Index: /COPYRIGHT =================================================================== --- /COPYRIGHT (revision 1) +++ /COPYRIGHT (revision 1) @@ -0,0 +1,357 @@ +scripts.mit.edu repository +Copyright (C) 2006 Jeff Arnold (unless noted otherwise) + +These programs are free software; you can redistribute them and/or +modify them under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +These programs are distributed in the hope that they will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. Index: /README =================================================================== --- /README (revision 1) +++ /README (revision 1) @@ -0,0 +1,2 @@ +server: + code needed to run a scripts.mit.edu server Index: /server/README =================================================================== --- /server/README (revision 1) +++ /server/README (revision 1) @@ -0,0 +1,11 @@ +common: + distribution-independent code needed to run a scripts.mit.edu server + +fedora: + distribution-dependent code needed to run a fedora scripts.mit.edu server + +debian: + distribution-dependent code needed to run a debian scripts.mit.edu server + +doc: + documentation related to running a scripts.mit.edu server Index: /server/common/config/httpd.conf =================================================================== --- /server/common/config/httpd.conf (revision 1) +++ /server/common/config/httpd.conf (revision 1) @@ -0,0 +1,274 @@ +#ServerType standalone +ServerRoot /etc/httpd +#LockFile /var/lock/apache.lock +PidFile run/httpd.pid +#ScoreBoardFile /var/run/apache.scoreboard +Timeout 300 +KeepAlive On +MaxKeepAliveRequests 100 +KeepAliveTimeout 15 +MinSpareServers 5 +MaxSpareServers 20 +StartServers 8 +MaxClients 256 +MaxRequestsPerChild 4000 + +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_alias_module modules/mod_authn_alias.so +LoadModule authn_anon_module modules/mod_authn_anon.so +#LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_default_module modules/mod_authn_default.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +#LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_default_module modules/mod_authz_default.so +#LoadModule ldap_module modules/mod_ldap.so +#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +LoadModule include_module modules/mod_include.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule env_module modules/mod_env.so +LoadModule ext_filter_module modules/mod_ext_filter.so +#LoadModule mime_magic_module modules/mod_mime_magic.so +#LoadModule expires_module modules/mod_expires.so +#LoadModule deflate_module modules/mod_deflate.so +#LoadModule headers_module modules/mod_headers.so +#LoadModule usertrack_module modules/mod_usertrack.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule mime_module modules/mod_mime.so +#LoadModule dav_module modules/mod_dav.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +#LoadModule info_module modules/mod_info.so +#LoadModule dav_fs_module modules/mod_dav_fs.so +#LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +LoadModule actions_module modules/mod_actions.so +#LoadModule speling_module modules/mod_speling.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +LoadModule rewrite_module modules/mod_rewrite.so +#LoadModule proxy_module modules/mod_proxy.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +#LoadModule cache_module modules/mod_cache.so +LoadModule suexec_module modules/mod_suexec.so +#LoadModule disk_cache_module modules/mod_disk_cache.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule mem_cache_module modules/mod_mem_cache.so +LoadModule cgi_module modules/mod_cgi.so +LoadModule ssl_module modules/mod_ssl.so + +User apache +Group apache + + + Options Includes FollowSymLinks + AllowOverride All + + +UserDir web_scripts + + + AllowOverride None + Options FollowSymLinks IncludesNoExec + + + + AllowOverride All + Options FollowSymLinks IncludesNoExec + + + + AllowOverride All + Options FollowSymLinks IncludesNoExec + + + + AllowOverride All + Options FollowSymLinks IncludesNoExec + + + + AllowOverride All + Options FollowSymLinks IncludesNoExec + + + + AllowOverride All + Options FollowSymLinks IncludesNoExec + + + + DirectoryIndex index.html index.htm index.cgi index.pl index.php index.py index.shtml + + +AccessFileName .htaccess + + + Order Allow,Deny + Deny from all + + +UseCanonicalName Off +TypesConfig /etc/mime.types +DefaultType text/plain + +AddDefaultCharset on + +HostnameLookups Off +ErrorLog "/var/log/httpd/error_log" +LogLevel warn +LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +CustomLog /var/log/httpd/access_log combined +ServerSignature Off +ServerAdmin scripts@mit.edu +ServerTokens Prod + + + IndexOptions NameWidth=* + + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* + + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + AddIcon /icons/bomb.gif core + AddIcon /icons/deb.gif .deb + + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ + + DefaultIcon /icons/unknown.gif + + ReadmeName README + HeaderName HEADER + + IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + + + + AddType application/xhtml+xml .xhtml + AddType application/http-index-format .hti + AddType text/html .html + AddType text/css .css + AddType text/xsl .xslt + AddType application/x-javascript .js + AddType application/xml .xml + AddType image/svg+xml .svg + AddType application/vnd.mozilla.xul+xml .xul + AddType application/rdf+xml .rdf + AddType application/x-xpinstall .xpi + AddType text/xml .xsl + #AddOutputFilterByType mod-xslt application/xml + AddType text/html .shtml + AddHandler server-parsed .shtml + + + + AddEncoding x-compress Z + AddEncoding x-gzip gz tgz + + AddLanguage da .dk + AddLanguage nl .nl + AddLanguage en .en + AddLanguage et .ee + AddLanguage fr .fr + AddLanguage de .de + AddLanguage el .el + AddLanguage it .it + AddLanguage ja .ja + AddCharset ISO-2022-JP .jis + AddLanguage pl .po + AddCharset ISO-8859-2 .iso-pl + AddLanguage pt .pt + AddLanguage pt-br .pt-br + AddLanguage ltz .lu + AddLanguage ca .ca + AddLanguage es .es + AddLanguage sv .se + AddLanguage cz .cz + + + LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv + + + #AddType application/x-httpd-php .php + #AddType application/x-httpd-php-source .phps + + AddType application/x-tar .tgz + AddType image/bmp .bmp + + # hdml + AddType text/x-hdml .hdml + + #AddType text/html .shtml + #AddHandler server-parsed .shtml + + + + BrowserMatch "Mozilla/2" nokeepalive + BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + BrowserMatch "RealPlayer 4\.0" force-response-1.0 + BrowserMatch "Java/1\.0" force-response-1.0 + BrowserMatch "JDK/1\.0" force-response-1.0 + SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown + + +Listen 80 + + +Listen 443 + +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +SSLPassPhraseDialog builtin + +SSLSessionCache dbm:/var/run/ssl_scache +SSLSessionCacheTimeout 300 +SSLMutex file:/var/run/ssl_mutex +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + + +RLimitCPU 60 60 +RLimitMEM 268435456 268435456 +RLimitNPROC 1024 1024 + +SetEnv REDIRECT_STATUS CGI +SetEnv PHPRC . + +NameVirtualHost *:80 +NameVirtualHost *:443 + +ServerName localhost +DocumentRoot /afs/athena.mit.edu/contrib/scripts/www +Include /etc/httpd/conf.d/static.conf +Include /afs/athena.mit.edu/contrib/scripts/vhosts/better-mousetrap.conf Index: /server/common/oursrc/execsys/Makefile.in =================================================================== --- /server/common/oursrc/execsys/Makefile.in (revision 1) +++ /server/common/oursrc/execsys/Makefile.in (revision 1) @@ -0,0 +1,20 @@ +CC = @CC@ +CFLAGS = @CFLAGS@ + +all-local: staticsys-cat update + +staticsys-cat: update + $(CC) $(CFLAGS) -o $@ staticsys-cat.c + +update: + @UPD_VARS@ perl upd-execsys + +clean: + rm -f staticsys-cat + +preauto: clean + rm -f configure config.* Makefile + rm -rf auto*.cache + +ready: preauto + autoconf Index: /server/common/oursrc/execsys/configure.in =================================================================== --- /server/common/oursrc/execsys/configure.in (revision 1) +++ /server/common/oursrc/execsys/configure.in (revision 1) @@ -0,0 +1,31 @@ +AC_INIT(staticsys-cat.c.pre) + +AC_PROG_CC + +AC_ARG_WITH(syscat, +[ --with-syscat[=DIR] staticsys-cat will be located in DIR],[ + if test "$withval" != "no" -a "$withval" != "yes"; then + UPD_VARS="syscat_path=$withval/staticsys-cat $UPD_VARS" + fi +]) + +AC_ARG_WITH(afsagent, +[ --with-afsagent[=UID] afsagent will have user id UID],[ + if test "$withval" != "no" -a "$withval" != "yes"; then + CFLAGS="-DAFSAGENT_UID=$withval $CCFLAGS" + fi +]) + +AC_DEFUN(SUPPORT,[AC_ARG_WITH($1, +[ --with-$1[=PATH]$2 associate .$1 with PATH],[ + if test "$withval" != "no" -a "$withval" != "yes"; then + UPD_VARS="$1_path=$withval $UPD_VARS" + fi +])]) + +SUPPORT([pl], [ ]) +SUPPORT([php], []) +SUPPORT([py], [ ]) + +AC_SUBST(UPD_VARS) +AC_OUTPUT(Makefile) Index: /server/common/oursrc/execsys/execsys-binfmt.pre =================================================================== --- /server/common/oursrc/execsys/execsys-binfmt.pre (revision 1) +++ /server/common/oursrc/execsys/execsys-binfmt.pre (revision 1) @@ -0,0 +1,14 @@ +#!