Date: Wed, 19 Feb 2003 13:08:54 -0800 (PST) From: Adam <jettea46@yahoo.com> To: freebsd-bugs@freebsd.org Subject: scponly port Message-ID: <20030219210854.92509.qmail@web21002.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
I've updated the scponly shell, but currently can't use send-pr to send it in. Would someone kindly do this for me? Below I've included a majority of the text that I would actually be sending in send-pr if my mail was configured to do so. Sorry for the length... To: FreeBSD-gnats-submit@freebsd.org From: Adam Jette <ajette@chilisystems.com> Reply-To: Adam <ajette@chilisystems.com> Cc: X-send-pr-version: 3.113 X-GNATS-Notify: >Submitter-Id: current-users >Originator: Adam >Organization: nada >Confidential: no >Synopsis: Update port:shells/scponly update version + chroot >Severity: non-critical >Priority: low >Category: ports >Class: change-request >Release: FreeBSD 4.7-STABLE i386 >Environment: System: FreeBSD hugsForEveryone 4.7-STABLE FreeBSD 4.7-STABLE #0: Fri Feb 7 13:59:39 EST 2003 ajette@hugsForEveryone:/usr/src/sys/compile/GENERIC i386 >Description: Scponly has been updated to 3.5, which is not reflected in the ports. Furthermore, it was not possible via make options to configure scponly for the chrooted functionality it does actually possess. >How-To-Repeat: N/A >Fix: --- shar.scponly begins here --- # # The scponly port was out of date by a bit. The main reason # for the updated port however was the lack of support that # previously existed for the chrooted version of scponly. # Libraries and programs it relied upon do not exist # on FreeBSD. Thus, the configure, configure.in, and # setup_chroot.sh.in had to be modified. # # This archive contains: # # scponly # scponly/Makefile # scponly/distinfo # scponly/pkg-comment # scponly/pkg-descr # scponly/pkg-plist # scponly/files # scponly/files/patch-cb # scponly/files/patch-aa # scponly/files/patch-ba # scponly/files/patch-ca # echo c - scponly mkdir -p scponly > /dev/null 2>&1 echo x - scponly/Makefile sed 's/^X//' >scponly/Makefile << 'END-of-scponly/Makefile' X# New ports collection makefile for: scponly X# Date created: 2003/02/19 X# Whom: ajette@chilisystems.com X# X# $FreeBSD: ports/shells/scponly/Makefile,v 1.2 2003/01/03 18:15:43 ijliao Exp $ X# X XPORTNAME= scponly XPORTVERSION= 3.5 XCATEGORIES= shells XMASTER_SITES= http://www.sublimation.org/scponly/ XEXTRACT_SUFX= .tgz X XMAINTAINER= ajette@chilisystems.com X XMAN8= scponly.8 X XGNU_CONFIGURE= yes X X# Lets configure the setup_chroot script and build binary X.if defined(CHROOT) XCONFIGURE_ARGS+= --enable-chrooted-binary X.endif X X# Eh, I'm paranoid by default X.if !defined(NOTPARANOID) XCONFIGURE_ARGS+= --disable-wildcards --disable-winscp-compat X.endif X X.include <bsd.port.mk> END-of-scponly/Makefile echo x - scponly/distinfo sed 's/^X//' >scponly/distinfo << 'END-of-scponly/distinfo' XMD5 (scponly-3.5.tgz) = 2204faf6a661a0405d4f8fe249a5f736 END-of-scponly/distinfo echo x - scponly/pkg-comment sed 's/^X//' >scponly/pkg-comment << 'END-of-scponly/pkg-comment' XA tiny shell which only permits scp and sftp END-of-scponly/pkg-comment echo x - scponly/pkg-descr sed 's/^X//' >scponly/pkg-descr << 'END-of-scponly/pkg-descr' X[Excerpted from the README:] "scponly" is an alternative "shell" (of sorts) Xfor system administrators who would like to provide access to remote users to Xboth read and write local files without providing any remote execution Xprivileges. Functionally, it is best described as a wrapper to the Xtried-and-true ssh suite. X Xscponly validates remote requests by examining the third argument passed to the Xshell upon login. (The first argument is the shell itself, and the second is X-c.) The only commands allowed are "scp", "sftp-server" and "ls". Arguments Xto these commands are passed along unmolested. X X- chroot: scponly can chroot to the user's home directory (or any Xother directory the user has permissions for), disallowing access Xto the rest of the filesystem. X XWWW: http://www.sublimation.org/scponly/ X XNote: To build a chroot jail for a user, run the setup_chroot.sh script in the source directory. It should be configured to work after "make"ing. X X- Adam