ALLOW_CVS; @@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, lineno); return FALSE; } - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log){ log_msg("allowing rdist to all users"); opts->shell_flags |= RSSH_ALLOW_RDIST; @@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing rsync to all users"); } opts->shell_flags |= RSSH_ALLOW_RSYNC; @@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, /* get rid of any old value for chroot path, assign new one */ if ( opts->chroot_path ) free(opts->chroot_path); if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("chrooting all users to %s", temp); } /* we must not free temp, since opts points to it */ @@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, return FALSE; } if ( facname ){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log) log_msg("setting log facility to %s", facname); log_set_facility(fac); return TRUE; @@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting umask to %#o", mask); } opts->rssh_umask = mask; @@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, */ if ( (strcmp(user, username)) ) return TRUE; if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("line %d: configuring user %s", lineno, user); } if ( !(len = eat_colon(temp + pos)) ){ @@ -969,7 +969,7 @@ cleanup: tmpmask = 077; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting %s's umask to %#o", user, tmpmask); } opts->rssh_umask = tmpmask; -- cgit v1.2.3 From 593edb1154d5109c3e5c0dfae9e294ce23827e53 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix spelling errors in manual pages Gbp-Pq: Name 0005-Fix-spelling-errors-in-manual-pages.patch --- rssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rssh.1 b/rssh.1 index caa2636..a682f70 100644 --- a/rssh.1 +++ b/rssh.1 @@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see http://www.openssh.com), but may work with other implementations. .P The system administrator should install the shell on the restricted system. -Then the password file entry of any user for whom it is desireable to provide +Then the password file entry of any user for whom it is desirable to provide restricted access should be edited, such that their shell is \fBrssh\fP. For example: .P @@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you are trying to provide. This prevents them from running standard system commands. .P -Then, make sure the user's files inside the jail are on a seperate filesystem +Then, make sure the user's files inside the jail are on a separate filesystem from your system's executables. If possible in your environment, make sure you mount this filesystem using the .IR noexec " and " nosuid -- cgit v1.2.3 From d6a3c7dce3c6226048957c9a917be490cb701ad1 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. With multiarch, these libraries have also been moved into a subdirectory of /lib. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff and Jeremy Jongepier for their contributions. Gbp-Pq: Name 0006-Fixes-and-improvements-to-mkchroot.sh.patch --- mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/mkchroot.sh b/mkchroot.sh index 9e17d5d..8bc1ecc 100755 --- a/mkchroot.sh +++ b/mkchroot.sh @@ -1,13 +1,13 @@ -#!/bin/sh +#!/bin/bash ##################################################################### ##################################################################### ## ## mkchroot.sh - set up a chroot jail. ## -## This script is written to work for Red Hat 8/9 systems, but may work on -## other systems. Or, it may not... In fact, it may not work at all. Use at -## your own risk. :) +## This script is written to work for Red Hat 8/9 systems and adapted to work +## on Debian systems, but may work on other systems. Or, it may not... In +## fact, it may not work at all. Use at your own risk. :) ## fail() { @@ -96,9 +96,9 @@ fi # copy SSH files scp_path="/usr/bin/scp" -sftp_server_path="/usr/libexec/openssh/sftp-server" +sftp_server_path="/usr/lib/openssh/sftp-server" rssh_path="/usr/bin/rssh" -chroot_helper_path="/usr/libexec/rssh_chroot_helper" +chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do @@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ # # identify and copy libraries needed in the jail # +# Sample ldd output: +# +# linux-gate.so.1 => (0xffffe000) +# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) +# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) +# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) +# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) +# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) +# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) +# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) +# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) +# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) +# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) +# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) +# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) +# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) +# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) +# /lib/ld-linux.so.2 (0xb7f13000) +# +# either the first or the third column may contain a path +# -for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ + /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ + /lib/*/libnss_files*; do + if [ ! -f "$prog" ] ; then + continue + fi echo "Copying libraries for $prog." - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` for lib in $libs; do - mkdir -p "$jail_dir$(dirname $lib)" + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 echo -e "\t$lib" - cp "$lib" "$jail_dir$lib" + cp "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 done done +# On Debian with multiarch, the libnss files are in /lib/, where +# is the relevant architecture triplet. Just copy everything +# that's installed, since we're not sure which ones we'll need. echo "copying name service resolution libraries..." -tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' +if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +else + tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +fi ##################################################################### # @@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se # echo "Setting up /etc in the chroot jail" -mkdir -p "$jail_dir/etc" -cp /etc/nsswitch.conf "$jail_dir/etc/" -cp /etc/passwd "$jail_dir/etc/" -cp /etc/ld.* "$jail_dir/etc/" - -echo -e "Chroot jail configuration completed." -echo -e "\nNOTE: if you are not using the passwd file for authentication," -echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" - +mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 +cp /etc/nsswitch.conf "$jail_dir/etc/" || \ + fail "Error copying /etc/nsswitch.conf. Exiting" 7 +cp /etc/passwd "$jail_dir/etc/" || \ + fail "Error copying /etc/passwd. Exiting" 7 +cp -r /etc/ld.* "$jail_dir/etc/" || \ + fail "Error copying /etc/ld.*. Exiting" 7 +echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" +echo -e "to edit out unnecessary users and remove any sensitive information" +echo -e "from it." ##################################################################### # -# set up /dev/log +# set up /dev # mkdir -p "$jail_dir/dev" +if [ `whoami` = "root" ]; then + cp -a /dev/log "$jail_dir/dev" || \ + fail "Error creating /dev/log. Exiting" 8 + cp -a /dev/null "$jail_dir/dev" || \ + fail "Error creating /dev/null. Exiting" 8 + cp -a /dev/zero "$jail_dir/dev" || \ + fail "Error creating /dev/zero. Exiting" 8 +else + echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" + echo -e "You are not root.\n" +fi + +echo -e "Chroot jail configuration completed.\n" + +echo -e "NOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + +echo -e "NOTE: if you are using any programs other than scp and sftp, you will" +echo -e "need to copy the server binaries and any libraries they depend on" +echo -e "into the chroot manually. Use ldd on the binary to find the needed" +echo -e "libraries.\n" echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," echo -e "you will need to start syslog as:\n" -echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" echo -e "if it\ndoesn't, you're on your own. Sorry!\n" - - -- cgit v1.2.3 From 60e992ea2ea6e3d745182f1f3c71122895df6591 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Handle rsync v3 -e protocol option As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Be stricter about the rsync command line and require --server as the first argument, which disables attempts to initiate rsync outbound from the server and in turn could trigger running code specified in ssh client configuration options. Also scan the rsync command line for any --rsh option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. Based on work by Robert Hardy. Debian Bug#471803 Gbp-Pq: Name 0007-Handle-rsync-v3-e-protocol-option.patch --- util.