/bin/sh +# +# execsys-binfmt: test1 +# +# chkconfig: 2345 2 99 +# description: test2 +# + +mount -t binfmt_misc none /proc/sys/fs/binfmt_misc +echo "-1" > /proc/sys/fs/binfmt_misc/status + +# START-AUTOGENERATED: DO NOT EDIT THIS SECTION, INCLUDING THIS LINE! +# This section is populated by the script upd-execsys +# END-AUTOGENERATED: DO NOT EDIT THIS SECTION, INCLUDING THIS LINE! Index: /server/common/oursrc/execsys/execsys.conf =================================================================== --- /server/common/oursrc/execsys/execsys.conf (revision 1) +++ /server/common/oursrc/execsys/execsys.conf (revision 1) @@ -0,0 +1,135 @@ + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + + + SetHandler cgi-script + Options +ExecCGI + + Index: /server/common/oursrc/execsys/mime.types =================================================================== --- /server/common/oursrc/execsys/mime.types (revision 1) +++ /server/common/oursrc/execsys/mime.types (revision 1) @@ -0,0 +1,506 @@ +# This is a comment. I love comments. + +# This file controls what Internet media types are sent to the client for +# given file extension(s). Sending the correct media type to the client +# is important so they know how to handle the content of the file. +# Extra types can either be added here or by using an AddType directive +# in your config files. For more information about Internet media types, +# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type +# registry is at . + +# MIME type Extension +application/EDI-Consent +application/EDI-X12 +application/EDIFACT +application/activemessage +application/andrew-inset ez +application/applefile +application/atomicmail +application/batch-SMTP +application/beep+xml +application/cals-1840 +application/commonground +application/cybercash +application/dca-rft +application/dec-dx +application/dvcs +application/eshop +application/http +application/hyperstudio +application/iges +application/index +application/index.cmd +application/index.obj +application/index.response +application/index.vnd +application/iotp +application/ipp +application/isup +application/font-tdpfr +application/java-archive jar +application/mac-binhex40 hqx +application/mac-compactpro cpt +application/macwriteii +application/marc +application/mathematica +application/mathematica-old +application/msword doc +application/news-message-id +application/news-transmission +application/ocsp-request +application/ocsp-response +application/octet-stream bin dms lha lzh exe class so dll img iso +application/ogg ogg +application/parityfec +application/pdf pdf +application/pgp-encrypted +application/pgp-keys +application/pgp-signature +application/pkcs10 +application/pkcs7-mime +application/pkcs7-signature +application/pkix-cert +application/pkix-crl +application/pkixcmp +application/postscript ai eps ps +application/prs.alvestrand.titrax-sheet +application/prs.cww +application/prs.nprend +application/qsig +application/remote-printing +application/riscos +application/rtf rtf +application/sdp +application/set-payment +application/set-payment-initiation +application/set-registration +application/set-registration-initiation +application/sgml +application/sgml-open-catalog +application/sieve +application/slate +application/smil smi smil +application/timestamp-query +application/timestamp-reply +application/vemmi +application/vnd.3M.Post-it-Notes +application/vnd.FloGraphIt +application/vnd.accpac.simply.aso +application/vnd.accpac.simply.imp +application/vnd.acucobol +application/vnd.aether.imp +application/vnd.anser-web-certificate-issue-initiation +application/vnd.anser-web-funds-transfer-initiation +application/vnd.audiograph +application/vnd.businessobjects +application/vnd.bmi +application/vnd.canon-cpdl +application/vnd.canon-lips +application/vnd.claymore +application/vnd.commerce-battelle +application/vnd.commonspace +application/vnd.comsocaller +application/vnd.contact.cmsg +application/vnd.cosmocaller +application/vnd.cups-postscript +application/vnd.cups-raster +application/vnd.cups-raw +application/vnd.ctc-posml +application/vnd.cybank +application/vnd.dna +application/vnd.dpgraph +application/vnd.dxr +application/vnd.ecdis-update +application/vnd.ecowin.chart +application/vnd.ecowin.filerequest +application/vnd.ecowin.fileupdate +application/vnd.ecowin.series +application/vnd.ecowin.seriesrequest +application/vnd.ecowin.seriesupdate +application/vnd.enliven +application/vnd.epson.esf +application/vnd.epson.msf +application/vnd.epson.quickanime +application/vnd.epson.salt +application/vnd.epson.ssf +application/vnd.ericsson.quickcall +application/vnd.eudora.data +application/vnd.fdf +application/vnd.ffsns +application/vnd.framemaker +application/vnd.fsc.weblaunch +application/vnd.fujitsu.oasys +application/vnd.fujitsu.oasys2 +application/vnd.fujitsu.oasys3 +application/vnd.fujitsu.oasysgp +application/vnd.fujitsu.oasysprs +application/vnd.fujixerox.ddd +application/vnd.fujixerox.docuworks +application/vnd.fujixerox.docuworks.binder +application/vnd.fut-misnet +application/vnd.grafeq +application/vnd.groove-account +application/vnd.groove-identity-message +application/vnd.groove-injector +application/vnd.groove-tool-message +application/vnd.groove-tool-template +application/vnd.groove-vcard +application/vnd.hhe.lesson-player +application/vnd.hp-HPGL +application/vnd.hp-PCL +application/vnd.hp-PCLXL +application/vnd.hp-hpid +application/vnd.hp-hps +application/vnd.httphone +application/vnd.hzn-3d-crossword +application/vnd.ibm.afplinedata +application/vnd.ibm.MiniPay +application/vnd.ibm.modcap +application/vnd.informix-visionary +application/vnd.intercon.formnet +application/vnd.intertrust.digibox +application/vnd.intertrust.nncp +application/vnd.intu.qbo +application/vnd.intu.qfx +application/vnd.irepository.package+xml +application/vnd.is-xpr +application/vnd.japannet-directory-service +application/vnd.japannet-jpnstore-wakeup +application/vnd.japannet-payment-wakeup +application/vnd.japannet-registration +application/vnd.japannet-registration-wakeup +application/vnd.japannet-setstore-wakeup +application/vnd.japannet-verification +application/vnd.japannet-verification-wakeup +application/vnd.koan +application/vnd.lotus-1-2-3 +application/vnd.lotus-approach +application/vnd.lotus-freelance +application/vnd.lotus-notes +application/vnd.lotus-organizer +application/vnd.lotus-screencam +application/vnd.lotus-wordpro +application/vnd.mcd +application/vnd.mediastation.cdkey +application/vnd.meridian-slingshot +application/vnd.mif mif +application/vnd.minisoft-hp3000-save +application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf +application/vnd.mobius.dis +application/vnd.mobius.msl +application/vnd.mobius.plc +application/vnd.mobius.txf +application/vnd.motorola.flexsuite +application/vnd.motorola.flexsuite.adsi +application/vnd.motorola.flexsuite.fis +application/vnd.motorola.flexsuite.gotap +application/vnd.motorola.flexsuite.kmr +application/vnd.motorola.flexsuite.ttc +application/vnd.motorola.flexsuite.wem +application/vnd.mozilla.xul+xml +application/vnd.ms-artgalry +application/vnd.ms-asf +application/vnd.ms-excel xls +application/vnd.ms-lrm +application/vnd.ms-powerpoint ppt +application/vnd.ms-project +application/vnd.ms-tnef +application/vnd.ms-works +application/vnd.mseq +application/vnd.msign +application/vnd.music-niff +application/vnd.musician +application/vnd.netfpx +application/vnd.noblenet-directory +application/vnd.noblenet-sealer +application/vnd.noblenet-web +application/vnd.novadigm.EDM +application/vnd.novadigm.EDX +application/vnd.novadigm.EXT +application/vnd.oasis.opendocument.chart odc +application/vnd.oasis.opendocument.database odb +application/vnd.oasis.opendocument.formula odf +application/vnd.oasis.opendocument.graphics odg +application/vnd.oasis.opendocument.graphics-template otg +application/vnd.oasis.opendocument.image odi +application/vnd.oasis.opendocument.presentation odp +application/vnd.oasis.opendocument.presentation-template otp +application/vnd.oasis.opendocument.spreadsheet ods +application/vnd.oasis.opendocument.spreadsheet-template ots +application/vnd.oasis.opendocument.text odt +application/vnd.oasis.opendocument.text-master odm +application/vnd.oasis.opendocument.text-template ott +application/vnd.oasis.opendocument.text-web oth +application/vnd.osa.netdeploy +application/vnd.palm +application/vnd.pg.format +application/vnd.pg.osasli +application/vnd.powerbuilder6 +application/vnd.powerbuilder6-s +application/vnd.powerbuilder7 +application/vnd.powerbuilder7-s +application/vnd.powerbuilder75 +application/vnd.powerbuilder75-s +application/vnd.previewsystems.box +application/vnd.publishare-delta-tree +application/vnd.pvi.ptid1 +application/vnd.pwg-xhtml-print+xml +application/vnd.rapid +application/vnd.s3sms +application/vnd.seemail +application/vnd.shana.informed.formdata +application/vnd.shana.informed.formtemplate +application/vnd.shana.informed.interchange +application/vnd.shana.informed.package +application/vnd.sss-cod +application/vnd.sss-dtf +application/vnd.sss-ntf +application/vnd.sun.xml.writer sxw +application/vnd.sun.xml.writer.template stw +application/vnd.sun.xml.calc sxc +application/vnd.sun.xml.calc.template stc +application/vnd.sun.xml.draw sxd +application/vnd.sun.xml.draw.template std +application/vnd.sun.xml.impress sxi +application/vnd.sun.xml.impress.template sti +application/vnd.sun.xml.writer.global sxg +application/vnd.sun.xml.math sxm +application/vnd.street-stream +application/vnd.svd +application/vnd.swiftview-ics +application/vnd.triscape.mxs +application/vnd.trueapp +application/vnd.truedoc +application/vnd.tve-trigger +application/vnd.ufdl +application/vnd.uplanet.alert +application/vnd.uplanet.alert-wbxml +application/vnd.uplanet.bearer-choice-wbxml +application/vnd.uplanet.bearer-choice +application/vnd.uplanet.cacheop +application/vnd.uplanet.cacheop-wbxml +application/vnd.uplanet.channel +application/vnd.uplanet.channel-wbxml +application/vnd.uplanet.list +application/vnd.uplanet.list-wbxml +application/vnd.uplanet.listcmd +application/vnd.uplanet.listcmd-wbxml +application/vnd.uplanet.signal +application/vnd.vcx +application/vnd.vectorworks +application/vnd.vidsoft.vidconference +application/vnd.visio +application/vnd.vividence.scriptfile +application/vnd.wap.sic +application/vnd.wap.slc +application/vnd.wap.wbxml wbxml +application/vnd.wap.wmlc wmlc +application/vnd.wap.wmlscriptc wmlsc +application/vnd.webturbo +application/vnd.wrq-hp3000-labelled +application/vnd.wt.stf +application/vnd.xara +application/vnd.xfdl +application/vnd.yellowriver-custom-menu +application/whoispp-query +application/whoispp-response +application/wita +application/wordperfect5.1 +application/x-bcpio bcpio +application/x-bittorrent torrent +application/x-bzip2 bz2 +application/x-cdlink vcd +application/x-chess-pgn pgn +application/x-compress +application/x-cpio cpio +application/x-csh csh +application/x-director dcr dir dxr +application/x-dvi dvi +application/x-futuresplash spl +application/x-gtar gtar +application/x-gzip gz tgz +application/x-hdf hdf +application/x-javascript js +application/x-kword kwd kwt +application/x-kspread ksp +application/x-kpresenter kpr kpt +application/x-kchart chrt +application/x-killustrator kil +application/x-koan skp skd skt skm +application/x-latex latex +application/x-netcdf nc cdf +# This conflicts with audio/x-pn-realaudio-plugin, which is commented out below. +application/x-rpm rpm +application/x-sh sh +application/x-shar shar +application/x-shockwave-flash swf +application/x-stuffit sit +application/x-sv4cpio sv4cpio +application/x-sv4crc sv4crc +application/x-tar tar +application/x-tcl tcl +application/x-tex tex +application/x-texinfo texinfo texi +application/x-troff t tr roff +application/x-troff-man man +application/x-troff-me me +application/x-troff-ms ms +application/x-ustar ustar +application/x-wais-source src +application/x400-bp +application/xhtml+xml xhtml xht +application/xml +application/xml-dtd +application/xml-external-parsed-entity +application/zip zip +audio/32kadpcm +audio/basic au snd +audio/g.722.1 +audio/l16 +audio/midi mid midi kar +audio/mp4a-latm +audio/mpa-robust +audio/mpeg mpga mp2 mp3 +audio/parityfec +audio/prs.sid +audio/telephone-event +audio/tone +audio/vnd.cisco.nse +audio/vnd.cns.anp1 +audio/vnd.cns.inf1 +audio/vnd.digital-winds +audio/vnd.everad.plj +audio/vnd.lucent.voice +audio/vnd.nortel.vbk +audio/vnd.nuera.ecelp4800 +audio/vnd.nuera.ecelp7470 +audio/vnd.nuera.ecelp9600 +audio/vnd.octel.sbc +audio/vnd.qcelp +audio/vnd.rhetorex.32kadpcm +audio/vnd.vmx.cvsd +audio/x-aiff aif aiff aifc +audio/x-mpegurl m3u +audio/x-pn-realaudio ram rm +#audio/x-pn-realaudio-plugin rpm +audio/x-realaudio ra +audio/x-wav wav +chemical/x-pdb pdb +chemical/x-xyz xyz +image/bmp bmp +image/cgm +image/g3fax +image/gif gif +image/ief ief +image/jpeg jpeg jpg jpe +image/naplps +image/png png +image/prs.btif +image/prs.pti +image/tiff tiff tif +image/vnd.cns.inf2 +image/vnd.djvu djvu djv +image/vnd.dwg +image/vnd.dxf +image/vnd.fastbidsheet +image/vnd.fpx +image/vnd.fst +image/vnd.fujixerox.edmics-mmr +image/vnd.fujixerox.edmics-rlc +image/vnd.microsoft.icon ico +image/vnd.mix +image/vnd.net-fpx +image/vnd.svf +image/vnd.wap.wbmp wbmp +image/vnd.xiff +image/x-cmu-raster ras +image/x-portable-anymap pnm +image/x-portable-bitmap pbm +image/x-portable-graymap pgm +image/x-portable-pixmap ppm +image/x-rgb rgb +image/x-xbitmap xbm +image/x-xpixmap xpm +image/x-xwindowdump xwd +message/delivery-status +message/disposition-notification +message/external-body +message/http +message/news +message/partial +message/rfc822 +message/s-http +model/iges igs iges +model/mesh msh mesh silo +model/vnd.dwf +model/vnd.flatland.3dml +model/vnd.gdl +model/vnd.gs-gdl +model/vnd.gtw +model/vnd.mts +model/vnd.vtu +model/vrml wrl vrml +multipart/alternative +multipart/appledouble +multipart/byteranges +multipart/digest +multipart/encrypted +multipart/form-data +multipart/header-set +multipart/mixed +multipart/parallel +multipart/related +multipart/report +multipart/signed +multipart/voice-message +text/calendar +text/css css +text/directory +text/enriched +text/html html htm +text/parityfec +text/plain asc txt +text/prs.lines.tag +text/rfc822-headers +text/richtext rtx +text/rtf rtf +text/sgml sgml sgm +text/tab-separated-values tsv +text/t140 +text/uri-list +text/vnd.DMClientScript +text/vnd.IPTC.NITF +text/vnd.IPTC.NewsML +text/vnd.abc +text/vnd.curl +text/vnd.flatland.3dml +text/vnd.fly +text/vnd.fmi.flexstor +text/vnd.in3d.3dml +text/vnd.in3d.spot +text/vnd.latex-z +text/vnd.motorola.reflex +text/vnd.ms-mediapackage +text/vnd.wap.si +text/vnd.wap.sl +text/vnd.wap.wml wml +text/vnd.wap.wmlscript wmls +text/x-setext etx +text/xml xml xsl +text/xml-external-parsed-entity +video/mp4v-es +video/mpeg mpeg mpg mpe +video/parityfec +video/pointer +video/quicktime qt mov +video/vnd.fvt +video/vnd.motorola.video +video/vnd.motorola.videop +video/vnd.mpegurl mxu +video/vnd.mts +video/vnd.nokia.interleaved-multimedia +video/vnd.vivo +video/x-msvideo avi +video/x-sgi-movie movie +x-conference/x-cooltalk ice Index: /server/common/oursrc/execsys/staticsys-cat.c.pre =================================================================== --- /server/common/oursrc/execsys/staticsys-cat.c.pre (revision 1) +++ /server/common/oursrc/execsys/staticsys-cat.c.pre (revision 1) @@ -0,0 +1,357 @@ +/* + * staticsys-cat + * Copyright (C) 2006 Jeff Arnold + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * + * See /COPYRIGHT in this repository for more information. + */ + +#include +#include +#include +#include +#include +#include + +// Map from extensions to content-types + +// START-AUTOGENERATED: DO NOT EDIT THIS SECTION, INCLUDING THIS LINE! +// This section is populated by the script upd-execsys +// END-AUTOGENERATED: DO NOT EDIT THIS SECTION, INCLUDING THIS LINE! + +// Start code from w3c's libwww library +// (as obtained from http://www.w3.org/Library/src/HTWWWStr.html) + +char *months[12] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", + "Oct", "Nov", "Dec" +}; + +char *wkdays[7] = { + "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" +}; + +/* +** Returns a string pointer to a static area of the current calendar +** time in RFC 1123 format, for example +** +** Sun, 06 Nov 1994 08:49:37 GMT +** +** The result can be given in both local and GMT dependent on the flag +*/ +const char *HTDateTimeStr(time_t * calendar, int local) +{ + static char buf[40]; + +#ifdef HAVE_STRFTIME + if (local) { + /* + ** Solaris 2.3 has a bug so we _must_ use reentrant version + ** Thomas Maslen + */ +#if defined(HT_REENTRANT) || defined(SOLARIS) + struct tm loctime; + localtime_r(calendar, &loctime); + strftime(buf, 40, "%a, %d %b %Y %H:%M:%S", &loctime); +#else + struct tm *loctime = localtime(calendar); + strftime(buf, 40, "%a, %d %b %Y %H:%M:%S", loctime); +#endif /* SOLARIS || HT_REENTRANT */ + } else { +#if defined(HT_REENTRANT) || defined(SOLARIS) + struct tm gmt; + gmtime_r(calendar, &gmt); + strftime(buf, 40, "%a, %d %b %Y %H:%M:%S GMT", &gmt); +#else + struct tm *gmt = gmtime(calendar); + strftime(buf, 40, "%a, %d %b %Y %H:%M:%S GMT", gmt); +#endif /* SOLARIS || HT_REENTRANT */ + } +#else + if (local) { +#if defined(HT_REENTRANT) + struct tm loctime; + localtime_r(calendar, &loctime); +#else + struct tm *loctime = localtime(calendar); +#endif /* HT_REENTRANT */ + sprintf(buf, "%s, %02d %s %04d %02d:%02d:%02d", + wkdays[loctime->tm_wday], + loctime->tm_mday, + months[loctime->tm_mon], + loctime->tm_year + 1900, + loctime->tm_hour, loctime->tm_min, + loctime->tm_sec); + } else { +#if