Jette <ajette@chilisystems.com> END-of-scponly/pkg-descr echo x - scponly/pkg-plist sed 's/^X//' >scponly/pkg-plist << 'END-of-scponly/pkg-plist' Xbin/scponly Xetc/scponly/debuglevel X@dirrm etc/scponly END-of-scponly/pkg-plist echo c - scponly/files mkdir -p scponly/files > /dev/null 2>&1 echo x - scponly/files/patch-cb sed 's/^X//' >scponly/files/patch-cb << 'END-of-scponly/files/patch-cb' X*** setup_chroot.sh.in.orig Wed Feb 19 10:14:50 2003 X--- setup_chroot.sh.in Wed Feb 19 10:15:02 2003 X*************** X*** 128,140 **** X X if [ $? -ne 0 ]; then X fail "if this user exists, remove it and try again" X fi X X! chown 0.0 $targetdir X if [ -d $targetdir/.ssh ]; then X! chown 0.0 $targetdir/.ssh X fi X X X if [ ! -d $targetdir/incoming ]; then X echo -e "\ncreating $targetdir/incoming directory for uploading files" X--- 128,140 ---- X X if [ $? -ne 0 ]; then X fail "if this user exists, remove it and try again" X fi X X! chown 0:0 $targetdir X if [ -d $targetdir/.ssh ]; then X! chown 0:0 $targetdir/.ssh X fi X X X if [ ! -d $targetdir/incoming ]; then X echo -e "\ncreating $targetdir/incoming directory for uploading files" END-of-scponly/files/patch-cb echo x - scponly/files/patch-aa sed 's/^X//' >scponly/files/patch-aa << 'END-of-scponly/files/patch-aa' X*** configure.old Wed Feb 19 09:48:09 2003 X--- configure Tue Feb 18 18:17:12 2003 X*************** X*** 2357,2366 **** X--- 2357,2405 ---- X else X echo "$as_me:$LINENO: result: no" >&5 X echo "${ECHO_T}no" >&6 X fi X X+ # Get pw as an alternate adduser X+ set dummy pw; ac_word=$2 X+ echo "$as_me:$LINENO: checking for $ac_word" >&5 X+ echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 X+ if test "${ac_cv_path_PROG_PW+set}" = set; then X+ echo $ECHO_N "(cached) $ECHO_C" >&6 X+ else X+ case $PROG_PW in X+ [\\/]* | ?:[\\/]*) X+ ac_cv_path_PROG_PW="$PROG_PW" # Let the user override the test with a path. X+ ;; X+ *) X+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR X+ for as_dir in $PATH X+ do X+ IFS=$as_save_IFS X+ test -z "$as_dir" && as_dir=. X+ for ac_exec_ext in '' $ac_executable_extensions; do X+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then X+ ac_cv_path_PROG_PW="$as_dir/$ac_word$ac_exec_ext" X+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 X+ break 2 X+ fi X+ done X+ done X+ X+ ;; X+ esac X+ fi X+ PROG_PW=$ac_cv_path_PROG_PW X+ X+ if test -n "$PROG_PW"; then X+ echo "$as_me:$LINENO: result: $PROG_PW" >&5 X+ echo "${ECHO_T}$PROG_PW" >&6 X+ else X+ echo "$as_me:$LINENO: result: no" >&5 X+ echo "${ECHO_T}no" >&6 X+ fi X+ X # Extract the first word of "pwd_mkdb", so it can be a program name with args. X set dummy pwd_mkdb; ac_word=$2 X echo "$as_me:$LINENO: checking for $ac_word" >&5 X echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 X if test "${ac_cv_path_PROG_PWD_MKDB+set}" = set; then X*************** X*** 4980,4989 **** X--- 5019,5029 ---- X s,@PROG_CUT@,$PROG_CUT,;t t X s,@PROG_GREP@,$PROG_GREP,;t t X s,@PROG_SORT@,$PROG_SORT,;t t X s,@PROG_LDD@,$PROG_LDD,;t t X s,@PROG_USERADD@,$PROG_USERADD,;t t X+ s,@PROG_PW@,$PROG_PW,;t t X s,@PROG_PWD_MKDB@,$PROG_PWD_MKDB,;t t X s,@CHROOTED_NAME@,$CHROOTED_NAME,;t t X s,@scponly_PROG_SFTP_SERVER@,$scponly_PROG_SFTP_SERVER,;t t X s,@scponly_PROG_LS@,$scponly_PROG_LS,;t t X s,@scponly_PROG_SCP@,$scponly_PROG_SCP,;t t END-of-scponly/files/patch-aa echo x - scponly/files/patch-ba sed 's/^X//' >scponly/files/patch-ba << 'END-of-scponly/files/patch-ba' X*** configure.in.old Wed Feb 19 09:50:31 2003 X--- configure.in Wed Feb 19 09:50:12 2003 X*************** X*** 42,51 **** X--- 42,52 ---- X AC_PATH_PROG(PROG_CUT, cut) X AC_PATH_PROG(PROG_GREP, grep) X AC_PATH_PROG(PROG_SORT, sort) X AC_PATH_PROG(PROG_LDD, ldd) X AC_PATH_PROG(PROG_USERADD, useradd) X+ AC_PATH_PROG(PROG_PW, pw) X AC_PATH_PROG(PROG_PWD_MKDB, pwd_mkdb) X X dnl Features wanted for this installation: X dnl Command-line args to ./configure X dnl Call options "--disable-foo" if they default to on, END-of-scponly/files/patch-ba echo x - scponly/files/patch-ca sed 's/^X//' >scponly/files/patch-ca << 'END-of-scponly/files/patch-ca' X*** setup_chroot.sh.in.old Wed Feb 19 09:51:25 2003 X--- setup_chroot.sh.in Tue Feb 18 18:15:46 2003 