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 68 insertions(+), 8 deletions(-) diff --git a/util.c b/util.c index ef1a5d8..6ee0799 100644 --- a/util.c +++ b/util.c @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include #endif /* HAVE_LIBGEN_H */ +#include /* LOCAL INCLUDES */ #include "pathnames.h" @@ -197,6 +198,69 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) } +/* + * rsync_okay() - require --server on all rsh command lines, check that -e + * contains only protocol information, and reject any --rsh + * option. Returns FALSE if the command line should not be + * allowed, TRUE if it is okay. + */ +static int rsync_okay( char **vec ) +{ + regex_t re; + int server = FALSE; + int e_found = FALSE; + + /* + * rsync will send -e, followed by either just "." (meaning no special + * protocol) or "N.N" (meaning a pre-release protocol version), + * followed by some number of alphabetic flags indicating various + * supported options. There may be other options between - and the e, + * but -e will always be the last option in the string. A typical + * option passed by the client is "-ltpre.iL". + * + * Note that if --server is given, this should never be parsed as a + * shell, but we'll tightly verify it anyway, just in case. + * + * This regex matches the acceptable flags containing -e, so if it + * does not match, the command line should be rejected. + */ + static const char pattern[] + = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; + + /* + * Only recognize --server if it's the first option. rsync itself + * always passes it that way, and if it's not the first argument, it + * could be hidden from the server as an argument to some other + * option. + */ + if ( !(vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0) ) + return FALSE; + + /* Check the remaining options for -e or --rsh. */ + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ + return FALSE; + } + while (vec && *vec){ + if ( strcmp(*vec, "--") == 0 ) break; + if ( strcmp(*vec, "--rsh") == 0 + || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ + regfree(&re); + return FALSE; + } + if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ + e_found = TRUE; + if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ + regfree(&re); + return FALSE; + } + } + vec++; + } + regfree(&re); + return TRUE; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -230,14 +294,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ /* filter -e option */ - if ( opt_filter(cl, 'e') ) return NULL; - while (cl && *cl){ - if ( strstr(*cl, "--rsh" ) ){ - fprintf(stderr, "\ninsecure --rsh= not allowed."); - log_msg("insecure --rsh option in rsync command line!"); - return NULL; - } - cl++; + if ( !rsync_okay(cl) ){ + fprintf(stderr, "\ninsecure rsync options not allowed."); + log_msg("insecure rsync options in rsync command line!"); + return NULL; } return PATH_RSYNC; } -- cgit v1.2.3 From fe64344d194d0ea06a26de04041675995623597e Mon Sep 17 00:00:00 2001 From: Davide Scola Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Add support for Subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Debian Bug#284756 Signed-off-by: Russ Allbery Gbp-Pq: Name 0008-Add-support-for-Subversion-svnserve.patch --- conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ conf_convert.sh | 45 --------------------------------------------- configure.ac | 22 ++++++++++++++++++++-- main.c.in | 5 ++++- pathnames.h.in | 1 + rssh.conf.5 | 17 +++++++++++------ rssh.conf.5.in | 17 +++++++++++------ rssh.conf.default | 28 +++++++++++++++------------- rssh.h | 13 +++++++------ rssh_chroot_helper.c | 3 +++ rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- util.c | 35 ++++++++++++++++++++++++++--------- util.h | 3 ++- 13 files changed, 194 insertions(+), 93 deletions(-) create mode 100644 conf_convert delete mode 100755 conf_convert.sh diff --git a/conf_convert b/conf_convert new file mode 100644 index 0000000..a47ecba --- /dev/null +++ b/conf_convert @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff --git a/conf_convert.sh b/conf_convert.sh deleted file mode 100755 index fb0c999..0000000 --- a/conf_convert.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff --git a/configure.ac b/configure.ac index ab145b4..caeae7d 100644 --- a/configure.ac +++ b/configure.ac @@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(sftp_path) AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff --git a/main.c.in b/main.c.in index 7d1695c..b3228e5 100644 --- a/main.c.in +++ b/main.c.in @@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -267,7 +269,8 @@ void vers_info( void ) printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff --git a/pathnames.h.in b/pathnames.h.in index 17e2fb7..043d7ae 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff --git a/rssh.conf.5 b/rssh.conf.5 index 5556468..227ef88 100644 --- a/rssh.conf.5 +++ b/rssh.conf.5 @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.5.in b/rssh.conf.5.in index 913ce9d..5e16acb 100644 --- a/rssh.conf.5.in +++ b/rssh.conf.5.in @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.default b/rssh.conf.default index c847565..88833c1 100644 --- a/rssh.conf.default +++ b/rssh.conf.default @@ -11,6 +11,7 @@ logfacility = LOG_USER #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ umask = 022 ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff --git a/rssh.h b/rssh.h index d15f645..111f9a0 100644 --- a/rssh.h +++ b/rssh.h @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 7780c11..8a35cdc 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -254,6 +254,9 @@ int main( int argc, char **argv ) case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff --git a/rsshconf.c b/rsshconf.c index 564f747..459b26b 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -71,6 +71,7 @@ const char *keywords[] = { "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, int process_allow_rsync( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_svnserve( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_DEBUG); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -999,6 +1037,10 @@ cleanup: if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff --git a/util.c b/util.c index 6ee0799..3ec01e1 100644 --- a/util.c +++ b/util.c @@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -301,6 +304,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) } return PATH_RSYNC; } + if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } /* No match, return NULL */ return NULL; } @@ -325,6 +338,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) return PATH_RDIST; if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) return PATH_RSYNC; + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) + return PATH_SVNSERVE; return NULL; } @@ -390,22 +405,24 @@ int validate_umask( const char *temp, int *mask ) * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff --git a/util.h b/util.h index 8b81201..a67eb32 100644 --- a/util.h +++ b/util.h @@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void ); -- cgit v1.2.3 From e866e2488842d49df76a581c9fce6847f3389a96 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Thu, 17 Jan 2019 19:21:40 -0800 Subject: Verify scp command options ESnet discovered a security vulnerability in the scp backend for rssh. Since the arguments to scp on the server side were not checked, the client could pass in arbitrary scp command-line flags, including setting arbitrary scp options. This allows setting the option PKCS11Provider, which loads and executes code from a shared module. Even if the -o flag is blocked, this is still possible via -F to load an already-uploaded ssh configuration file, or, if .ssh/config is writable, by just uploading that configuration file directly first. Attempt to protect against this attack by checking the command line of scp and only allowing the options that are passed to the server end of the connection. Specifically, do not allow multiple non-option arguments, which attempts to prevent causing the server to initiate an scp command. (This will break scp -3 through rssh, which seems like an acceptable tradeoff.) Debian Bug#919623 Gbp-Pq: Name 0009-Verify-scp-command-options.patch --- util.