diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/b/conf_convert rssh-2.3.2-subversion-support/b/conf_convert --- rssh-2.3.2/b/conf_convert 1970-01-01 01:00:00.000000000 +0100 +++ rssh-2.3.2-subversion-support/b/conf_convert 2010-01-06 12:27:32.000000000 +0100 @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola <davide.scola@gmail.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/conf_convert rssh-2.3.2-subversion-support/conf_convert --- rssh-2.3.2/conf_convert 1970-01-01 01:00:00.000000000 +0100 +++ rssh-2.3.2-subversion-support/conf_convert 2010-01-06 12:28:01.000000000 +0100 @@ -0,0 +1,48 @@ +#!/usr/bin/awk -f +# +# conf_convert - convert rssh config files from 2.0, 2.1.1, 2.2 format +# to rssh 2.3.2 format config files adding svnserve +# support +# +# Copyright (C) 2009 Davide Scola <davide.scola@gmail.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. +# +BEGIN { + FS = OFS = ":"; +} + +{ + if( /^[# ]*user *= */ && match($3, /^([01]+)/) ) { + gsub(/^([01]+)/, replaceString( RLENGTH ), $3); + } + + print +} + +function replaceString(nitems) { + str = "&"; + + if(nitems == 2) { # config < v2.2 + str = "000&0"; + } + + else if(nitems == 5) { # v2.2 <= config <= v2.3.2 (vanilla) + str = "&0"; + } + + return str; +} + diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/conf_convert.sh rssh-2.3.2-subversion-support/conf_convert.sh --- rssh-2.3.2/conf_convert.sh 2004-05-07 09:10:42.000000000 +0200 +++ rssh-2.3.2-subversion-support/conf_convert.sh 1970-01-01 01:00:00.000000000 +0100 @@ -1,45 +0,0 @@ -#!/bin/sh - -# conf_convert.sh - convert rssh config files from 2.0 - 2.1.1 format to rssh -# version 2.2 format config files. - -if [ -z "$TMPDIR" ]; then - TMPDIR=/tmp -fi - -tempdir=`mktemp -d "$TMPDIR/confconv.tempXXXXXX"` -if [ ! -d "$tempdir" ]; then - echo "$0: unable to make temporary directory" - exit 1 -fi - -if [ "$#" != "0" ]; then - - while [ -n "$1" ]; do - - if [ ! -f "$1" ]; then - echo "$0: $1 does not exist. Skipping." >&2 - continue - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' $1 > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "$1.NEW" - shift - done - -else - if [ ! -f /etc/rssh.conf ]; then - echo "/etc/rssh.conf does not exist, and no parameters given." >&2 - exit 2 - fi - - sed 's/^\([# ]*user *= *.*:\)\([01][01][^0-9"'\''].*\)$/\1000\2/' /etc/rssh.conf > "$tempdir/tempconf" - - mv "$tempdir/tempconf" "/etc/rssh.conf.NEW" - -fi - -rm -rf "$tempdir" - -exit 0 diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/configure.ac rssh-2.3.2-subversion-support/configure.ac --- rssh-2.3.2/configure.ac 2006-01-03 18:27:53.000000000 +0100 +++ rssh-2.3.2-subversion-support/configure.ac 2010-01-06 12:28:01.000000000 +0100 @@ -117,8 +117,8 @@ fi -# CVS, rdist, and rsync might not be installed. But we don't want to force -# the user to configure bogus paths, so default to /usr/bin/* +# CVS, rdist, rsync and svnserve might not be installed. But we don't want +# to force the user to configure bogus paths, so default to /usr/bin/* # Check for cvs binary @@ -170,6 +170,23 @@ fi +# Check for svnserve binary + +AC_ARG_WITH(svnserve, +[ --with-svnserve specify path to svnserve binary], +[svnserve_path="$withval"], [svnserve_path=""]) + +AC_PATH_PROG(svnserve_path, svnserve, [], []) +if test -z "$svnserve_path"; then + AC_MSG_WARN([can't find svnserve - using /usr/bin/svnserve. Use --with-svnserve to override]) + svnserve_path=/usr/bin/svnserve +fi + +if ! test -x "$svnserve_path"; then + AC_MSG_WARN([specified svnserve binary does not exist]) +fi + + # disable static configuration AC_ARG_ENABLE(static, @@ -200,6 +217,7 @@ AC_SUBST(cvs_path) AC_SUBST(rdist_path) AC_SUBST(rsync_path) +AC_SUBST(svnserve_path) AC_SUBST(prefix) AC_SUBST(sysconfdir) AC_SUBST(libexecdir) diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/main.c.in rssh-2.3.2-subversion-support/main.c.in --- rssh-2.3.2/main.c.in 2006-01-03 18:25:05.000000000 +0100 +++ rssh-2.3.2-subversion-support/main.c.in 2010-01-06 12:28:01.000000000 +0100 @@ -214,6 +214,8 @@ argvec[1] = "4"; else if ( !