[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fwd: CVS/ssh/chroot setup question (can login, but not checkout)]
From: |
Ben Greear |
Subject: |
[Fwd: CVS/ssh/chroot setup question (can login, but not checkout)] |
Date: |
Thu, 02 Aug 2001 15:02:13 -0700 |
Ben Greear wrote:
>
> I've been following directions on this page:
>
> http://www.prima.eu.org/tobez/cvs-howto.html
>
> I think I am very close to getting this right, but I still cannot
> checkout anything. I am able to log in though.
>
> I attached my scvs version. It has some indentation cleanup and
> a quick way to turn debug on and off, but is basically the same as
> the one on the page above.
>
> Here is output from the client machine, trying to talk to 'vsun', our
> sun server with the chroot'ed, ssh'd cvs on it..
>
> CVSROOT=:pserver:address@hidden:/cyclecam
>
> address@hidden cyclecam]$ scvs login
> (Logging in to address@hidden)
> CVS password:
> # This seems to work.
>
> # Try to checkout nothing...get a valid error response..good..
> address@hidden cyclecam]$ scvs checkout
> cvs [checkout aborted]: must specify at least one module or directory
> Could not execute CVS command!
>
> # However, I would have expected this to work...
> address@hidden cyclecam]$ scvs checkout CVSROOT
> Fatal error, aborting.
> cvs: no such user
> cvs checkout: authorization failed: server localhost rejected access to
> /cyclecam for user greear
> Could not execute CVS command!
>
> Any ideas?
>
> --
> Ben Greear <address@hidden> <address@hidden>
> President of Candela Technologies Inc http://www.candelatech.com
> ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear
>
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> #!/usr/bin/perl
>
> # modified for ssh+chroot setup by Anton Berezin <address@hidden>
>
> #--
> # tunable variables
> #--
>
> $debug = 0;
>
> # change this!
> $tune_cvs_server_name = "vsun";
>
> # where cvs program is located on the client system
> $tune_local_cvs_cmd = "/usr/bin/cvs";
>
> # remote pserver port to use
> # for explanation, see
> # http://www.prima.eu.org/tobez/cvs-howto.html#inetd
> $tune_remote_cvs_port = 2411;
>
> # local pserver port; you probably don't want to change this
> $tune_local_cvs_port = 2401;
>
> # ssh command to use; the default is good for UNIX clients
> $tune_ssh_cmd = "ssh";
>
> # the user on the server side cvs runs as
> $tune_ssh_user = "cvs";
>
> #--
> # end of tunable variables
> # there is no need to modify anything below
> #--
>
> #
> # $Id: scvs,v 1.6 1999/02/09 16:37:04 tim Exp $
> #
> # (c) 1999, Tim Hemel <address@hidden>
> #
> # SCVS - "secure cvs"
> #
> # scvs [ -d cvsroot ] [ cvsoptions ] cvscommand [ cvscommandoptions ]
> #
> # This program executes a cvs client and lets it run its traffic through an
> # encrypted SSH tunnel.
> #
> # The remote repository can be specified on the commandline, or in the CVSROOT
> # environment variable. This should be done with -d cvsroot, where cvsroot is
> # the remote repository. For example: :pserver:address@hidden:/cvs. This
> # option MUST be the FIRST option to scvs if it is given.
> #
> # After having checked out a file, the CVS/Root file contains the fake tunnel
> # cvs server on the localhost. This saves you from using the -d option all the
> # time. Be careful however when using both scvs and cvs on the same directory.
> # Preferably all cvs traffic should be done with scvs.
> #
>
> # TODO:
> #
> # * Implement better error detection and recovery.
> # * Better parsing of the repository (it will not detect strange syntaxes).
> # * Better command line option parsing
> # * Add more options that are now still environment variables. For example,
> # -S should contain $SSH_DEFAULT_HOST. for example: -S address@hidden:22,
> # -S ssh@, -S :22, -S cvs.n2it.net, or -S ssh@:22.
> #
>
> #
> # Note: there is no way to specify a different port number to cvs. This means
> # that all scvs clients on the same machine need to share port 2041.
> # This is possible, only the ssh tunneling will fail, so our program should
> # detect that and continue anyway.
> # A successful connection is then only possible if the other users know the
> # password for address@hidden, or if there is no password.
> #
>
> #############################################################################
> # CVS settings
>
> $CVS_CMD=$tune_local_cvs_cmd;
>
> $CVS_PORT=$tune_remote_cvs_port;
> $CVS_LOCAL_PORT=$tune_local_cvs_port;
>
> # the values below will be needed only if the repository is specified via the
> # command line or the CVSROOT environment variable, and in those cases they
> # will be extracted from there. However, for funny results you can uncomment
> # these two lines.
> # $CVS_HOST="cvs.n2it.net";
> # $CVS_USER="tim";
>
> #############################################################################
> # SSH settings
>
> # ssh2 does not seem to work with our -L port:host:hostport argument, so make
> # sure we will use ssh1.
> $SSH_CMD=$tune_ssh_cmd;
>
> # This should be the user on whose behalf the tunneling is made. It is
> # typically a user that cannot do any harm, has no password and uses a program
> # like nologin (but one that will wait) as a shell.
> $SSH_USER=$tune_ssh_user;
>
> # This value should also automagically be set from the repository name.
> # However, if that host is not running sshd, you may want to tunnel through
> # another host and modify and uncomment the line below.