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c index 3ec01e1..6e668c9 100644 --- a/util.c +++ b/util.c @@ -264,6 +264,45 @@ static int rsync_okay( char **vec ) } +/* + * scp_okay() - take the command line and check that it is a hopefully-safe scp + * server command line, accepting only very specific options. + * Returns FALSE if the command line should not be allowed, TRUE + * if it is okay. + */ +static int scp_okay( char **vec ) +{ + int saw_file = FALSE; + int saw_end = FALSE; + + for ( vec++; vec && *vec; vec++ ){ + /* Allowed options. */ + if ( !saw_end ) { + if ( strcmp(*vec, "-v") == 0 ) continue; + if ( strcmp(*vec, "-r") == 0 ) continue; + if ( strcmp(*vec, "-p") == 0 ) continue; + if ( strcmp(*vec, "-d") == 0 ) continue; + if ( strcmp(*vec, "-f") == 0 ) continue; + if ( strcmp(*vec, "-t") == 0 ) continue; + } + + /* End of arguments. One more argument allowed after this. */ + if ( !saw_end && strcmp(*vec, "--") == 0 ){ + saw_end = TRUE; + continue; + } + + /* No other options allowed, but allow file starting with -. */ + if ( *vec[0] == '-' && !saw_end ) return FALSE; + if ( saw_file ) return FALSE; + saw_file = TRUE; + } + + /* We must have seen a single file. */ + return saw_file; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -279,8 +318,11 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) return PATH_SFTP_SERVER; if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ - /* filter -S option */ - if ( opt_filter(cl, 'S') ) return NULL; + if ( !scp_okay(cl) ){ + fprintf(stderr, "\ninsecure scp option not allowed."); + log_msg("insecure scp option in scp command line"); + return NULL; + } return PATH_SCP; } -- cgit v1.2.3 From 1b705443c958ccaeea151d34e7e3720a5b0a7b32 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 28 Jan 2019 20:15:30 -0800 Subject: Check command line after chroot When a command was configured with a chroot, rssh did not check the safety of the command line after chroot, allowing various vectors of remote code execution inside the chroot environment. Perform the same check after chroot as is performed before running the command when a chroot is not configured. Gbp-Pq: Name 0010-Check-command-line-after-chroot.patch --- rssh_chroot_helper.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 8a35cdc..73d8c7b 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -218,6 +218,12 @@ int main( int argc, char **argv ) ch_fatal_error("build_arg_vector()", argv[2], "bad expansion"); + /* check the command for safety */ + if ( !check_command_line(argvec, &opts) ){ + fprintf(stderr, "\n"); + exit(1); + } + /* * This is the old way to figure out what program to run. Since we're * re-parsing the config file in rssh_chroot helper, we could get rid -- cgit v1.2.3 From 656a11c38f7ddb38ba4419d034d3f6ab44c0cf56 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix invalid option error Don't refer to all invalid options as invalid scp options. Gbp-Pq: Name 0001-Fix-invalid-option-error.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index f98d2bc..3affc0a 100644 --- a/util.c +++ b/util.c @@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) while (vec && *vec){ if (opt_exist(*vec, opt)){ fprintf(stderr, "\nillegal insecure %c option", opt); - log_msg("insecure %c option in scp command line!", opt); + log_msg("insecure %c option in command line!", opt); return TRUE; } vec++; -- cgit v1.2.3 From 785cd2deda4795d0bb0394f09f56cbff39a8b69f Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Honor CFLAGS/CPPFLAGS passed to configure The CFLAGS from dpkg-buildflags are missing because they are overwritten in Makefile.am. The attached patch removes an incorrect build rule and passes the custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are still passed correctly. Signed-off-by: Russ Allbery Gbp-Pq: Name 0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch --- Makefile.am | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index c5b1a8d..57a4305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ## Process this file with automake to produce Makefile.in AUTOMAKE_OPTIONS = nostdinc -ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -ourflags = @defcflags@ @static@ -AM_CFLAGS = $(ourflags) +AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +AM_CFLAGS = @defcflags@ @static@ bin_PROGRAMS = rssh libexec_PROGRAMS = rssh_chroot_helper nodist_rssh_SOURCES = main.c pathnames.h config.h @@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh base=`echo @PACKAGE_STRING@|tr " " "-"` -.c.o: - $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - install-exec-hook: chmod u+s $(libexecdir)/rssh_chroot_helper -- cgit v1.2.3 From df117f2346fb8f8cb876a1e72c32f37ea773c9be Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix buffer allocation buffer for fail message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Gbp-Pq: Name 0003-Fix-buffer-allocation-buffer-for-fail-message.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 3affc0a..ef1a5d8 100644 --- a/util.c +++ b/util.c @@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; else { - size += 18; + size += 18 + 1; if ( !(cmd = (char *)malloc(size)) ){ log_msg("fatal error: out of mem allocating log msg"); exit(1); -- cgit v1.2.3 From ab4c33efc1ddf3064008bea0338a5ef6a90cf68f Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Lower syslog priority to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Gbp-Pq: Name 0004-Lower-syslog-priority-to-debug.patch --- rsshconf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rsshconf.c b/rsshconf.c index 4b22766..564f747 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing scp to all users"); } opts->shell_flags |= RSSH_ALLOW_SCP; @@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing sftp to all users"); } opts->shell_flags |= RSSH_ALLOW_SFTP; @@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing cvs to all users"); } opts->shell_flags |= RSSH_ALLOW_CVS; @@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, lineno); return FALSE; } - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log){ log_msg("allowing rdist to all users"); opts->shell_flags |= RSSH_ALLOW_RDIST; @@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing rsync to all users"); } opts->shell_flags |= RSSH_ALLOW_RSYNC; @@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, /* get rid of any old value for chroot path, assign new one */ if ( opts->chroot_path ) free(opts->chroot_path); if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("chrooting all users to %s", temp); } /* we must not free temp, since opts points to it */ @@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, return FALSE; } if ( facname ){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log) log_msg("setting log facility to %s", facname); log_set_facility(fac); return TRUE; @@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting umask to %#o", mask); } opts->rssh_umask = mask; @@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, */ if ( (strcmp(user, username)) ) return TRUE; if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("line %d: configuring user %s", lineno, user); } if ( !(len = eat_colon(temp + pos)) ){ @@ -969,7 +969,7 @@ cleanup: tmpmask = 077; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting %s's umask to %#o", user, tmpmask); } opts->rssh_umask = tmpmask; -- cgit v1.2.3 From fc56bf5f3a2a85c712305a84c81a2f867d4853e7 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix spelling errors in manual pages Gbp-Pq: Name 0005-Fix-spelling-errors-in-manual-pages.patch --- rssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rssh.1 b/rssh.1 index caa2636..a682f70 100644 --- a/rssh.1 +++ b/rssh.1 @@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see http://www.openssh.com), but may work with other implementations. .P The system administrator should install the shell on the restricted system. -Then the password file entry of any user for whom it is desireable to provide +Then the password file entry of any user for whom it is desirable to provide restricted access should be edited, such that their shell is \fBrssh\fP. For example: .P @@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you are trying to provide. This prevents them from running standard system commands. .P -Then, make sure the user's files inside the jail are on a seperate filesystem +Then, make sure the user's files inside the jail are on a separate filesystem from your system's executables. If possible in your environment, make sure you mount this filesystem using the .IR noexec " and " nosuid -- cgit v1.2.3 From d1e875777db3cfa6806ee49758d23f2a426526e1 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. With multiarch, these libraries have also been moved into a subdirectory of /lib. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff and Jeremy Jongepier for their contributions. Gbp-Pq: Name 0006-Fixes-and-improvements-to-mkchroot.sh.patch --- mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/mkchroot.sh b/mkchroot.sh index 9e17d5d..8bc1ecc 100755 --- a/mkchroot.sh +++ b/mkchroot.sh @@ -1,13 +1,13 @@ -#!