defined(HT_REENTRANT) || defined(SOLARIS) + struct tm gmt; + gmtime_r(calendar, &gmt); +#else + struct tm *gmt = gmtime(calendar); +#endif + sprintf(buf, "%s, %02d %s %04d %02d:%02d:%02d GMT", + wkdays[gmt->tm_wday], + gmt->tm_mday, + months[gmt->tm_mon], + gmt->tm_year + 1900, gmt->tm_hour, gmt->tm_min, + gmt->tm_sec); + } +#endif + return buf; +} + +// End code from w3c's libwww library + +// Start code from gnu +// (as obtained from "apt-get source coreutils" on debian sarge) + +// JBA: included by safe_read.h, safe_write.h, full_read.h, and full_write.h +#include + +// JBA: included by safe_read.c and full_write.c +#if HAVE_CONFIG_H +# include +#endif + +// JBA: included by safe_read.c and full_write.c +#include +#ifndef errno +extern int errno; +#endif + +// Code from system.h: + +#ifndef STDOUT_FILENO +# define STDOUT_FILENO 1 +#endif + +// Code from safe_read.h: + +#define SAFE_READ_ERROR ((size_t) -1) + +// Code from safe_write.h + +#define SAFE_WRITE_ERROR ((size_t) -1) + +// Code from safe_read.c + +/* Get ssize_t. */ +#include +#if HAVE_UNISTD_H +# include +#endif + +#ifdef EINTR +# define IS_EINTR(x) ((x) == EINTR) +#else +# define IS_EINTR(x) 0 +#endif + +#include + +/* Read(write) up to COUNT bytes at BUF from(to) descriptor FD, retrying if + interrupted. Return the actual number of bytes read(written), zero for EOF, + or SAFE_READ_ERROR(SAFE_WRITE_ERROR) upon error. */ +size_t safe_read(int fd, void *buf, size_t count) +{ + size_t result; + + /* POSIX limits COUNT to SSIZE_MAX, but we limit it further, requiring + that COUNT <= INT_MAX, to avoid triggering a bug in Tru64 5.1. + When decreasing COUNT, keep the file pointer block-aligned. + Note that in any case, read(write) may succeed, yet read(write) + fewer than COUNT bytes, so the caller must be prepared to handle + partial results. */ + if (count > INT_MAX) + count = INT_MAX & ~8191; + + do { + result = read(fd, buf, count); + } + while (result < 0 && IS_EINTR(errno)); + + return (size_t) result; +} + +/* Read(write) up to COUNT bytes at BUF from(to) descriptor FD, retrying if + interrupted. Return the actual number of bytes read(written), zero for EOF, + or SAFE_READ_ERROR(SAFE_WRITE_ERROR) upon error. */ +size_t safe_write(int fd, const void *buf, size_t count) +{ + size_t result; + + /* POSIX limits COUNT to SSIZE_MAX, but we limit it further, requiring + that COUNT <= INT_MAX, to avoid triggering a bug in Tru64 5.1. + When decreasing COUNT, keep the file pointer block-aligned. + Note that in any case, read(write) may succeed, yet read(write) + fewer than COUNT bytes, so the caller must be prepared to handle + partial results. */ + if (count > INT_MAX) + count = INT_MAX & ~8191; + + do { + result = write(fd, buf, count); + } + while (result < 0 && IS_EINTR(errno)); + + return (size_t) result; +} + +// Code from full_write.c + +/* Write(read) COUNT bytes at BUF to(from) descriptor FD, retrying if + interrupted or if a partial write(read) occurs. Return the number + of bytes transferred. + When writing, set errno if fewer than COUNT bytes are written. + When reading, if fewer than COUNT bytes are read, you must examine + errno to distinguish failure from EOF (errno == 0). */ +size_t full_read(int fd, void *buf, size_t count) +{ + size_t total = 0; + char *ptr = buf; + + while (count > 0) { + size_t n_rw = safe_read(fd, ptr, count); + if (n_rw == (size_t) - 1) + break; + if (n_rw == 0) { + errno = 0; + break; + } + total += n_rw; + ptr += n_rw; + count -= n_rw; + } + + return total; +} + +/* Write(read) COUNT bytes at BUF to(from) descriptor FD, retrying if + interrupted or if a partial write(read) occurs. Return the number + of bytes transferred. + When writing, set errno if fewer than COUNT bytes are written. + When reading, if fewer than COUNT bytes are read, you must examine + errno to distinguish failure from EOF (errno == 0). */ +size_t full_write(int fd, const void *buf, size_t count) +{ + size_t total = 0; + const char *ptr = buf; + + while (count > 0) { + size_t n_rw = safe_write(fd, ptr, count); + if (n_rw == (size_t) - 1) + break; + if (n_rw == 0) { + errno = ENOSPC; + break; + } + total += n_rw; + ptr += n_rw; + count -= n_rw; + } + + return total; +} + +// Code from cat.c + +/* Nonzero if a non-fatal error has occurred. */ +static int exit_status = 0; + +static int input_desc; + +/* Plain cat. Copies the file behind `input_desc' to STDOUT_FILENO. */ + +static void simple_cat( + /* Pointer to the buffer, used by reads and writes. */ + char *buf, + /* Number of characters preferably read or written by each read and write + call. */ + int bufsize) +{ + /* Actual number of characters read, and therefore written. */ + size_t n_read; + + /* Loop until the end of the file. */ + + for (;;) { + /* Read a block of input. */ + + n_read = safe_read(input_desc, buf, bufsize); + if (n_read == SAFE_READ_ERROR) { + // JBA: simplified to "exit_status=1; return;" + exit_status = 1; + return; + } + + /* End of this file? */ + + if (n_read == 0) + break; + + /* Write this block out. */ + + { + /* The following is ok, since we know that 0 < n_read. */ + size_t n = n_read; + if (full_write(STDOUT_FILENO, buf, n) != n) + exit(1); // JBA: simplified to "exit(1);" + } + } +} + +// End code from gnu + +int main(int argc, char **argv) +{ + input_desc = open(argv[1], O_RDONLY); + if (input_desc == -1) { + input_desc = + open("/mit/scripts/www/403-404.html", O_RDONLY); + if (input_desc == -1) + exit(0); + printf("Status: 404 Not Found\n"); + printf("Content-type: text/html;\n\n"); + } else { + int i, j; + const char *content_type = "application/octet-stream"; + for (i = strlen(argv[1]) - 1; i > 0; i--) { + if (argv[1][i - 1] == '.') + break; + } + if (i == 0) + exit(0); + for (j = 0; j < 2 * NEXTS; j += 2) { + if (strcmp(map[j], &argv[1][i]) == 0) { + content_type = map[j + 1]; + } + } + + struct stat statbuf; + if (fstat(input_desc, &statbuf) == 0) { + const char *dtstr = + HTDateTimeStr(&statbuf.st_mtime, 0); + printf("Last-Modified: %s\n", dtstr); + } + printf("Content-type: %s\n\n", content_type); + } + fflush(stdout); + char *buf = malloc(4096); + simple_cat(buf, 4096); + free(buf); + close(input_desc); + return exit_status; +} Index: /server/common/oursrc/execsys/upd-execsys =================================================================== --- /server/common/oursrc/execsys/upd-execsys (revision 1) +++ /server/common/oursrc/execsys/upd-execsys (revision 1) @@ -0,0 +1,123 @@ +#!/usr/bin/perl -w +use strict; + +# upd-execsys +# Copyright (C) 2006 Jeff Arnold +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +# See /COPYRIGHT in this repository for more information. + +my @dynamic = qw( + pl + php + py + scm +); + +my @static = qw( + html + css + gif + jpg + png + htm + jpeg + js + ico + xml + xsl + tiff + tif + tgz + tar + jar + pdf + ps + doc + xls + ppt + swf + mp3 +); + +my %map; +open(TYPES, "./mime.types"); +while(my $line = ) { + next if($line =~ /^\#/ or $line =~ /^\s*$/); + my ($type, $exts) = ($line =~ /^(\S*)\s+(.*)$/); + next if($exts =~ /^\s*$/); + + foreach my $ext (split " ", $exts) { + $map{$ext} = $type; + } +} +close(TYPES); + +undef $/; +my $regexp = '(.*[\/\#]+\sSTART-AUTOGENERATED:[^!]*!).*\s([\/\#]+\sEND-AUTOGENERATED.*)'; + +# Read existing binfmt file + +open(BINFMT, "./execsys-binfmt.pre"); +my $file = ; +my ($fstart, $fend) = ($file =~ /$regexp/s); +close(BINFMT); + +# Write new binfmt file + +open(BINFMT, ">./execsys-binfmt"); +print BINFMT $fstart, "\n"; + +foreach my $ext (@dynamic) { + my $path = $ENV{"${ext}_path"}; + print BINFMT "echo \":${ext}:E::${ext}::${path}:\" > /proc/sys/fs/binfmt_misc/register\n" if($path); +} + +foreach my $ext (@static) { + print BINFMT "echo \":${ext}:E::${ext}::$ENV{syscat_path}:\" > /proc/sys/fs/binfmt_misc/register\n"; +} +print BINFMT $fend; +close(BINFMT); + +open(CONF, ">./execsys.conf"); + +foreach my $ext (@dynamic, @static) { + print CONF < + SetHandler cgi-script + Options +ExecCGI + + +END +} +close(CONF); + +open(CAT, "./staticsys-cat.c.pre"); +$file = ; +($fstart, $fend) = ($file =~ /$regexp/s); +close(CAT); + +open(CAT, ">./staticsys-cat.c"); +print CAT $fstart, "\n"; +print CAT '#define NEXTS ', scalar(@static), "\n"; +print CAT "const char *map[2 * NEXTS] = {\n"; +for(my $i = 0; $i < scalar(@static); $i++) { + my $comma = ( $i < scalar(@static)-1 ? "," : "" ); + print CAT "\t\"$static[$i]\", \"$map{$static[$i]}\"$comma\n"; +} +print CAT "};\n"; +print CAT $fend; +close(CAT); Index: /server/common/oursrc/lockeradm/Makefile.in =================================================================== --- /server/common/oursrc/lockeradm/Makefile.in (revision 1) +++ /server/common/oursrc/lockeradm/Makefile.in (revision 1) @@ -0,0 +1,18 @@ +CC = @CC@ +CFLAGS = @CFLAGS@ +prefix = @prefix@ + +all-local: signup-scripts-frontend + +signup-scripts-frontend: + $(CC) $(CFLAGS) -o $@ signup-scripts-frontend.c + +clean: + rm -f signup-scripts-frontend + +preauto: clean + rm -f configure config.