X*************** X*** 14,32 **** X X # the following is a list of binaries that will be staged in the target dir X BINARIES=`@PROG_GREP@ '#define PROG_' config.h | @PROG_CUT@ -f2 -d\" | @PROG_GREP@ -v ^cd$` X X # a function to display a failure message and then exit X! function fail { X echo -e $@ X exit 1 X } X X # "get with default" function X # this function prompts the user with a query and default reply X # it returns the user reply X! function getwd { X query="$1" X default="$2" X echo -en "$query [$default]" | cat >&2 X read response X if [ x$response = "x" ]; then X--- 14,32 ---- X X # the following is a list of binaries that will be staged in the target dir X BINARIES=`@PROG_GREP@ '#define PROG_' config.h | @PROG_CUT@ -f2 -d\" | @PROG_GREP@ -v ^cd$` X X # a function to display a failure message and then exit X! fail() { X echo -e $@ X exit 1 X } X X # "get with default" function X # this function prompts the user with a query and default reply X # it returns the user reply X! getwd() { X query="$1" X default="$2" X echo -en "$query [$default]" | cat >&2 X read response X if [ x$response = "x" ]; then X*************** X*** 36,46 **** X } X X # "get yes no" function X # this function prompts the user with a query and will continue to do so X # until they reply with either "y" or "n" X! function getyn { X query="$@" X echo -en $query | cat >&2 X read response X while [ x$response != "xy" -a x$response != "xn" ]; do X echo -e "\n'y' or 'n' only please...\n" | cat >&2 X--- 36,46 ---- X } X X # "get yes no" function X # this function prompts the user with a query and will continue to do so X # until they reply with either "y" or "n" X! getyn() { X query="$@" X echo -en $query | cat >&2 X read response X while [ x$response != "xy" -a x$response != "xn" ]; do X echo -e "\n'y' or 'n' only please...\n" | cat >&2 X*************** X*** 53,64 **** X if [ x@PROG_LDD@ = x ]; then X echo "this script requires the program ldd to determine which" X fail "shared libraries to copy into your chrooted dir..." X fi X if [ x@PROG_USERADD@ = x ]; then X! echo "this script requires the program useradd to add your" X fail "chrooted scponly user." X fi X X # we need to be root X if [ `id -u` != "0" ]; then X fail "you must be root to run this script\n" X--- 53,66 ---- X if [ x@PROG_LDD@ = x ]; then X echo "this script requires the program ldd to determine which" X fail "shared libraries to copy into your chrooted dir..." X fi X if [ x@PROG_USERADD@ = x ]; then X! if [ x@PROG_PW@ = x ]; then X! echo "this script requires the program useradd or pw to add your" X fail "chrooted scponly user." X+ fi X fi X X # we need to be root X if [ `id -u` != "0" ]; then X fail "you must be root to run this script\n" X*************** X*** 97,109 **** X--- 99,114 ---- X LIB_LIST=`@PROG_LDD@ $BINARIES 2> /dev/null | @PROG_CUT@ -f2 -d\> | @PROG_CUT@ -f1 -d\( | @PROG_GREP@ "^ " | @PROG_SORT@ -u` X if [ -f /usr/libexec/ld.so ]; then X LIB_LIST="$LIB_LIST /usr/libexec/ld.so" X else if [ -f /lib/ld-linux.so.2 ]; then X LIB_LIST="$LIB_LIST /lib/ld-linux.so.2" X+ else if [ -f /usr/libexec/ld-elf.so.1 ]; then X+ LIB_LIST="$LIB_LIST /usr/libexec/ld-elf.so.1" X else X fail i cant find your equivalent of ld.so X fi X+ fi X fi X X /bin/ls /lib/libnss_compat* X if [ $? -eq 0 ]; then X LIB_LIST="$LIB_LIST /lib/libnss_compat* /lib/ld.so" X*************** X*** 113,123 **** X for lib in $LIB_LIST; do X @INSTALL@ $lib $targetdir/$lib X done X fi X X! @PROG_USERADD@ -d "$targetdir" -s "@prefix@/sbin/@CHROOTED_NAME@" $targetuser X if [ $? -ne 0 ]; then X fail "if this user exists, remove it and try again" X fi X X chown 0.0 $targetdir X--- 118,133 ---- X for lib in $LIB_LIST; do X @INSTALL@ $lib $targetdir/$lib X done X fi X X! if [ x@PROG_USERADD@ != x ]; then X! @PROG_USERADD@ -d "$targetdir" -s "@prefix@/sbin/@CHROOTED_NAME@" $targetuser X! else X! @PROG_PW@ useradd $targetuser -d "$targetdir" -s "/usr/local/sbin/scponlyc" X! fi X! X if [ $? -ne 0 ]; then X fail "if this user exists, remove it and try again" X fi X X chown 0.0 $targetdir END-of-scponly/files/patch-ca exit --- shar.scponly ends here --- __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030219210854.92509.qmail>