/bin/sh +#!/bin/bash ##################################################################### ##################################################################### ## ## mkchroot.sh - set up a chroot jail. ## -## This script is written to work for Red Hat 8/9 systems, but may work on -## other systems. Or, it may not... In fact, it may not work at all. Use at -## your own risk. :) +## This script is written to work for Red Hat 8/9 systems and adapted to work +## on Debian systems, but may work on other systems. Or, it may not... In +## fact, it may not work at all. Use at your own risk. :) ## fail() { @@ -96,9 +96,9 @@ fi # copy SSH files scp_path="/usr/bin/scp" -sftp_server_path="/usr/libexec/openssh/sftp-server" +sftp_server_path="/usr/lib/openssh/sftp-server" rssh_path="/usr/bin/rssh" -chroot_helper_path="/usr/libexec/rssh_chroot_helper" +chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do @@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ # # identify and copy libraries needed in the jail # +# Sample ldd output: +# +# linux-gate.so.1 => (0xffffe000) +# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) +# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) +# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) +# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) +# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) +# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) +# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) +# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) +# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) +# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) +# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) +# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) +# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) +# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) +# /lib/ld-linux.so.2 (0xb7f13000) +# +# either the first or the third column may contain a path +# -for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ + /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ + /lib/*/libnss_files*; do + if [ ! -f "$prog" ] ; then + continue + fi echo "Copying libraries for $prog." - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` for lib in $libs; do - mkdir -p "$jail_dir$(dirname $lib)" + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 echo -e "\t$lib" - cp "$lib" "$jail_dir$lib" + cp "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 done done +# On Debian with multiarch, the libnss files are in /lib/, where +# is the relevant architecture triplet. Just copy everything +# that's installed, since we're not sure which ones we'll need. echo "copying name service resolution libraries..." -tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' +if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +else + tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +fi ##################################################################### # @@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se # echo "Setting up /etc in the chroot jail" -mkdir -p "$jail_dir/etc" -cp /etc/nsswitch.conf "$jail_dir/etc/" -cp /etc/passwd "$jail_dir/etc/" -cp /etc/ld.* "$jail_dir/etc/" - -echo -e "Chroot jail configuration completed." -echo -e "\nNOTE: if you are not using the passwd file for authentication," -echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" - +mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 +cp /etc/nsswitch.conf "$jail_dir/etc/" || \ + fail "Error copying /etc/nsswitch.conf. Exiting" 7 +cp /etc/passwd "$jail_dir/etc/" || \ + fail "Error copying /etc/passwd. Exiting" 7 +cp -r /etc/ld.* "$jail_dir/etc/" || \ + fail "Error copying /etc/ld.*. Exiting" 7 +echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" +echo -e "to edit out unnecessary users and remove any sensitive information" +echo -e "from it." ##################################################################### # -# set up /dev/log +# set up /dev # mkdir -p "$jail_dir/dev" +if [ `whoami` = "root" ]; then + cp -a /dev/log "$jail_dir/dev" || \ + fail "Error creating /dev/log. Exiting" 8 + cp -a /dev/null "$jail_dir/dev" || \ + fail "Error creating /dev/null. Exiting" 8 + cp -a /dev/zero "$jail_dir/dev" || \ + fail "Error creating /dev/zero. Exiting" 8 +else + echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" + echo -e "You are not root.\n" +fi + +echo -e "Chroot jail configuration completed.\n" + +echo -e "NOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + +echo -e "NOTE: if you are using any programs other than scp and sftp, you will" +echo -e "need to copy the server binaries and any libraries they depend on" +echo -e "into the chroot manually. Use ldd on the binary to find the needed" +echo -e "libraries.\n" echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," echo -e "you will need to start syslog as:\n" -echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" echo -e "if it\ndoesn't, you're on your own. Sorry!\n" - - -- cgit v1.2.3 From fa18600bc1160c2b0464214f1a11855cc1015be0 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Verify rsync command options As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Be stricter about the rsync command line and require --server as the first argument, which disables attempts to initiate rsync outbound from the server and in turn could trigger running code specified in ssh client configuration options. Also scan the rsync command line for any --rsh, --config, or --daemon option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. --config can be used to run commands via "pre-xfer exec" when running as a daemon, plus the client should not be able to spawn daemons. Unset the HOME environment variable to prevent popt from loading a ~/.popt configuration file, which could redefine rsync command-line options like --server to instead mean some unsafe option, or even run commands directly. Based on work by Robert Hardy and a report by Nick Cleaton. Debian Bug#471803 Gbp-Pq: Name 0007-Verify-rsync-command-options.patch --- util.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 83 insertions(+), 9 deletions(-) diff --git a/util.c b/util.c index ef1a5d8..760e4c7 100644 --- a/util.c +++ b/util.c @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include #endif /* HAVE_LIBGEN_H */ +#include /* LOCAL INCLUDES */ #include "pathnames.h" @@ -197,6 +198,68 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) } +/* + * rsync_okay() - require --server on all rsh command lines, check that -e + * contains only protocol information, and reject any --rsh, + * --config, or --daemon option. Returns FALSE if the command + * line should not be allowed, TRUE if it is okay. + */ +static int rsync_okay( char **vec ) +{ + regex_t re; + + /* + * rsync will send -e, followed by either just "." (meaning no special + * protocol) or "N.N" (meaning a pre-release protocol version), + * followed by some number of alphabetic flags indicating various + * supported options. There may be other options between - and the e, + * but -e will always be the last option in the string. A typical + * option passed by the client is "-ltpre.iL". + * + * Note that if --server is given, this should never be parsed as a + * shell, but we'll tightly verify it anyway, just in case. + * + * This regex matches the acceptable flags containing -e, so if it + * does not match, the command line should be rejected. + */ + static const char pattern[] + = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; + + /* + * Only recognize --server if it's the first option. rsync itself + * always passes it that way, and if it's not the first argument, it + * could be hidden from the server as an argument to some other + * option. + */ + if ( !(vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0) ) + return FALSE; + + /* Check the remaining options for -e or --rsh. */ + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ + return FALSE; + } + while (vec && *vec){ + if ( strcmp(*vec, "--rsh") == 0 + || strcmp(*vec, "--daemon") == 0 + || strcmp(*vec, "--config") == 0 + || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 + || strncmp(*vec, "--config=", strlen("--config=")) == 0 ){ + regfree(&re); + return FALSE; + } + if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ + if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ + regfree(&re); + return FALSE; + } + } + vec++; + } + regfree(&re); + return TRUE; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -229,16 +292,27 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) } if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ - /* filter -e option */ - if ( opt_filter(cl, 'e') ) return NULL; - while (cl && *cl){ - if ( strstr(*cl, "--rsh" ) ){ - fprintf(stderr, "\ninsecure --rsh= not allowed."); - log_msg("insecure --rsh option in rsync command line!"); - return NULL; - } - cl++; + if ( !rsync_okay(cl) ){ + fprintf(stderr, "\ninsecure rsync options not allowed."); + log_msg("insecure rsync options in rsync command line!"); + return NULL; } + + /* + * rsync is linked with popt, which recognizes a configuration + * file ~/.popt that can, among other things, define aliases. + * If someone can write to the home directory of the rssh + * user, they can upload a ~/.popt file that contains + * something like "rsync alias --server --rsh" and then + * execute commands they upload. popt does not try to read + * its configuration file if HOME is not set, so unset HOME to + * disable this behavior. + */ + if ( unsetenv("HOME") < 0 ){ + log_msg("cannot unsetenv() HOME"); + return NULL; + } + return PATH_RSYNC; } /* No match, return NULL */ -- cgit v1.2.3 From 97ac74b27ab93051d334336571b6305119ea4b09 Mon Sep 17 00:00:00 2001 From: Davide Scola Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Add support for Subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Debian Bug#284756 Signed-off-by: Russ Allbery Gbp-Pq: Name 0008-Add-support-for-Subversion-svnserve.patch --- conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ conf_convert.sh | 45 --------------------------------------------- configure.ac | 22 ++++++++++++++++++++-- main.c.in | 5 ++++- pathnames.h.in | 1 + rssh.conf.5 | 17 +++++++++++------ rssh.conf.5.in | 17 +++++++++++------ rssh.conf.default | 28 +++++++++++++++------------- rssh.h | 13 +++++++------ rssh_chroot_helper.c | 3 +++ rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- util.c | 35 ++++++++++++++++++++++++++--------- util.h | 3 ++- 13 files changed, 194 insertions(+), 93 deletions(-) create mode 100644 conf_convert delete mode 100755 conf_convert.sh diff --git a/conf_convert b/conf_convert new file mode 100644 index 0000000..a47ecba --- /dev/null +++ b/conf_convert @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff --git a/conf_convert.sh b/conf_convert.sh deleted file mode 100755 index fb0c999..0000000 --- a/conf_convert.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff --git a/configure.ac b/configure.ac index ab145b4..caeae7d 100644 --- a/configure.ac +++ b/configure.ac @@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(sftp_path) AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff --git a/main.c.in b/main.c.in index 7d1695c..b3228e5 100644 --- a/main.c.in +++ b/main.c.in @@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -267,7 +269,8 @@ void vers_info( void ) printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff --git a/pathnames.h.in b/pathnames.h.in index 17e2fb7..043d7ae 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff --git a/rssh.conf.5 b/rssh.conf.5 index 5556468..227ef88 100644 --- a/rssh.conf.5 +++ b/rssh.conf.5 @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.5.in b/rssh.conf.5.in index 913ce9d..5e16acb 100644 --- a/rssh.conf.5.in +++ b/rssh.conf.5.in @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.default b/rssh.conf.default index c847565..88833c1 100644 --- a/rssh.conf.default +++ b/rssh.conf.default @@ -11,6 +11,7 @@ logfacility = LOG_USER #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ umask = 022 ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff --git a/rssh.h b/rssh.h index d15f645..111f9a0 100644 --- a/rssh.h +++ b/rssh.h @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 7780c11..8a35cdc 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -254,6 +254,9 @@ int main( int argc, char **argv ) case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff --git a/rsshconf.c b/rsshconf.c index 564f747..459b26b 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -71,6 +71,7 @@ const char *keywords[] = { "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, int process_allow_rsync( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_svnserve( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_DEBUG); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -999,6 +1037,10 @@ cleanup: if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff --git a/util.c b/util.c index 760e4c7..52a751b 100644 --- a/util.c +++ b/util.c @@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -315,6 +318,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) return PATH_RSYNC; } + if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } /* No match, return NULL */ return NULL; } @@ -339,6 +352,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) return PATH_RDIST; if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) return PATH_RSYNC; + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) + return PATH_SVNSERVE; return NULL; } @@ -404,22 +419,24 @@ int validate_umask( const char *temp, int *mask ) * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff --git a/util.h b/util.h index 8b81201..a67eb32 100644 --- a/util.h +++ b/util.h @@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void ); -- cgit v1.2.3 From b50e97c715cce88248cfc86fc6ec89b6796eef33 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Thu, 17 Jan 2019 19:21:40 -0800 Subject: Verify scp command options ESnet discovered a security vulnerability in the scp backend for rssh. Since the arguments to scp on the server side were not checked, the client could pass in arbitrary scp command-line flags, including setting arbitrary scp options. This allows setting the option PKCS11Provider, which loads and executes code from a shared module. Even if the -o flag is blocked, this is still possible via -F to load an already-uploaded ssh configuration file, or, if .ssh/config is writable, by just uploading that configuration file directly first. Attempt to protect against this attack by checking the command line of scp and only allowing the options that are passed to the server end of the connection. Specifically, do not allow multiple non-option arguments, which attempts to prevent causing the server to initiate an scp command. (This will break scp -3 through rssh, which seems like an acceptable tradeoff.) Debian Bug#919623 Gbp-Pq: Name 0009-Verify-scp-command-options.patch --- util.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c index 52a751b..4d58616 100644 --- a/util.c +++ b/util.c @@ -263,6 +263,45 @@ static int rsync_okay( char **vec ) } +/* + * scp_okay() - take the command line and check that it is a hopefully-safe scp + * server command line, accepting only very specific options. + * Returns FALSE if the command line should not be allowed, TRUE + * if it is okay. + */ +static int scp_okay( char **vec ) +{ + int saw_file = FALSE; + int saw_end = FALSE; + + for ( vec++; vec && *vec; vec++ ){ + /* Allowed options. */ + if ( !saw_end ) { + if ( strcmp(*vec, "-v") == 0 ) continue; + if ( strcmp(*vec, "-r") == 0 ) continue; + if ( strcmp(*vec, "-p") == 0 ) continue; + if ( strcmp(*vec, "-d") == 0 ) continue; + if ( strcmp(*vec, "-f") == 0 ) continue; + if ( strcmp(*vec, "-t") == 0 ) continue; + } + + /* End of arguments. One more argument allowed after this. */ + if ( !saw_end && strcmp(*vec, "--") == 0 ){ + saw_end = TRUE; + continue; + } + + /* No other options allowed, but allow file starting with -. */ + if ( *vec[0] == '-' && !saw_end ) return FALSE; + if ( saw_file ) return FALSE; + saw_file = TRUE; + } + + /* We must have seen a single file. */ + return saw_file; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -278,8 +317,11 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) return PATH_SFTP_SERVER; if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ - /* filter -S option */ - if ( opt_filter(cl, 'S') ) return NULL; + if ( !scp_okay(cl) ){ + fprintf(stderr, "\ninsecure scp option not allowed."); + log_msg("insecure scp option in scp command line"); + return NULL; + } return PATH_SCP; } -- cgit v1.2.3 From caadd4b68c77174ca4d024ec603498ef07779f4d Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 28 Jan 2019 20:15:30 -0800 Subject: Check command line after chroot When a command was configured with a chroot, rssh did not check the safety of the command line after chroot, allowing various vectors of remote code execution inside the chroot environment. Perform the same check after chroot as is performed before running the command when a chroot is not configured. Gbp-Pq: Name 0010-Check-command-line-after-chroot.patch --- rssh_chroot_helper.