* Makefile admof signup-scripts-backend + rm -rf auto*.cache + +ready: preauto + autoconf Index: /server/common/oursrc/lockeradm/admof.in =================================================================== --- /server/common/oursrc/lockeradm/admof.in (revision 1) +++ /server/common/oursrc/lockeradm/admof.in (revision 1) @@ -0,0 +1,98 @@ +#!/usr/bin/perl +use strict; + +# admof +# Copyright (C) 2006 Jeff Arnold +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +# See /COPYRIGHT in this repository for more information. + +$ENV{PATH} = ''; + +my $targetuser; +unless(($targetuser) = ($ARGV[0] =~ /^([\w._-]+)$/)) { + error("Invalid locker name: <$ARGV[0]>."); +} +my $curuser; +unless(($curuuser) = ($ARGV[1] =~ /^([\w._-]+)\@ATHENA\.MIT\.EDU$/)) { + error("An internal error has occurred.\nContact scripts\@mit.edu for assistance."); +} + +my $fs = `@fs_path@ 2>/dev/null la /mit/$targetuser/`; +my @fs = split(/\n/, $fs); + +#Access list for . is +#Normal rights: +# system:scripts-root rlidwka +# system:anyuser rl + +unless($fs[0] =~ /^Access list for \/mit\/$targetuser\/ is$/ && + $fs[1] =~ /^Normal rights:$/) { + error("Cannot find locker <$targetuser>."); +} + +if($ARGV[2] && !getpwnam($targetuser)) { + error("Locker <$targetuser> does not have a scripts.mit.edu account."); +} + +for(my $i = 2; $i < @fs; $i++) { + my ($id) = ($fs[$i] =~ /^ ([\w:_-]+) rlidwka$/); + if($id eq "") { next; } + my $group; + if($id eq $curuser) { success(); } + elsif(($group) = ($id =~ /^(system:.+)/)) { + my $mems = `@pts_path@ 2>/dev/null membership $group`; + my @mems = split(/\n/, $mems); + +#Members of system:scripts-root (id: -56104) are: +# hartmans +# jbarnold +# presbrey +# tabbott +# hartmans.root + + next if($mems[0] !~ /^Members of $group \(id: \S+\) are:$/); + + if($mems =~ /\s+$curuser\s+/) { + success(); + } + } +} + +print <. +In order to be able to su to <$targetuser>, you must have full AFS access +to the root directory of locker <$targetuser>. Try running the command +fs sa /mit/$targetuser $curuser all +on Athena in order to explicitly grant yourself full AFS access. +Contact scripts\@mit.edu if you are unable to solve the problem. + +END + +exit(1); + +sub error { + print STDERR "\nERROR:\n$_[0]\n\n"; + exit(1); +} + +sub success { + print STDERR "\n== SUCCESS ==\nYou are now logged in as user <$targetuser>.\n"; + print STDERR "To return to being <$curuser>, type \"exit\".\n\n"; + exit(33); +} Index: /server/common/oursrc/lockeradm/bash.in =================================================================== --- /server/common/oursrc/lockeradm/bash.in (revision 1) +++ /server/common/oursrc/lockeradm/bash.in (revision 1) @@ -0,0 +1,3 @@ +#!/bin/sh + +@bash_path@ --rcfile /usr/local/etc/bashrc "$@" Index: /server/common/oursrc/lockeradm/configure.in =================================================================== --- /server/common/oursrc/lockeradm/configure.in (revision 1) +++ /server/common/oursrc/lockeradm/configure.in (revision 1) @@ -0,0 +1,36 @@ +AC_INIT(signup-scripts-frontend.c) + +AC_PROG_CC + +dnl Needed by admof.in + +AC_PATH_PROG(fs_path, fs) +AC_SUBST(fs_path) +AC_PATH_PROG(pts_path, pts) +AC_SUBST(pts_path) + +dnl Needed by signup-scripts-backend.in + +AC_PATH_PROG(ls_path, ls) +AC_SUBST(ls_path) +AC_PATH_PROG(grep_path, grep) +AC_SUBST(grep_path) + +AC_PATH_PROG(useradd_path, useradd) +AC_SUBST(useradd_path) +AC_PATH_PROG(groupadd_path, groupadd) +AC_SUBST(groupadd_path) +AC_PATH_PROG(setquota_path, setquota) +AC_SUBST(setquota_path) + +AC_PATH_PROG(hesinfo_path, hesinfo) +AC_SUBST(hesinfo_path) + +dnl Needed by bash.in + +AC_PATH_PROG(bash_path, bash) +AC_SUBST(bash) + +AC_OUTPUT(Makefile) +AC_OUTPUT(admof) +AC_OUTPUT(signup-scripts-backend) Index: /server/common/oursrc/lockeradm/signup-scripts-backend.in =================================================================== --- /server/common/oursrc/lockeradm/signup-scripts-backend.in (revision 1) +++ /server/common/oursrc/lockeradm/signup-scripts-backend.in (revision 1) @@ -0,0 +1,88 @@ +#!/usr/bin/perl +use strict; + +# signup-scripts-backend +# Copyright (C) 2006 Jeff Arnold +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +# See /COPYRIGHT in this repository for more information. + +$ENV{PATH} = ''; + +my $username = $ARGV[0]; + +# Complain unless submitted username contains only valid characters +complain("bad username") unless($username =~ /^[\w._-]+$/); + +complain("banned username") if(`@grep_path@ '$username' /afs/athena.mit.edu/contrib/scripts/admin/users.banned` != ""); + +my $homedir; +my $filsys = `@hesinfo_path@ $username filsys`; +# AFS /afs/athena.mit.edu/user/j/b/jbarnold w /mit/jbarnold +if($filsys =~ /^AFS\s(\/afs\/[\w\._\/-]+)\s.*\s\/mit\/$username$/) { + $homedir = $1; +} +else { + complain("athena user not found"); +} + +# Run ls to confirm user's homedir and obtain user's homedir uid +my $ls_regexp = '^\S*\s+\S*\s+(\S*)\s+(\S*)\s+\S*\s+\S*\s+\S*\s+\S*\s+(\S*).*$'; +my ($uid1, $gid1, $name1) = (`@ls_path@ -dln '$homedir'` =~ $ls_regexp); + +# Complain if user's homedir does not exist +complain("athena homedir not found") unless($name1 eq $homedir); + +# Complain if user's uid is too low or too high +complain("bad uid") unless($uid1 > @min_user_uid@ and $uid1 < (1 << 31)); + +# Run ls to confirm user's .scripts-signup file +my ($uid2, $gid2, $name2) = (`@ls_path@ -dln '$homedir/.scripts-signup'` =~ $ls_regexp); + +# Complain if user's .scripts-signup file does not exist +#complain("scripts-signup file not found") unless($name2 eq "$homedir/.scripts-signup"); + +# Complain if the user's username is already taken +complain("username already taken") if(getpwnam $username); + +# Complain if user's uid is already taken +complain("uid already taken") if(getpwuid $uid1); + +if($homedir !~ /\/afs\/athena\.mit\.edu\/user\//) { + $gid1 = $uid1; +} + +# Complain if user's gid is already taken +complain("gid already taken") if(getgrgid $gid1); + +# Add user to /etc/passwd +`@sudo_path@ -u root @groupadd_path@ -g '$gid1' '$username'`; +`@sudo_path@ -u root @useradd_path@ -d '$homedir' -s '/usr/local/bin/bash' -u '$uid1' -g '$gid1' -G users '$username'`; +# Add disk quota for user +`@sudo_path@ -u root @setquota_path@ '$username' 0 25000 0 10000`; + +printexit("done", 0); + +sub complain { + my ($complaint) = @_; + printexit($complaint, 1); +} + +sub printexit { + my ($msg, $status) = @_; + print $msg; + exit($status); +} Index: /server/common/oursrc/lockeradm/signup-scripts-frontend.c =================================================================== --- /server/common/oursrc/lockeradm/signup-scripts-frontend.c (revision 1) +++ /server/common/oursrc/lockeradm/signup-scripts-frontend.c (revision 1) @@ -0,0 +1,48 @@ +/* + * signup-scripts-frontend + * Copyright (C) 2006 Jeff Arnold + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * + * See /COPYRIGHT in this repository for more information. + */ + +#include +#include + +extern char **environ; + +int main(int argc, char **argv) { + environ=NULL; + if(argc != 2) { + exit(1); + } + + char uid[21]; // 64-bit uid requires 21 + int retval = snprintf(uid, 21, "%d", getuid()); + if(retval < 0 || retval >= 21) { + exit(1); + } + if(setreuid(geteuid(), -1) != 0) { + exit(1); + } + char *v[3]; +#define BACKEND_PATH "/usr/local/sbin/signup-scripts-backend" + v[0] = BACKEND_PATH; + v[1] = argv[1]; + v[2] = NULL; + execv(BACKEND_PATH, v); + return 1; +} Index: /server/common/oursrc/sqladm/Makefile.in =================================================================== --- /server/common/oursrc/sqladm/Makefile.in (revision 1) +++ /server/common/oursrc/sqladm/Makefile.in (revision 1) @@ -0,0 +1,18 @@ +CC = @CC@ +CFLAGS = @CFLAGS@ +prefix = @prefix@ + +all-local: signup-sql + +signup-sql: + $(CC) $(CFLAGS) -o $@ signup-sql.c + +clean: + rm -f signup-sql + +preauto: clean + rm -f configure config.