diff --git a/gnu/dist/cvs/doc/stamp-1 b/gnu/dist/cvs/doc/stamp-1 index 4fb4764aa3ab..f1ea11e352d3 100644 --- a/gnu/dist/cvs/doc/stamp-1 +++ b/gnu/dist/cvs/doc/stamp-1 @@ -1,4 +1,4 @@ -@set UPDATED 6 October 2003 -@set UPDATED-MONTH October 2003 -@set EDITION 1.11.10 -@set VERSION 1.11.10 +@set UPDATED 4 December 2003 +@set UPDATED-MONTH December 2003 +@set EDITION 1.11.11 +@set VERSION 1.11.11 diff --git a/gnu/dist/cvs/doc/stamp-vti b/gnu/dist/cvs/doc/stamp-vti index 1dbf27e23742..f1ea11e352d3 100644 --- a/gnu/dist/cvs/doc/stamp-vti +++ b/gnu/dist/cvs/doc/stamp-vti @@ -1,4 +1,4 @@ -@set UPDATED 18 November 2003 -@set UPDATED-MONTH November 2003 -@set EDITION 1.11.10 -@set VERSION 1.11.10 +@set UPDATED 4 December 2003 +@set UPDATED-MONTH December 2003 +@set EDITION 1.11.11 +@set VERSION 1.11.11 diff --git a/gnu/dist/cvs/doc/version-client.texi b/gnu/dist/cvs/doc/version-client.texi index 4fb4764aa3ab..f1ea11e352d3 100644 --- a/gnu/dist/cvs/doc/version-client.texi +++ b/gnu/dist/cvs/doc/version-client.texi @@ -1,4 +1,4 @@ -@set UPDATED 6 October 2003 -@set UPDATED-MONTH October 2003 -@set EDITION 1.11.10 -@set VERSION 1.11.10 +@set UPDATED 4 December 2003 +@set UPDATED-MONTH December 2003 +@set EDITION 1.11.11 +@set VERSION 1.11.11 diff --git a/gnu/dist/cvs/doc/version.texi b/gnu/dist/cvs/doc/version.texi index 1dbf27e23742..f1ea11e352d3 100644 --- a/gnu/dist/cvs/doc/version.texi +++ b/gnu/dist/cvs/doc/version.texi @@ -1,4 +1,4 @@ -@set UPDATED 18 November 2003 -@set UPDATED-MONTH November 2003 -@set EDITION 1.11.10 -@set VERSION 1.11.10 +@set UPDATED 4 December 2003 +@set UPDATED-MONTH December 2003 +@set EDITION 1.11.11 +@set VERSION 1.11.11 diff --git a/gnu/dist/cvs/src/run.c b/gnu/dist/cvs/src/run.c index 2ebc27810051..62152d34402c 100644 --- a/gnu/dist/cvs/src/run.c +++ b/gnu/dist/cvs/src/run.c @@ -462,7 +462,7 @@ close_on_exec (fd) int fd; { #ifdef F_SETFD - if (fcntl (fd, F_SETFD, 1)) + if (fcntl (fd, F_SETFD, 1) == -1) error (1, errno, "can't set close-on-exec flag on %d", fd); #endif } diff --git a/gnu/dist/cvs/src/server.c b/gnu/dist/cvs/src/server.c index d10316e13937..31a8bc1f9175 100644 --- a/gnu/dist/cvs/src/server.c +++ b/gnu/dist/cvs/src/server.c @@ -4409,6 +4409,7 @@ template_proc (repository, template) return 1; } } + buf_send_counted (protocol); if (fclose (fp) < 0) error (0, errno, "cannot close rcsinfo template file %s", template); return 0; @@ -5125,10 +5126,11 @@ error ENOMEM Virtual memory exhausted.\n"); #if defined (HAVE_KERBEROS) || defined (AUTH_SERVER_SUPPORT) || defined (HAVE_GSSAPI) -static void switch_to_user PROTO((const char *)); +static void switch_to_user PROTO((const char *, const char *)); static void -switch_to_user (username) +switch_to_user (cvs_username, username) + const char *cvs_username; /* Only used for error messages. */ const char *username; { struct passwd *pw; @@ -5146,6 +5148,20 @@ error 0 %s: no such system user\n", username); error_exit (); } + if (pw->pw_uid == 0) + { +#ifdef HAVE_SYSLOG_H + /* FIXME: Can the IP address of the connecting client be retrieved + * and printed here? + */ + syslog (LOG_DAEMON | LOG_ALERT, + "attempt to root from account: %s", cvs_username + ); +#endif + printf("error 0: root not allowed\n"); + error_exit (); + } + #if HAVE_INITGROUPS if (initgroups (pw->pw_name, pw->pw_gid) < 0 # ifdef EPERM @@ -5751,7 +5767,7 @@ pserver_authenticate_connection () strcpy (Pserver_Repos, repository); /* Switch to run as this user. */ - switch_to_user (host_user); + switch_to_user (username, host_user); free (host_user); free (tmp); free (repository); @@ -5834,7 +5850,7 @@ error 0 kerberos: can't get local name: %s\n", krb_get_err_text(status)); } /* Switch to run as this user. */ - switch_to_user (user); + switch_to_user (user, user); } #endif /* HAVE_KERBEROS */ @@ -5946,7 +5962,7 @@ gserver_authenticate_connection () error (1, errno, "fwrite failed"); } - switch_to_user (buf); + switch_to_user ("GSSAPI", buf); printf ("I LOVE YOU\n"); fflush (stdout);