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 8a35cdc..73d8c7b 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -218,6 +218,12 @@ int main( int argc, char **argv ) ch_fatal_error("build_arg_vector()", argv[2], "bad expansion"); + /* check the command for safety */ + if ( !check_command_line(argvec, &opts) ){ + fprintf(stderr, "\n"); + exit(1); + } + /* * This is the old way to figure out what program to run. Since we're * re-parsing the config file in rssh_chroot helper, we could get rid -- cgit v1.2.3 From 64df3dcd647318a12debf94482bf101d2e4a71cf Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix invalid option error Don't refer to all invalid options as invalid scp options. Gbp-Pq: Name 0001-Fix-invalid-option-error.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index f98d2bc..3affc0a 100644 --- a/util.c +++ b/util.c @@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt) while (vec && *vec){ if (opt_exist(*vec, opt)){ fprintf(stderr, "\nillegal insecure %c option", opt); - log_msg("insecure %c option in scp command line!", opt); + log_msg("insecure %c option in command line!", opt); return TRUE; } vec++; -- cgit v1.2.3 From c227af2151f439bbca3598176ad8d995ab39903b Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Honor CFLAGS/CPPFLAGS passed to configure The CFLAGS from dpkg-buildflags are missing because they are overwritten in Makefile.am. The attached patch removes an incorrect build rule and passes the custom flags through AM_CFLAGS/AM_CPPFLAGS. All custom flags are still passed correctly. Signed-off-by: Russ Allbery Gbp-Pq: Name 0002-Honor-CFLAGS-CPPFLAGS-passed-to-configure.patch --- Makefile.am | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Makefile.am b/Makefile.am index c5b1a8d..57a4305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,8 +1,7 @@ ## Process this file with automake to produce Makefile.in AUTOMAKE_OPTIONS = nostdinc -ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -ourflags = @defcflags@ @static@ -AM_CFLAGS = $(ourflags) +AM_CPPFLAGS = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" +AM_CFLAGS = @defcflags@ @static@ bin_PROGRAMS = rssh libexec_PROGRAMS = rssh_chroot_helper nodist_rssh_SOURCES = main.c pathnames.h config.h @@ -15,9 +14,6 @@ man_MANS = rssh.1 rssh.conf.5 EXTRA_DIST = $(man_MANS) CHROOT SECURITY LICENSE rssh.spec mkchroot.sh conf_convert.sh base=`echo @PACKAGE_STRING@|tr " " "-"` -.c.o: - $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - install-exec-hook: chmod u+s $(libexecdir)/rssh_chroot_helper -- cgit v1.2.3 From bc5fc74e16d1f7884ebf450e70adac221949234a Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix buffer allocation buffer for fail message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Gbp-Pq: Name 0003-Fix-buffer-allocation-buffer-for-fail-message.patch --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 3affc0a..ef1a5d8 100644 --- a/util.c +++ b/util.c @@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; else { - size += 18; + size += 18 + 1; if ( !(cmd = (char *)malloc(size)) ){ log_msg("fatal error: out of mem allocating log msg"); exit(1); -- cgit v1.2.3 From 16d5dbbadc4822ddf86d68c9f9633449030fbad0 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Lower syslog priority to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Gbp-Pq: Name 0004-Lower-syslog-priority-to-debug.patch --- rsshconf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rsshconf.c b/rsshconf.c index 4b22766..564f747 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing scp to all users"); } opts->shell_flags |= RSSH_ALLOW_SCP; @@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing sftp to all users"); } opts->shell_flags |= RSSH_ALLOW_SFTP; @@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing cvs to all users"); } opts->shell_flags |= RSSH_ALLOW_CVS; @@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, lineno); return FALSE; } - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log){ log_msg("allowing rdist to all users"); opts->shell_flags |= RSSH_ALLOW_RDIST; @@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("allowing rsync to all users"); } opts->shell_flags |= RSSH_ALLOW_RSYNC; @@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, /* get rid of any old value for chroot path, assign new one */ if ( opts->chroot_path ) free(opts->chroot_path); if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("chrooting all users to %s", temp); } /* we must not free temp, since opts points to it */ @@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, return FALSE; } if ( facname ){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); if (log) log_msg("setting log facility to %s", facname); log_set_facility(fac); return TRUE; @@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, return FALSE; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting umask to %#o", mask); } opts->rssh_umask = mask; @@ -888,7 +888,7 @@ int process_user( ShellOptions_t *opts, */ if ( (strcmp(user, username)) ) return TRUE; if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("line %d: configuring user %s", lineno, user); } if ( !(len = eat_colon(temp + pos)) ){ @@ -969,7 +969,7 @@ cleanup: tmpmask = 077; } if (log){ - log_set_priority(LOG_INFO); + log_set_priority(LOG_DEBUG); log_msg("setting %s's umask to %#o", user, tmpmask); } opts->rssh_umask = tmpmask; -- cgit v1.2.3 From 7d01d844ac6227639656c53029e1190357157ff5 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:55 -0800 Subject: Fix spelling errors in manual pages Gbp-Pq: Name 0005-Fix-spelling-errors-in-manual-pages.patch --- rssh.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rssh.1 b/rssh.1 index caa2636..a682f70 100644 --- a/rssh.1 +++ b/rssh.1 @@ -24,7 +24,7 @@ those commands. It is intended primarily to work with OpenSSH (see http://www.openssh.com), but may work with other implementations. .P The system administrator should install the shell on the restricted system. -Then the password file entry of any user for whom it is desireable to provide +Then the password file entry of any user for whom it is desirable to provide restricted access should be edited, such that their shell is \fBrssh\fP. For example: .P @@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you are trying to provide. This prevents them from running standard system commands. .P -Then, make sure the user's files inside the jail are on a seperate filesystem +Then, make sure the user's files inside the jail are on a separate filesystem from your system's executables. If possible in your environment, make sure you mount this filesystem using the .IR noexec " and " nosuid -- cgit v1.2.3 From ec5979f15f6d0b2bc7888bd96a614b4e93d0abe2 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. With multiarch, these libraries have also been moved into a subdirectory of /lib. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff and Jeremy Jongepier for their contributions. Gbp-Pq: Name 0006-Fixes-and-improvements-to-mkchroot.sh.patch --- mkchroot.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/mkchroot.sh b/mkchroot.sh index 9e17d5d..8bc1ecc 100755 --- a/mkchroot.sh +++ b/mkchroot.sh @@ -1,13 +1,13 @@ -#!/bin/sh +#!/bin/bash ##################################################################### ##################################################################### ## ## mkchroot.sh - set up a chroot jail. ## -## This script is written to work for Red Hat 8/9 systems, but may work on -## other systems. Or, it may not... In fact, it may not work at all. Use at -## your own risk. :) +## This script is written to work for Red Hat 8/9 systems and adapted to work +## on Debian systems, but may work on other systems. Or, it may not... In +## fact, it may not work at all. Use at your own risk. :) ## fail() { @@ -96,9 +96,9 @@ fi # copy SSH files scp_path="/usr/bin/scp" -sftp_server_path="/usr/libexec/openssh/sftp-server" +sftp_server_path="/usr/lib/openssh/sftp-server" rssh_path="/usr/bin/rssh" -chroot_helper_path="/usr/libexec/rssh_chroot_helper" +chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do @@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ # # identify and copy libraries needed in the jail # +# Sample ldd output: +# +# linux-gate.so.1 => (0xffffe000) +# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) +# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) +# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) +# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) +# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) +# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) +# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) +# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) +# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) +# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) +# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) +# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) +# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) +# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) +# /lib/ld-linux.so.2 (0xb7f13000) +# +# either the first or the third column may contain a path +# -for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do +for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ + /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_compat* \ + /lib/*/libnss_files*; do + if [ ! -f "$prog" ] ; then + continue + fi echo "Copying libraries for $prog." - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` + libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` for lib in $libs; do - mkdir -p "$jail_dir$(dirname $lib)" + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 echo -e "\t$lib" - cp "$lib" "$jail_dir$lib" + cp "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 done done +# On Debian with multiarch, the libnss files are in /lib/, where +# is the relevant architecture triplet. Just copy everything +# that's installed, since we're not sure which ones we'll need. echo "copying name service resolution libraries..." -tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' +if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +else + tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' +fi ##################################################################### # @@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se # echo "Setting up /etc in the chroot jail" -mkdir -p "$jail_dir/etc" -cp /etc/nsswitch.conf "$jail_dir/etc/" -cp /etc/passwd "$jail_dir/etc/" -cp /etc/ld.* "$jail_dir/etc/" - -echo -e "Chroot jail configuration completed." -echo -e "\nNOTE: if you are not using the passwd file for authentication," -echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" - +mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 +cp /etc/nsswitch.conf "$jail_dir/etc/" || \ + fail "Error copying /etc/nsswitch.conf. Exiting" 7 +cp /etc/passwd "$jail_dir/etc/" || \ + fail "Error copying /etc/passwd. Exiting" 7 +cp -r /etc/ld.* "$jail_dir/etc/" || \ + fail "Error copying /etc/ld.*. Exiting" 7 +echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" +echo -e "to edit out unnecessary users and remove any sensitive information" +echo -e "from it." ##################################################################### # -# set up /dev/log +# set up /dev # mkdir -p "$jail_dir/dev" +if [ `whoami` = "root" ]; then + cp -a /dev/log "$jail_dir/dev" || \ + fail "Error creating /dev/log. Exiting" 8 + cp -a /dev/null "$jail_dir/dev" || \ + fail "Error creating /dev/null. Exiting" 8 + cp -a /dev/zero "$jail_dir/dev" || \ + fail "Error creating /dev/zero. Exiting" 8 +else + echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" + echo -e "You are not root.\n" +fi + +echo -e "Chroot jail configuration completed.\n" + +echo -e "NOTE: if you are not using the passwd file for authentication," +echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" + +echo -e "NOTE: if you are using any programs other than scp and sftp, you will" +echo -e "need to copy the server binaries and any libraries they depend on" +echo -e "into the chroot manually. Use ldd on the binary to find the needed" +echo -e "libraries.\n" echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," echo -e "you will need to start syslog as:\n" -echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" +echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" echo -e "if it\ndoesn't, you're on your own. Sorry!\n" - - -- cgit v1.2.3 From cf4c4d772ad2d264434a22e52aacfb7410ab9356 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Verify rsync command options As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Be stricter about the rsync command line and require --server as the first argument, which disables attempts to initiate rsync outbound from the server and in turn could trigger running code specified in ssh client configuration options. Also scan the rsync command line for any --rsh, --config, or --daemon option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. --config can be used to run commands via "pre-xfer exec" when running as a daemon, plus the client should not be able to spawn daemons. Unset the HOME environment variable to prevent popt from loading a ~/.popt configuration file, which could redefine rsync command-line options like --server to instead mean some unsafe option, or even run commands directly. Based on work by Robert Hardy and a report by Nick Cleaton. Debian Bug#471803 Gbp-Pq: Name 0007-Verify-rsync-command-options.patch --- util.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 83 insertions(+), 9 deletions(-) diff --git a/util.c b/util.c index ef1a5d8..760e4c7 100644 --- a/util.c +++ b/util.c @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include #endif /* HAVE_LIBGEN_H */ +#include /* LOCAL INCLUDES */ #include "pathnames.h" @@ -197,6 +198,68 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) } +/* + * rsync_okay() - require --server on all rsh command lines, check that -e + * contains only protocol information, and reject any --rsh, + * --config, or --daemon option. Returns FALSE if the command + * line should not be allowed, TRUE if it is okay. + */ +static int rsync_okay( char **vec ) +{ + regex_t re; + + /* + * rsync will send -e, followed by either just "." (meaning no special + * protocol) or "N.N" (meaning a pre-release protocol version), + * followed by some number of alphabetic flags indicating various + * supported options. There may be other options between - and the e, + * but -e will always be the last option in the string. A typical + * option passed by the client is "-ltpre.iL". + * + * Note that if --server is given, this should never be parsed as a + * shell, but we'll tightly verify it anyway, just in case. + * + * This regex matches the acceptable flags containing -e, so if it + * does not match, the command line should be rejected. + */ + static const char pattern[] + = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; + + /* + * Only recognize --server if it's the first option. rsync itself + * always passes it that way, and if it's not the first argument, it + * could be hidden from the server as an argument to some other + * option. + */ + if ( !(vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0) ) + return FALSE; + + /* Check the remaining options for -e or --rsh. */ + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ + return FALSE; + } + while (vec && *vec){ + if ( strcmp(*vec, "--rsh") == 0 + || strcmp(*vec, "--daemon") == 0 + || strcmp(*vec, "--config") == 0 + || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 + || strncmp(*vec, "--config=", strlen("--config=")) == 0 ){ + regfree(&re); + return FALSE; + } + if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ + if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ + regfree(&re); + return FALSE; + } + } + vec++; + } + regfree(&re); + return TRUE; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -229,16 +292,27 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) } if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ - /* filter -e option */ - if ( opt_filter(cl, 'e') ) return NULL; - while (cl && *cl){ - if ( strstr(*cl, "--rsh" ) ){ - fprintf(stderr, "\ninsecure --rsh= not allowed."); - log_msg("insecure --rsh option in rsync command line!"); - return NULL; - } - cl++; + if ( !rsync_okay(cl) ){ + fprintf(stderr, "\ninsecure rsync options not allowed."); + log_msg("insecure rsync options in rsync command line!"); + return NULL; } + + /* + * rsync is linked with popt, which recognizes a configuration + * file ~/.popt that can, among other things, define aliases. + * If someone can write to the home directory of the rssh + * user, they can upload a ~/.popt file that contains + * something like "rsync alias --server --rsh" and then + * execute commands they upload. popt does not try to read + * its configuration file if HOME is not set, so unset HOME to + * disable this behavior. + */ + if ( unsetenv("HOME") < 0 ){ + log_msg("cannot unsetenv() HOME"); + return NULL; + } + return PATH_RSYNC; } /* No match, return NULL */ -- cgit v1.2.3 From 6598831102e2987f59e6ff411789474dddecffc4 Mon Sep 17 00:00:00 2001 From: Davide Scola Date: Sat, 7 Dec 2013 18:32:56 -0800 Subject: Add support for Subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Debian Bug#284756 Signed-off-by: Russ Allbery Gbp-Pq: Name 0008-Add-support-for-Subversion-svnserve.patch --- conf_convert | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ conf_convert.sh | 45 --------------------------------------------- configure.ac | 22 ++++++++++++++++++++-- main.c.in | 5 ++++- pathnames.h.in | 1 + rssh.conf.5 | 17 +++++++++++------ rssh.conf.5.in | 17 +++++++++++------ rssh.conf.default | 28 +++++++++++++++------------- rssh.h | 13 +++++++------ rssh_chroot_helper.c | 3 +++ rsshconf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++---- util.c | 35 ++++++++++++++++++++++++++--------- util.h | 3 ++- 13 files changed, 194 insertions(+), 93 deletions(-) create mode 100644 conf_convert delete mode 100755 conf_convert.sh diff --git a/conf_convert b/conf_convert new file mode 100644 index 0000000..a47ecba --- /dev/null +++ b/conf_convert @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff --git a/conf_convert.sh b/conf_convert.sh deleted file mode 100755 index fb0c999..0000000 --- a/conf_convert.