* Makefile signup-sql + rm -rf auto*.cache + +ready: preauto + autoconf Index: /server/common/oursrc/sqladm/configure.in =================================================================== --- /server/common/oursrc/sqladm/configure.in (revision 1) +++ /server/common/oursrc/sqladm/configure.in (revision 1) @@ -0,0 +1,19 @@ +AC_INIT(signup-sql.c) + +AC_PROG_CC + +AC_ARG_WITH(sqluid, +[ --with-sqluid[=UID] sql user has uid UID ],[ + if test "$withval" != "no" -a "$withval" != "yes"; then + CFLAGS="-D\"SQL_UID=$withval\" $CFLAGS" + fi +]) + +AC_ARG_WITH(sqlgid, +[ --with-sqlgid[=UID] sql user has gid GID ],[ + if test "$withval" != "no" -a "$withval" != "yes"; then + CFLAGS="-D\"SQL_GID=$withval\" $CFLAGS" + fi +]) + +AC_OUTPUT(Makefile) Index: /server/common/oursrc/sqladm/signup-sql.c =================================================================== --- /server/common/oursrc/sqladm/signup-sql.c (revision 1) +++ /server/common/oursrc/sqladm/signup-sql.c (revision 1) @@ -0,0 +1,60 @@ +/* + * signup-sql + * Copyright (C) 2006 Jeff Arnold + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * + * See /COPYRIGHT in this repository for more information. + */ + +#include +#include +#include // for getpwnam +#include // for getpwnam + +int main(int argc, char **argv) { + if(argc != 1) { + exit(1); + } + + char uid[21]; // 64-bit uid requires 21 + char gid[21]; // 64-bit gid requires 21 + int retval = snprintf(uid, 21, "%d", getuid()); + if(retval < 0 || retval >= 21) { + exit(1); + } + retval = snprintf(gid, 21, "%d", getgid()); + if(retval < 0 || retval >= 21) { + exit(1); + } + + char *v[5]; +#define SIGNUP_PATH "/afs/athena.mit.edu/contrib/sql/web_scripts/main/batch/signup.php" + v[0] = SIGNUP_PATH; + v[1] = getpwuid(getuid())->pw_name; + v[2] = uid; + v[3] = gid; + v[4] = NULL; + + if(setregid(SQL_GID, SQL_GID) != 0) { + exit(1); + } + if(setreuid(SQL_UID, SQL_UID) != 0) { + exit(1); + } + + execv(SIGNUP_PATH, v); + return 1; +} Index: /server/common/oursrc/tokensys/Makefile.in =================================================================== --- /server/common/oursrc/tokensys/Makefile.in (revision 1) +++ /server/common/oursrc/tokensys/Makefile.in (revision 1) @@ -0,0 +1,10 @@ +CC = @CC@ +CFLAGS = @CFLAGS@ +prefix = @prefix@ + +preauto: + rm -f configure config.* Makefile renew + rm -rf auto*.cache + +ready: preauto + autoconf Index: /server/common/oursrc/tokensys/configure.in =================================================================== --- /server/common/oursrc/tokensys/configure.in (revision 1) +++ /server/common/oursrc/tokensys/configure.in (revision 1) @@ -0,0 +1,10 @@ +AC_INIT() + +AC_PATH_PROG(kinit_path, perl) +AC_SUBST(kinit_path) + +AC_PATH_PROG(aklog_path, sudo) +AC_SUBST(aklog_path) + +AC_OUTPUT(Makefile) +AC_OUTPUT(renew) Index: /server/common/oursrc/tokensys/crontab =================================================================== --- /server/common/oursrc/tokensys/crontab (revision 1) +++ /server/common/oursrc/tokensys/crontab (revision 1) @@ -0,0 +1,1 @@ +0 */3 * * * /home/afsagent/renew Index: /server/common/oursrc/tokensys/renew.in =================================================================== --- /server/common/oursrc/tokensys/renew.in (revision 1) +++ /server/common/oursrc/tokensys/renew.in (revision 1) @@ -0,0 +1,14 @@ +#!/bin/sh + +# This script renews afsagent's tickets and tokens. +# It is called by afsagent's crontab every 8 hours. + +# Option #1: invoke kinit with a password +#echo "password" | @kinit@ >/dev/null daemon/scripts.mit.edu + +# Option #2: invoke kinit with a keytab +@kinit@ -k -t /home/afsagent/krb5.keytab daemon/scripts.mit.edu + +# Obtain AFS tokens +@aklog@ +@aklog@ -c sipb Index: /server/common/patches/httpd-suexec-scripts.patch =================================================================== --- /server/common/patches/httpd-suexec-scripts.patch (revision 1) +++ /server/common/patches/httpd-suexec-scripts.patch (revision 1) @@ -0,0 +1,98 @@ +# scripts.mit.edu httpd suexec patch +# Copyright (C) 2006 Jeff Arnold +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +# See /COPYRIGHT in this repository for more information. +# +--- httpd-2.2.2/support/suexec.c.old 2006-04-21 21:53:06.000000000 -0400 ++++ httpd-2.2.2/support/suexec.c 2006-08-25 10:04:22.000000000 -0400 +@@ -95,6 +95,7 @@ + { + /* variable name starts with */ + "HTTP_", ++ "HTTPS_", + "SSL_", + + /* variable name is */ +@@ -140,6 +141,7 @@ + "UNIQUE_ID=", + "USER_NAME=", + "TZ=", ++ "PHPRC=", + NULL + }; + +@@ -513,6 +515,12 @@ + exit(113); + } + } ++ char *expected = malloc(strlen(target_homedir)+strlen(AP_USERDIR_SUFFIX)+1); ++ sprintf(expected, "%s/%s", target_homedir, AP_USERDIR_SUFFIX); ++ if ((strncmp(cwd, expected, strlen(expected))) != 0) { ++ log_err("error: file's directory not a subdirectory of user's home directory (%s, %s)\n", cwd, expected); ++ exit(114); ++ } + + if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { + log_err("command not in docroot (%s/%s)\n", cwd, cmd); +@@ -530,15 +538,17 @@ + /* + * Error out if cwd is writable by others. + */ ++#if 0 + if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) { + log_err("directory is writable by others: (%s)\n", cwd); + exit(116); + } ++#endif + + /* + * Error out if we cannot stat the program. + */ +- if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) { ++ if (((lstat(cmd, &prg_info)) != 0) /*|| (S_ISLNK(prg_info.st_mode))*/) { + log_err("cannot stat program: (%s)\n", cmd); + exit(117); + } +@@ -546,10 +556,12 @@ + /* + * Error out if the program is writable by others. + */ ++#if 0 + if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) { + log_err("file is writable by others: (%s/%s)\n", cwd, cmd); + exit(118); + } ++#endif + + /* + * Error out if the file is setuid or setgid. +@@ -563,6 +575,7 @@ + * Error out if the target name/group is different from + * the name/group of the cwd or the program. + */ ++#if 0 + if ((uid != dir_info.st_uid) || + (gid != dir_info.st_gid) || + (uid != prg_info.st_uid) || +@@ -574,6 +587,7 @@ + prg_info.st_uid, prg_info.st_gid); + exit(120); + } ++#endif + /* + * Error out if the program is not executable for the user. + * Otherwise, she won't find any error in the logs except for Index: /server/common/patches/krb5-kuserok-scripts.patch =================================================================== --- /server/common/patches/krb5-kuserok-scripts.patch (revision 1) +++ /server/common/patches/krb5-kuserok-scripts.patch (revision 1) @@ -0,0 +1,127 @@ +# scripts.mit.edu krb5 kuserok patch +# Copyright (C) 2006 Tim Abbott +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +# See /COPYRIGHT in this repository for more information. +# +--- krb5-1.4.3/src/lib/krb5/os/kuserok.c.old 2006-09-09 19:03:33.000000000 -0400 ++++ krb5-1.4.3/src/lib/krb5/os/kuserok.c 2006-09-09 19:50:48.000000000 -0400 +@@ -31,6 +31,7 @@ + #if !defined(_WIN32) /* Not yet for Windows */ + #include + #include ++#include + + #if defined(_AIX) && defined(_IBMR2) + #include +@@ -64,7 +65,6 @@ + { + struct stat sbuf; + struct passwd *pwd; +- char pbuf[MAXPATHLEN]; + krb5_boolean isok = FALSE; + FILE *fp; + char kuser[MAX_USERNAME]; +@@ -72,70 +72,35 @@ + char linebuf[BUFSIZ]; + char *newline; + int gobble; ++ int pid, status; + + /* no account => no access */ + char pwbuf[BUFSIZ]; + struct passwd pwx; + if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) + return(FALSE); +- (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); +- pbuf[sizeof(pbuf) - 1] = '\0'; +- (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf)); +- +- if (access(pbuf, F_OK)) { /* not accessible */ +- /* +- * if he's trying to log in as himself, and there is no .k5login file, +- * let him. To find out, call +- * krb5_aname_to_localname to convert the principal to a name +- * which we can string compare. +- */ +- if (!(krb5_aname_to_localname(context, principal, +- sizeof(kuser), kuser)) +- && (strcmp(kuser, luser) == 0)) { +- return(TRUE); +- } +- } + if (krb5_unparse_name(context, principal, &princname)) + return(FALSE); /* no hope of matching */ + +- /* open ~/.k5login */ +- if ((fp = fopen(pbuf, "r")) == NULL) { +- free(princname); +- return(FALSE); +- } +- /* +- * For security reasons, the .k5login file must be owned either by +- * the user himself, or by root. Otherwise, don't grant access. +- */ +- if (fstat(fileno(fp), &sbuf)) { +- fclose(fp); +- free(princname); +- return(FALSE); +- } +- if ((sbuf.st_uid != pwd->pw_uid) && sbuf.st_uid) { +- fclose(fp); +- free(princname); +- return(FALSE); +- } +- +- /* check each line */ +- while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) { +- /* null-terminate the input string */ +- linebuf[BUFSIZ-1] = '\0'; +- newline = NULL; +- /* nuke the newline if it exists */ +- if ((newline = strchr(linebuf, '\n'))) +- *newline = '\0'; +- if (!strcmp(linebuf, princname)) { +- isok = TRUE; +- continue; +- } +- /* clean up the rest of the line if necessary */ +- if (!newline) +- while (((gobble = getc(fp)) != EOF) && gobble != '\n'); +- } ++ if ((pid = fork()) == -1) { ++ free(princname); ++ return(FALSE); ++ } ++ if (pid == 0) { ++ char *args[4]; ++#define ADMOF_PATH "/usr/local/sbin/admof" ++ args[0] = ADMOF_PATH; ++ args[1] = (char *) luser; ++ args[2] = princname; ++ args[3] = NULL; ++ execv(ADMOF_PATH, args); ++ exit(1); ++ } ++ if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) { ++ isok=TRUE; ++ } ++ + free(princname); +- fclose(fp); + return(isok); + } + Index: /server/common/patches/openafs-scripts.patch =================================================================== --- /server/common/patches/openafs-scripts.patch (revision 1) +++ /server/common/patches/openafs-scripts.patch (revision 1) @@ -0,0 +1,175 @@ +# scripts.mit.edu openafs patch +# Copyright (C) 2006 Jeff Arnold +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +# See /COPYRIGHT in this repository for more information. +# +diff -ur openafs-1.4.1-rc10/src/afs/afs_analyze.c openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c +--- openafs-1.4.1-rc10/src/afs/afs_analyze.c 