(strcmp(*cmd, PATH_RSYNC)) ) argvec[1] = "5"; + else if ( !(strcmp(*cmd, PATH_SVNSERVE)) ) + argvec[1] = "6"; else { log_set_priority(LOG_ERR); log_msg("fatal error identifying the correct command " @@ -262,7 +264,8 @@ printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); printf("%20s = %s\n", "cvs binary path", PATH_CVS); printf("%20s = %s\n", "rdist binary path", PATH_RDIST); - printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); + printf("%20s = %s\n\n", "svnserve binary path", PATH_SVNSERVE); } diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/pathnames.h.in rssh-2.3.2-subversion-support/pathnames.h.in --- rssh-2.3.2/pathnames.h.in 2003-08-08 23:49:28.000000000 +0200 +++ rssh-2.3.2-subversion-support/pathnames.h.in 2010-01-06 12:28:01.000000000 +0100 @@ -36,6 +36,7 @@ #define PATH_CVS "@cvs_path@" #define PATH_RDIST "@rdist_path@" #define PATH_RSYNC "@rsync_path@" +#define PATH_SVNSERVE "@svnserve_path@" /* these generally are overridden by the makefile */ #ifndef PATH_RSSH_CONFIG diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/rssh_chroot_helper.c rssh-2.3.2-subversion-support/rssh_chroot_helper.c --- rssh-2.3.2/rssh_chroot_helper.c 2006-01-03 18:36:47.000000000 +0100 +++ rssh-2.3.2-subversion-support/rssh_chroot_helper.c 2010-01-06 12:28:01.000000000 +0100 @@ -254,6 +254,9 @@ case 5: cmd_path = PATH_RSYNC; break; + case 6: + cmd_path = PATH_SVNSERVE; + break; default: log_msg("invalid command specified"); exit(2); diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/rssh.conf rssh-2.3.2-subversion-support/rssh.conf --- rssh-2.3.2/rssh.conf 2005-11-27 22:28:36.000000000 +0100 +++ rssh-2.3.2-subversion-support/rssh.conf 2010-01-06 12:28:01.000000000 +0100 @@ -11,6 +11,7 @@ #allowcvs #allowrdist #allowrsync +#allowsvnserve # set the default umask umask = 022 @@ -28,24 +29,25 @@ ########################################## # EXAMPLES of configuring per-user options -#user=rudy:077:00010: # the path can simply be left out to not chroot -#user=rudy:077:00010 # the ending colon is optional +#user=rudy:077:000100: # the path can simply be left out to not chroot +#user=rudy:077:000100 # the ending colon is optional -#user=rudy:011:00100: # cvs, with no chroot -#user=rudy:011:01000: # rdist, with no chroot -#user=rudy:011:10000: # rsync, with no chroot -#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted -#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! -#user=rudy:'011:00001:/usr/local/chroot' # single quotes too +#user=rudy:011:001000: # cvs, with no chroot +#user=rudy:011:010000: # rdist, with no chroot +#user=rudy:011:100000: # rsync, with no chroot +#user=rudy:011:000001: # svnserve, with no chroot +#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:000010:/usr/local/chroot' # single quotes too # if your chroot_path contains spaces, it must be quoted... # In the following examples, the chroot_path is "/usr/local/my chroot" -#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot -#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot -#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot +#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot +#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot +#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot # Spaces before or after the '=' are fine, but spaces in chrootpath need # quotes. -#user = "rudy:011:00001:/usr/local/my chroot" -#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end +#user = "rudy:011:000010:/usr/local/my chroot" +#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/rssh.conf.5 rssh-2.3.2-subversion-support/rssh.conf.5 --- rssh-2.3.2/rssh.conf.5 2006-01-07 03:25:05.000000000 +0100 +++ rssh-2.3.2-subversion-support/rssh.conf.5 2010-01-06 12:28:01.000000000 +0100 @@ -50,6 +50,11 @@ Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -123,9 +128,9 @@ .