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff --git a/configure.ac b/configure.ac index ab145b4..caeae7d 100644 --- a/configure.ac +++ b/configure.ac @@ -117,8 +117,8 @@ if ! test -x "$sftp_path"; then fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ if ! test -x "$rsync_path"; then fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(sftp_path) AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff --git a/main.c.in b/main.c.in index 7d1695c..b3228e5 100644 --- a/main.c.in +++ b/main.c.in @@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -267,7 +269,8 @@ void vers_info( void ) printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff --git a/pathnames.h.in b/pathnames.h.in index 17e2fb7..043d7ae 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff --git a/rssh.conf.5 b/rssh.conf.5 index 5556468..227ef88 100644 --- a/rssh.conf.5 +++ b/rssh.conf.5 @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.5.in b/rssh.conf.5.in index 913ce9d..5e16acb 100644 --- a/rssh.conf.5.in +++ b/rssh.conf.5.in @@ -49,6 +49,11 @@ Tells the shell that rdist is allowed. Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -122,9 +127,9 @@ The umask for this user, in octal, just as it would be specified to the shell .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -135,7 +140,7 @@ details. .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -148,13 +153,13 @@ path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff --git a/rssh.conf.default b/rssh.conf.default index c847565..88833c1 100644 --- a/rssh.conf.default +++ b/rssh.conf.default @@ -11,6 +11,7 @@ logfacility = LOG_USER #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ umask = 022 ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff --git a/rssh.h b/rssh.h index d15f645..111f9a0 100644 --- a/rssh.h +++ b/rssh.h @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 7780c11..8a35cdc 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -254,6 +254,9 @@ int main( int argc, char **argv ) case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff --git a/rsshconf.c b/rsshconf.c index 564f747..459b26b 100644 --- a/rsshconf.c +++ b/rsshconf.c @@ -71,6 +71,7 @@ const char *keywords[] = { "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, int process_allow_rsync( ShellOptions_t *opts, const char *line, const int lineno ); +int process_allow_svnserve( ShellOptions_t *opts, const char *line, + const int lineno ); + int get_token( const char *str, char *buf, const int buflen, const bool colon, const bool ign_spc ); @@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_DEBUG); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -999,6 +1037,10 @@ cleanup: if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff --git a/util.c b/util.c index 760e4c7..52a751b 100644 --- a/util.c +++ b/util.c @@ -80,7 +80,8 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -101,7 +102,9 @@ void fail( int flags, int argc, char **argv ) if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -315,6 +318,16 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) return PATH_RSYNC; } + if ( check_command(*cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( cl[1] == NULL || strcmp(cl[1], "-t") != 0 || cl[2] != NULL){ + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } /* No match, return NULL */ return NULL; } @@ -339,6 +352,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) return PATH_RDIST; if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) return PATH_RSYNC; + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ) + return PATH_SVNSERVE; return NULL; } @@ -404,22 +419,24 @@ int validate_umask( const char *temp, int *mask ) * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff --git a/util.h b/util.h index 8b81201..a67eb32 100644 --- a/util.h +++ b/util.h @@ -38,7 +38,8 @@ char *get_command( char *cl, ShellOptions_t *opts); char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void ); -- cgit v1.2.3 From fd578fe6528abec52a22428f7b15a9214d505864 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Thu, 17 Jan 2019 19:21:40 -0800 Subject: Verify scp command options ESnet discovered a security vulnerability in the scp backend for rssh. Since the arguments to scp on the server side were not checked, the client could pass in arbitrary scp command-line flags, including setting arbitrary scp options. This allows setting the option PKCS11Provider, which loads and executes code from a shared module. Even if the -o flag is blocked, this is still possible via -F to load an already-uploaded ssh configuration file, or, if .ssh/config is writable, by just uploading that configuration file directly first. Attempt to protect against this attack by checking the command line of scp and only allowing the options that are passed to the server end of the connection. Require either -f or -t be given, which disables scp's attempts to connect to a remote host. Debian Bug#919623 Gbp-Pq: Name 0009-Verify-scp-command-options.patch --- util.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c index 52a751b..391ad4a 100644 --- a/util.c +++ b/util.c @@ -263,6 +263,43 @@ static int rsync_okay( char **vec ) } +/* + * scp_okay() - take the command line and check that it is a hopefully-safe scp + * server command line, accepting only very specific options. + * Returns FALSE if the command line should not be allowed, TRUE + * if it is okay. + */ +static int scp_okay( char **vec ) +{ + int saw_f_or_t = FALSE; + + for ( vec++; vec && *vec; vec++ ){ + /* Allowed options. */ + if ( strcmp(*vec, "-v") == 0 ) continue; + if ( strcmp(*vec, "-r") == 0 ) continue; + if ( strcmp(*vec, "-p") == 0 ) continue; + if ( strcmp(*vec, "-d") == 0 ) continue; + if ( strcmp(*vec, "-f") == 0 ){ + saw_f_or_t = TRUE; + continue; + } + if ( strcmp(*vec, "-t") == 0 ){ + saw_f_or_t = TRUE; + continue; + } + + /* End of arguments. */ + if ( strcmp(*vec, "--") == 0 ) break; + + /* Any other argument is not allowed. */ + if ( *vec[0] == '-' ) return FALSE; + } + + /* Either -f or -t must have been given. */ + return saw_f_or_t; +} + + /* * check_command_line() - take the command line passed to rssh, and verify * that the specified command is one the user is @@ -278,8 +315,11 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) return PATH_SFTP_SERVER; if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ - /* filter -S option */ - if ( opt_filter(cl, 'S') ) return NULL; + if ( !scp_okay(cl) ){ + fprintf(stderr, "\ninsecure scp option not allowed."); + log_msg("insecure scp option in scp command line"); + return NULL; + } return PATH_SCP; } -- cgit v1.2.3 From eaed7bed52ac181229e6fc3ada518eded8405099 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 28 Jan 2019 20:15:30 -0800 Subject: Check command line after chroot When a command was configured with a chroot, rssh did not check the safety of the command line after chroot, allowing various vectors of remote code execution inside the chroot environment. Perform the same check after chroot as is performed before running the command when a chroot is not configured. Gbp-Pq: Name 0010-Check-command-line-after-chroot.patch --- rssh_chroot_helper.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c index 8a35cdc..73d8c7b 100644 --- a/rssh_chroot_helper.c +++ b/rssh_chroot_helper.c @@ -218,6 +218,12 @@ int main( int argc, char **argv ) ch_fatal_error("build_arg_vector()", argv[2], "bad expansion"); + /* check the command for safety */ + if ( !check_command_line(argvec, &opts) ){ + fprintf(stderr, "\n"); + exit(1); + } + /* * This is the old way to figure out what program to run. Since we're * re-parsing the config file in rssh_chroot helper, we could get rid -- cgit v1.2.3