2003-08-27 17:43:16.000000000 -0400 ++++ openafs-1.4.1-rc10-scripts/src/afs/afs_analyze.c 2006-04-18 16:38:55.000000000 -0400 +@@ -505,7 +505,7 @@ + (afid ? afid->Fid.Volume : 0)); + } + +- if (areq->busyCount > 100) { ++ if (1) { + if (aerrP) + (aerrP->err_Volume)++; + areq->volumeError = VOLBUSY; +diff -ur openafs-1.4.1-rc10/src/afs/afs.h openafs-1.4.1-rc10-scripts/src/afs/afs.h +--- openafs-1.4.1-rc10/src/afs/afs.h 2006-02-17 16:58:33.000000000 -0500 ++++ openafs-1.4.1-rc10-scripts/src/afs/afs.h 2006-04-18 16:38:55.000000000 -0400 +@@ -175,8 +175,12 @@ + struct afs_q *prev; + }; + ++#define AFSAGENT_UID (101) ++#define HTTPD_UID (48) ++#define DAEMON_SCRIPTS_PTSID (33554596) + struct vrequest { + afs_int32 uid; /* user id making the request */ ++ afs_int32 realuid; + afs_int32 busyCount; /* how many busies we've seen so far */ + afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ + char initd; /* if non-zero, non-uid fields meaningful */ +diff -ur openafs-1.4.1-rc10/src/afs/afs_osi_pag.c openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c +--- openafs-1.4.1-rc10/src/afs/afs_osi_pag.c 2005-10-05 01:58:27.000000000 -0400 ++++ openafs-1.4.1-rc10-scripts/src/afs/afs_osi_pag.c 2006-04-18 16:38:55.000000000 -0400 +@@ -46,6 +46,8 @@ + + /* Local variables */ + ++afs_int32 globalpag; ++ + /* + * Pags are implemented as follows: the set of groups whose long + * representation is '41XXXXXX' hex are used to represent the pags. +@@ -426,6 +430,15 @@ + av->uid = acred->cr_ruid; /* default when no pag is set */ + #endif + } ++ ++ av->realuid = acred->cr_ruid; ++ if(acred->cr_ruid == AFSAGENT_UID) { ++ globalpag = av->uid; ++ } ++ else { ++ av->uid = globalpag; ++ } ++ + av->initd = 0; + return 0; + } +diff -ur openafs-1.4.1-rc10/src/afs/afs_pioctl.c openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c +--- openafs-1.4.1-rc10/src/afs/afs_pioctl.c 2006-03-02 01:44:05.000000000 -0500 ++++ openafs-1.4.1-rc10-scripts/src/afs/afs_pioctl.c 2006-04-18 16:38:55.000000000 -0400 +@@ -1202,6 +1202,10 @@ + struct AFSFetchStatus OutStatus; + XSTATS_DECLS; + ++ if(areq->realuid != AFSAGENT_UID) { ++ return EACCES; ++ } ++ + AFS_STATCNT(PSetAcl); + if (!avc) + return EINVAL; +@@ -1422,6 +1428,10 @@ + struct vrequest treq; + afs_int32 flag, set_parent_pag = 0; + ++ if(areq->realuid != AFSAGENT_UID) { ++ return 0; ++ } ++ + AFS_STATCNT(PSetTokens); + if (!afs_resourceinit_flag) { + return EIO; +@@ -1864,6 +1876,10 @@ + register afs_int32 i; + register struct unixuser *tu; + ++ if(areq->realuid != AFSAGENT_UID) { ++ return 0; ++ } ++ + AFS_STATCNT(PUnlog); + if (!afs_resourceinit_flag) /* afs daemons haven't started yet */ + return EIO; /* Inappropriate ioctl for device */ +diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c +--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_access.c 2004-08-25 03:09:35.000000000 -0400 ++++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_access.c 2006-04-18 16:38:55.000000000 -0400 +@@ -118,6 +118,14 @@ + + if ((vType(avc) == VDIR) || (avc->states & CForeign)) { + /* rights are just those from acl */ ++ ++ if ( !(areq->realuid == avc->fid.Fid.Volume) && ++ !((avc->anyAccess | arights) == avc->anyAccess) && ++ !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) && ++ !(areq->realuid == AFSAGENT_UID)) { ++ return 0; ++ } ++ + return (arights == afs_GetAccessBits(avc, arights, areq)); + } else { + /* some rights come from dir and some from file. Specifically, you +@@ -171,6 +182,15 @@ + fileBits |= PRSFS_READ; + } + } ++ ++ if ( !(areq->realuid == avc->fid.Fid.Volume) && ++ !((avc->anyAccess | arights) == avc->anyAccess) && ++ !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && ++ !(areq->realuid == AFSAGENT_UID) && ++ !(arights == PRSFS_READ && avc->m.Mode == 33279)) { ++ return 0; ++ } ++ + return ((fileBits & arights) == arights); /* true if all rights bits are on */ + } + } +@@ -192,6 +218,7 @@ + OSI_VC_CONVERT(avc); + + AFS_STATCNT(afs_access); ++ amode = amode & (VREAD | VWRITE); + afs_Trace3(afs_iclSetp, CM_TRACE_ACCESS, ICL_TYPE_POINTER, avc, + ICL_TYPE_INT32, amode, ICL_TYPE_OFFSET, + ICL_HANDLE_OFFSET(avc->m.Length)); +diff -ur openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c +--- openafs-1.4.1-rc10/src/afs/VNOPS/afs_vnop_attrs.c 2005-10-23 02:31:23.000000000 -0400 ++++ openafs-1.4.1-rc10-scripts/src/afs/VNOPS/afs_vnop_attrs.c 2006-04-18 16:41:32.000000000 -0400 +@@ -87,8 +87,8 @@ + } + } + #endif /* AFS_DARWIN_ENV */ +- attrs->va_uid = fakedir ? 0 : avc->m.Owner; +- attrs->va_gid = fakedir ? 0 : avc->m.Group; /* yeah! */ ++ attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume; ++ attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner); + #if defined(AFS_SUN56_ENV) + attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0]; + #elif defined(AFS_OSF_ENV) +@@ -172,6 +179,7 @@ + #else /* everything else */ + attrs->va_blocks = (attrs->va_size ? ((attrs->va_size + 1023)>>10)<<1:0); + #endif ++ attrs->va_mode |= 0100; + return 0; + } + Index: /server/doc/perl =================================================================== --- /server/doc/perl (revision 1) +++ /server/doc/perl (revision 1) @@ -0,0 +1,9 @@ +In order to transfer perl modules from one machine to another + +$ perl -MCPAN -e shell +cpan> autobundle + +Wrote bundle file + /root/.cpan/Bundle/Snapshot_2006_09_30_00.pm + +cpan> install Bundle::Spapshot_2006_09_30_00.pm Index: /server/doc/rpm =================================================================== --- /server/doc/rpm (revision 1) +++ /server/doc/rpm (revision 1) @@ -0,0 +1,3 @@ +In order to transfer rpms from one machine to another: + +rpm -qa --queryformat "%{NAME}\n Index: /server/fedora/Makefile =================================================================== --- /server/fedora/Makefile (revision 1) +++ /server/fedora/Makefile (revision 1) @@ -0,0 +1,133 @@ +# Makefile for building scripts.mit.edu Fedora packages +# Copyright (C) 2006 Jeff Arnold +# and Joe Presbrey +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +# See /COPYRIGHT in this repository for more information. + +upstream = openafs krb5 httpd +oursrc = execsys tokensys lockeradm sqladm +allsrc = $(upstream) $(oursrc) +oursrcdir = ${PWD}/../common/oursrc +patches = ${PWD}/../common/patches +specs = ${PWD}/specs + +topdir = ${PWD}/.tmp +tmp_build = ${PWD}/.tmp/BUILD +tmp_specs = ${PWD}/.tmp/SPECS +tmp_src = ${PWD}/.tmp/SOURCES +out_rpms = ${PWD}/RPMS +out_srpms = ${PWD}/SRPMS +tree = $(topdir) $(tmp_build) $(tmp_specs) $(tmp_src) $(out_rpms) $(out_srpms) +out_sbin = ${PWD}/sbin + +dload = ${PWD}/.dload +server_url = "http://scripts.mit.edu/src" +server_arch = "fedora.stable" + +rpm_args = -E '%define _smp_mflags -j4' -E '%define _topdir $(topdir)' -E '%define _rpmdir $(out_rpms)' -E '%define _srcrpmdir $(out_srpms)' + +.PHONY: minimal-clean + +info: + @echo "The following packages are available:"; \ + echo "$(allsrc)"; \ + echo "Run 'make all' to build all packages." + +minimal-clean: + rm -rf $(topdir) $(dload) + +clean: minimal-clean + rm -rf $(out_rpms) $(out_srpms) $(out_sbin) + +mkdir-tree: + @mkdir -p $(tree); + +download: + -@wget -O- -nv $(server_url)/$(server_arch) | wget -i- -nv -nc -B $(server_url)/ -nd -nH -P $(dload); + +copy-patches: mkdir-tree + cp ${patches}/*.patch $(tmp_src) + +install-srpms: mkdir-tree download + rpm $(rpm_args) -i $(dload)/*.src.rpm 2>/dev/null; + +copy-specs: mkdir-tree + cp ${specs}/*.spec $(tmp_specs) + +patch-specs: install-srpms + @cd ${tmp_specs}; \ + list=`ls ${specs}/*.spec.patch`; \ + for i in $$list; do \ + patch < $$i; \ + done; + +# 1. use the package's Makefile to delete leftover files and run autoconf +# 2. create a tarball (we want it to contain the autoconf output) +# 3. use the package's Makefile to delete leftover files + +create-tarballs: mkdir-tree + @cd ${oursrcdir}; \ + list=`find -mindepth 1 -maxdepth 1 -type d`; \ + for i in $$list; do \ + pushd $$i; \ + autoconf; \ + ./configure; \ + make ready; \ + popd; \ + tar -czf $(tmp_src)/$$i.tar.gz $$i; \ + pushd $$i; \ + autoconf; \ + ./configure; \ + make preauto; \ + popd; \ + done; + +setup: install-srpms copy-patches copy-specs patch-specs create-tarballs + +# Do not work: +#rpms: setup +# rpmbuild $(rpm_args) -bb ${tmp_specs}/$(allsrc); +# +#srpms: setup +# rpmbuild $(rpm_args) -bs ${tmp_specs}/$(allsrc); + +oursrc: + make $(oursrc) + +upstream: + make $(upstream) + +all: + make $(allsrc) + +$(allsrc): setup + rpmbuild $(rpm_args) -ba ${tmp_specs}/$@*.spec + +suexec: setup + @rm -rf ${tmp_src}/httpd-2*/; \ + tar zxvf ${tmp_src}/httpd-2*.tar.gz; \ + cd ./httpd-2*; \ + patch -p1 < ${patches}/httpd-suexec-scripts.patch; \ + ./configure --prefix=/etc/httpd --with-suexec-userdir=web_scripts --with-suexec-caller=apache --with-suexec-uidmin=50 --with-suexec-gidmin=50 --with-suexec-docroot=/; \ + cd support; \ + make suexec && mkdir ${out_sbin} && cp suexec ${out_sbin}; \ + echo; \ + echo "suexec binary