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -136,7 +141,7 @@ .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -149,13 +154,13 @@ chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/rssh.conf.5.in rssh-2.3.2-subversion-support/rssh.conf.5.in --- rssh-2.3.2/rssh.conf.5.in 2005-11-28 17:54:56.000000000 +0100 +++ rssh-2.3.2-subversion-support/rssh.conf.5.in 2010-01-06 12:28:01.000000000 +0100 @@ -50,6 +50,11 @@ Tells the shell that rsync is allowed. .RE .P +.B allowsvnserve +.RS +Tells the shell that svnserve is allowed. +.RE +.P .B umask .RS Sets the umask value for file creations in the scp/sftp session. This is @@ -123,9 +128,9 @@ .RE .B access bits .RS -Five binary digits, which indicate whether the user is allowed to use rsync, -rdist, cvs, sftp, and scp, in that order. One means the command is allowed, -zero means it is not. +Six binary digits, which indicate whether the user is allowed to use rsync, +rdist, cvs, sftp, scp and svnserve, in that order. One means the command is +allowed, zero means it is not. .RE .B path .RS @@ -136,7 +141,7 @@ .P For example, you might have something like this: .P -user = luser:022:00001: +user = luser:022:000010: .P This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path @@ -149,13 +154,13 @@ chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: .P -user = "luser:022:00001:/usr/local/chroot dir" +user = "luser:022:000010:/usr/local/chroot dir" .P See the default rssh.conf file for more examples. .RE .SH SEE ALSO \fIrssh\fP(1), \fIsshd\fP(8), \fIssh\fP(1), \fIscp\fP(1), \fIsftp\fP(1), -\fIsyslogd.conf\fP(5), \fIchroot\fP(2). +\fIsvnserve\fP(8), \fIsyslogd.conf\fP(5), \fIchroot\fP(2). diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/rsshconf.c rssh-2.3.2-subversion-support/rsshconf.c --- rssh-2.3.2/rsshconf.c 2005-11-27 23:35:43.000000000 +0100 +++ rssh-2.3.2-subversion-support/rsshconf.c 2010-01-06 12:28:01.000000000 +0100 @@ -71,6 +71,7 @@ "allowcvs", "allowrdist", "allowrsync", + "allowsvnserve", "chrootpath", "logfacility", "umask", @@ -217,21 +218,26 @@ return FALSE; return TRUE; case 6: + /* allow svnserve */ + if ( !(process_allow_svnserve(opts, line + pos, lineno) ) ) + return FALSE; + return TRUE; + case 7: /* default chroot path */ if ( !(process_chroot_path(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 7: + case 8: /* syslog log facility */ if ( !(process_log_facility(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 8: + case 9: /* set the user's umask */ if ( !(process_umask(opts, line + pos, lineno) ) ) return FALSE; return TRUE; - case 9: + case 10: /* user */ if ( !(process_user(opts, line + pos, lineno) ) ) return FALSE; @@ -554,6 +560,34 @@ } +/* + * process_allow_svnserve() - make sure there are no tokens after the keyword, + * other than a possible comment. If there are + * additional tokens other than comments, there is a + * syntax error, and FALSE is returned. Otherwise, + * the line is ok, so opts are set to allow + * svnserve, and TRUE is returned. + */ +int process_allow_svnserve( ShellOptions_t *opts, + const char *line, + const int lineno ) +{ + int pos; + + if ( !(pos = eat_comment(line)) ){ + if (log) log_msg("line %d: syntax error parsing config file", + lineno); + return FALSE; + } + if (log){ + log_set_priority(LOG_INFO); + log_msg("allowing svnserve to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + return TRUE; +} + + int process_chroot_path( ShellOptions_t *opts, const char *line, const int lineno ) @@ -851,6 +885,7 @@ bool allow_cvs; bool allow_rdist; bool allow_rsync; + bool allow_svnserve; /* make space for user options */ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ @@ -923,7 +958,7 @@ return FALSE; } if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ + &allow_rdist, &allow_rsync, &allow_svnserve) ){ if (log){ log_set_priority(LOG_ERR); log_msg("syntax error parsing access bits, line %d", lineno); @@ -997,6 +1032,10 @@ if (log) log_msg("allowing rsync to user %s", user); opts->shell_flags |= RSSH_ALLOW_RSYNC; } + if ( allow_svnserve ){ + if (log) log_msg("allowing svnserve to user %s", user); + opts->shell_flags |= RSSH_ALLOW_SVNSERVE; + } if ( path ){ if (log) log_msg("chrooting %s to %s", user, path); opts->shell_flags |= RSSH_USE_CHROOT; diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/rssh.h rssh-2.3.2-subversion-support/rssh.h --- rssh-2.3.2/rssh.h 2003-08-08 21:02:02.000000000 +0200 +++ rssh-2.3.2-subversion-support/rssh.h 2010-01-06 12:28:01.000000000 +0100 @@ -41,11 +41,12 @@ typedef char bool; -#define RSSH_ALLOW_SCP (1 << 0) -#define RSSH_ALLOW_SFTP (1 << 1) -#define RSSH_ALLOW_CVS (1 << 2) -#define RSSH_ALLOW_RDIST (1 << 3) -#define RSSH_ALLOW_RSYNC (1 << 4) -#define RSSH_USE_CHROOT (1 << 5) +#define RSSH_ALLOW_SCP (1 << 0) +#define RSSH_ALLOW_SFTP (1 << 1) +#define RSSH_ALLOW_CVS (1 << 2) +#define RSSH_ALLOW_RDIST (1 << 3) +#define RSSH_ALLOW_RSYNC (1 << 4) +#define RSSH_ALLOW_SVNSERVE (1 << 5) +#define RSSH_USE_CHROOT (1 << 6) #endif /* _rssh_h */ diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/util.c rssh-2.3.2-subversion-support/util.c --- rssh-2.3.2/util.c 2006-01-03 18:37:39.000000000 +0100 +++ rssh-2.3.2-subversion-support/util.c 2010-01-06 12:28:01.000000000 +0100 @@ -79,7 +79,8 @@ if ( flags & RSSH_ALLOW_SFTP ) size += 5; if ( flags & RSSH_ALLOW_CVS ) size += 4; if ( flags & RSSH_ALLOW_RDIST ) size += 6; - if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ + if ( flags & RSSH_ALLOW_RSYNC ) size += 6; + if ( flags & RSSH_ALLOW_SVNSERVE ) size += 8; /* last one, no space */ /* create msg indicating what is allowed */ if ( !size ) cmd = "This user is locked out."; @@ -100,7 +101,9 @@ if ( flags & RSSH_ALLOW_RDIST ) strncat(cmd, "rdist ", size); if ( flags & RSSH_ALLOW_RSYNC ) - strncat(cmd, "rsync", size); + strncat(cmd, "rsync ", size); + if ( flags & RSSH_ALLOW_SVNSERVE ) + strncat(cmd, "svnserve", size); } /* print error message to user and log attempt */ @@ -245,6 +248,17 @@ return PATH_RSYNC; } + if ( check_command(cl, opts, PATH_SVNSERVE, RSSH_ALLOW_SVNSERVE) ){ + /* check command line */ + if( strlen(cl) != 11 || strcmp(cl, "svnserve -t") ) { + fprintf(stderr, "\nextra svnserver parameter(s) not allowed."); + log_msg("unallowed option(s) in svnserver command line!"); + return NULL; + } + + return PATH_SVNSERVE; + } + return NULL; } @@ -309,22 +323,24 @@ * same name, and returns FALSE if the bits are not valid */ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ) { int i; -#define NUM_ACCESS_BITS 5 +#define NUM_ACCESS_BITS 6 if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; /* make sure the bits are valid */ for ( i = 0; i < NUM_ACCESS_BITS; i++ ) if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; /* This is easier to read if we allign the = */ - *allow_rsync = temp[0] - '0'; - *allow_rdist = temp[1] - '0'; - *allow_cvs = temp[2] - '0'; - *allow_sftp = temp[3] - '0'; - *allow_scp = temp[4] - '0'; + *allow_rsync = temp[0] - '0'; + *allow_rdist = temp[1] - '0'; + *allow_cvs = temp[2] - '0'; + *allow_sftp = temp[3] - '0'; + *allow_scp = temp[4] - '0'; + *allow_svnserve = temp[5] - '0'; return TRUE; } diff -Nau -Naur -x '*~' -x '*.orig' rssh-2.3.2/util.h rssh-2.3.2-subversion-support/util.h --- rssh-2.3.2/util.h 2006-01-03 18:37:55.000000000 +0100 +++ rssh-2.3.2-subversion-support/util.h 2010-01-06 12:28:01.000000000 +0100 @@ -37,7 +37,8 @@ char *extract_root( char *root, char *path ); int validate_umask( const char *temp, int *mask ); int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, - bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); + bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, + bool *allow_svnserve ); bool opt_exist( char *cl, char opt ); char *get_username( void );