> # $SSH_HOST=$CVS_HOST
>
> # This value is used if the repository cannot be determined from the
> # commandline or the CVSROOT variable. Modify this for your local situation.
> $SSH_DEFAULT_HOST=$tune_cvs_server_name;
>
> # Port at which the sshd on the remote server runs. Default is 22.
> # $SSH_PORT=22;
>
> # This should be left unmodified, as it makes no sense changing this. Unless
> # some future version (or perhaps even the current version) of cvs allow you
> # to specify the remote repository's port.
> $SSH_LOCAL_PORT=$CVS_LOCAL_PORT;
>
> #############################################################################
> # & parse_repository ({{rep}})
> # . extracts the method, user, host, port and directory from {{rep}}.
> # . There are four possibilities:
> # - /path/to/repository
> # - :method:/path/to/repository
> # - :address@hidden:/path/to/repository
> # - :method:address@hidden:/path/to/repository
> #
> # . This function is far from perfect and will produce strange results with
> # non-standard repositories. Has only been tested for :pserver: method.
> #
> sub parse_repository
> {
> my $rep = $_[0];
> my ($dir,$user,$host,$method);
>
> # determine the directory
> $rep =~ s/:(\/.*)$// && do { $dir=$1; };
> if (not $dir)
> { $rep =~ s/(\/.*)$// && do {$dir = $1; }; }
>
> # determine the hostname and the username
> $rep =~ s/:([^:]*)@(.*)$// && do { $user = $1; $host = $2; };
> if (not $host)
> { $rep =~ s/:([^:]+)$// && do { $host = $1; }; }
>
> # all that is left now is the method
> $rep =~ s/^:([^:]*)// && do { $method = $1; };
>
> # if there is still anything left, we have an error, warn the user
> if ($rep)
> { print STDERR "Warning: repository parsed wrong ('$rep' ignored).\n"; }
>
> #print STDERR "DEBUG: dir=$dir, user=$user, host=$host, method=$method\n";
> return ($method, $user, $host, $dir);
> }
>
> #############################################################################
> # main
>
> # should be changed to a general cmdline parsing routine.
> # get the repository's name from the commandline or the CVSROOT environment
> # variable.
> if ($ARGV[0] eq "-d")
> {
> $rep="$ARGV[1]";
> shift; shift;
> }
> else
> {
> $rep = $ENV{'CVSROOT'};
> }
>
> #print STDERR "DEBUG: rep = $rep\n";
>
> # parse the repository
> ($method, $user, $host, $dir) = parse_repository $rep;
> # print "met: $method, user: $user, host: $host, dir: $dir\n";
>
> # construct the local fake cvs server name.
> if ($method) { $cvs_serv = ":$method:"; }
> if ($user) { $cvs_serv .= "$user\@"; }
> if ($rep) { $cvs_serv .= "localhost:"; }
> if ($dir) { $cvs_serv .= $dir; }
>
> # print STDERR "DEBUG: cvs_serv = $cvs_serv\n";
>
> # construct the tunneling command
> $SSH_HOST |= $host;
> if ($debug) {
> print STDERR "DEBUG: SSH_HOST=$SSH_HOST\n";
> }
> $SSH_HOST |= $SSH_DEFAULT_HOST;
> if ($debug) {
> print STDERR "DEBUG: SSH_HOST=$SSH_HOST\n";
> }
>
> if ($SSH_USER)
> { $ssh_serv="address@hidden"; }
> else
> { $ssh_serv="$SSH_HOST"; }
>
> # print "ssh_serv: $ssh_serv\n";
>
> $tunnel_cmd = "$SSH_CMD $ssh_serv -q -x -f"
> . ( ($SSH_PORT) ? " -p $SSH_PORT" : "" )
> . " -L $SSH_LOCAL_PORT:$SSH_HOST:$CVS_PORT open";
>
> if ($debug) {
> print "tunnel_cmd: $tunnel_cmd\n";
> }
>
> # execute the tunneling, and read the response from the server
> open (TUNNELSH,"$tunnel_cmd |") or die "Could not execute $tunnel_cmd!";
> chomp ($magicword = <TUNNELSH>);
> if ($debug) {
> print STDERR "magicword = $magicword!\n";
> }
>
> # Now we can call system to execute the cvs command.
> if ($debug) {
> print STDERR "Doing: $CVS_CMD ", ( ($cvs_serv) ? ('-d ', "$cvs_serv ") : ()
> ) , "@ARGV", "\n";
> }
> $exitcode = system "$CVS_CMD", ( ($cvs_serv) ? ('-d', $cvs_serv) : () ) ,
> @ARGV;
>
> if ($exitcode) { print STDERR "Could not execute CVS command!\n"; }
>
> # close the tunnel
> if ($debug) {
> print STDERR "DEBUG: ", ( "$SSH_CMD $ssh_serv -q -x -f"
> . ( ($SSH_PORT) ? " -p $SSH_PORT" : "" )
> . " $magicword" );
>
> print STDERR "before close\n";
> }
>
> system ( "$SSH_CMD $ssh_serv -q -x -f"
> . ( ($SSH_PORT) ? " -p $SSH_PORT" : "" )
> . " $magicword" );
>
> if ($debug) {
> print STDERR "right after close\n";
> }
--
Ben Greear <address@hidden> <address@hidden>
President of Candela Technologies Inc http://www.candelatech.com
ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fwd: CVS/ssh/chroot setup question (can login, but not checkout)],
Ben Greear <=