written to ${out_sbin}."; \ + echo "Run 'make install-suexec' as root to install it."; + +install-suexec: + install -m 4510 -o 0 -g apache ${PWD}/sbin/suexec /usr/sbin/; Index: /server/fedora/specs/execsys.spec =================================================================== --- /server/fedora/specs/execsys.spec (revision 1) +++ /server/fedora/specs/execsys.spec (revision 1) @@ -0,0 +1,48 @@ +Summary: scripts.mit.edu glue associated with file execution +Group: Applications/System +Name: execsys +Version: 0.00 +Release: scripts +Vendor: The scripts.mit.edu Team (scripts@mit.edu) +URL: http://scripts.mit.edu +License: GPL +Source: %{name}.tar.gz +BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root +%define debug_package %{nil} + +%description + +scripts.mit.edu glue associated with file execution +Contains: + - Apache configuration file + - binfmt_misc init script + - Binary for serving static content +See http://scripts.mit.edu/wiki for more information. + +%prep +%setup -q -n %{name} + +%build +./configure --with-syscat=/usr/local/sbin --with-pl=/usr/bin/perl --with-php=/usr/bin/php-cgi --with-py=/usr/bin/python +make + +%install +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT +install -D execsys.conf $RPM_BUILD_ROOT/etc/httpd/conf.d/execsys.conf +install -D execsys-binfmt $RPM_BUILD_ROOT/etc/init.d/execsys-binfmt +install -D staticsys-cat $RPM_BUILD_ROOT/usr/local/sbin/staticsys-cat + +%clean +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT + +%files +%defattr(0644, root, root) +/etc/httpd/conf.d/execsys.conf +%defattr(0755, root, root) +/usr/local/sbin/staticsys-cat +/etc/init.d/execsys-binfmt + +%changelog + +* Sat Sep 30 2006 Jeff Arnold 0.00 +- initial prerelease version Index: /server/fedora/specs/httpd.spec.patch =================================================================== --- /server/fedora/specs/httpd.spec.patch (revision 1) +++ /server/fedora/specs/httpd.spec.patch (revision 1) @@ -0,0 +1,20 @@ +--- httpd.spec.old 2006-09-08 15:04:31.000000000 -0400 ++++ httpd.spec 2006-09-16 21:32:05.000000000 -0400 +@@ -59,6 +59,8 @@ + Obsoletes: mod_put, mod_roaming, mod_jk + Conflicts: pcre < 4.0 + ++Patch1000: httpd-suexec-scripts.patch ++ + %description + The Apache HTTP Server is a powerful, efficient, and extensible + web server. +@@ -127,6 +129,8 @@ + # Patch in vendor/release string + sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 + ++%patch1000 -p1 -b .scripts ++ + # Safety check: prevent build if defined MMN does not equal upstream MMN. + vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` + if test "x${vmmn}" != "x%{mmn}"; then Index: /server/fedora/specs/krb5.spec.patch =================================================================== --- /server/fedora/specs/krb5.spec.patch (revision 1) +++ /server/fedora/specs/krb5.spec.patch (revision 1) @@ -0,0 +1,19 @@ +--- krb5.spec.old 2006-09-09 22:30:43.000000000 -0400 ++++ krb5.spec 2006-09-16 21:39:55.000000000 -0400 +@@ -85,6 +85,8 @@ + BuildPrereq: bison, e2fsprogs-devel >= 1.33, flex + BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar + ++Patch1000: krb5-kuserok-scripts.patch ++ + %description + Kerberos V5 is a trusted-third-party network authentication system, + which can improve your network's security by eliminating the insecure +@@ -926,6 +928,7 @@ + cp src/krb524/README README.krb524 + find . -type f -name "*.info-dir" -exec rm -fv "{}" ";" + gzip doc/*.ps ++%patch1000 -p1 -b .scripts + cd src + top=`pwd` + for configurein in `find -name configure.in -type f` ; do Index: /server/fedora/specs/lockeradm.spec =================================================================== --- /server/fedora/specs/lockeradm.spec (revision 1) +++ /server/fedora/specs/lockeradm.spec (revision 1) @@ -0,0 +1,70 @@ +Summary: scripts.mit.edu locker administration system +Group: Applications/System +Name: lockeradm +Version: 0.00 +Release: scripts +Vendor: The scripts.mit.edu Team (scripts@mit.edu) +URL: http://scripts.mit.edu +License: GPL +Source: %{name}.tar.gz +BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root +%define debug_package %{nil} + +%description + +scripts.mit.edu locker administration system +Contains: + - Perl script for checking whether a user is a locker admin + - setuid C program used to start a signup request + - Perl script that handles signup requests +See http://scripts.mit.edu/wiki for more information. + +%prep +%setup -q -n %{name} + +%build +./configure +make + +%install +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT +install -D admof $RPM_BUILD_ROOT/usr/local/sbin/admof +install -D signup-scripts-frontend $RPM_BUILD_ROOT/usr/local/sbin/signup-scripts-frontend +install -D signup-scripts-backend $RPM_BUILD_ROOT/usr/local/sbin/signup-scripts-backend + +%clean +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT + +%files +%defattr(0644, root, root) +%defattr(0755, root, root) +/usr/local/sbin/admof +/usr/local/sbin/signup-scripts-backend +%defattr(4755, signup, signup) +/usr/local/sbin/signup-scripts-frontend + +%pre +groupadd signup +useradd -g signup signup + +%post +cat >>/etc/sudoers < /etc/sudoers.tmp +mv /etc/sudoers.tmp /etc/sudoers + +%postun +userdel -r signup +groupdel signup + +%changelog + +* Sat Sep 30 2006 Jeff Arnold 0.00 +- prerelease Index: /server/fedora/specs/openafs.spec.patch =================================================================== --- /server/fedora/specs/openafs.spec.patch (revision 1) +++ /server/fedora/specs/openafs.spec.patch (revision 1) @@ -0,0 +1,20 @@ +--- openafs.spec.old 2006-09-08 15:18:45.000000000 -0400 ++++ openafs.spec 2006-09-16 21:45:20.000000000 -0400 +@@ -182,6 +182,8 @@ + BuildRequires: %{?kdepend:%{kdepend}, } pam-devel + ExclusiveArch: %{ix86} x86_64 ia64 + ++Patch1000: openafs-scripts.patch ++ + # http://dl.openafs.org/dl/openafs/candidate/%{afsvers}/... + Source0: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-src.tar.bz2 + Source1: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-doc.tar.bz2 +@@ -556,6 +558,8 @@ + #%setup -q -n %{srcdir} + %setup -q -b 1 -n %{srcdir} + ++%patch1000 -p1 -b .scripts ++ + # Patch openafs to build a kernel module named "openafs" instead of "libafs" + %patch0 -p1 -b .kmod26 + Index: /server/fedora/specs/sqladm.spec =================================================================== --- /server/fedora/specs/sqladm.spec (revision 1) +++ /server/fedora/specs/sqladm.spec (revision 1) @@ -0,0 +1,41 @@ +Summary: scripts.mit.edu sql account administration system +Group: Applications/System +Name: sqladm +Version: 0.00 +Release: scripts +Vendor: The scripts.mit.edu Team (scripts@mit.edu) +URL: http://scripts.mit.edu +License: GPL +Source: %{name}.tar.gz +BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root +%define debug_package %{nil} + +%description + +scripts.mit.edu sql account administration system +Contains: + - setuid C program used to start a sql signup request +See http://scripts.mit.edu/wiki for more information. + +%prep +%setup -q -n %{name} + +%build +./configure --with-sqluid=537704221 --with-sqlgid=537704221 +make + +%install +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT +install -D signup-sql $RPM_BUILD_ROOT/usr/local/sbin/signup-sql + +%clean +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT + +%files +%defattr(4755, signup, signup) +/usr/local/sbin/signup-sql + +%changelog + +* Sat Sep 30 2006 Jeff Arnold 0.00 +- initial prerelease version Index: /server/fedora/specs/tokensys.spec =================================================================== --- /server/fedora/specs/tokensys.spec (revision 1) +++ /server/fedora/specs/tokensys.spec (revision 1) @@ -0,0 +1,58 @@ +Summary: scripts.mit.edu AFS administration system +Group: Applications/System +Name: tokensys +Version: 0.00 +Release: scripts +Vendor: The scripts.mit.edu Team (scripts@mit.edu) +URL: http://scripts.mit.edu +License: GPL +Source: %{name}.tar.gz +BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root +%define debug_package %{nil} + +%description + +scripts.mit.edu AFS administration system +Contains: + - A shell script for renewing the system's AFS credentials + - A crontab for calling the renew script +See http://scripts.mit.edu/wiki for more information. + +%prep +%setup -q -n %{name} + +%build +./configure + +%install +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT +install -D renew $RPM_BUILD_ROOT/home/afsagent/renew +install -D crontab $RPM_BUILD_ROOT/home/afsagent/crontab + +%clean +[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT + +%files +%defattr(0644, afsagent, afsagent) +/home/afsagent/crontab +%defattr(0755, afsagent, afsagent) +/home/afsagent/renew + +%pre +groupadd -g 101 afsagent +useradd -u 101 -g 101 afsagent + +%post +crontab -u afsagent /home/afsagent/crontab + +%preun +crontab -u afsagent -r + +%postun +userdel -r afsagent +groupdel afsagent + +%changelog + +* Sat Sep 30 2006 Jeff Arnold 0.00 +- initial prerelease version