current-users: Re: Trouble checking out CVS src

Subject: Re: Trouble checking out CVS src
To: Frederick Bruckman <fredb@immanent.net>
From: Ian P.Thomas <ipthomas_77@yahoo.com>
List: current-users
Date: 02/20/2002 19:15:19
On Wednesday, February 20, 2002, at 12:15 PM, Frederick Bruckman wrote:

> On Wed, 20 Feb 2002, Ian P.Thomas wrote:
>
>> ~ solo > echo $CVSROOT
>> :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot
>>
>> 	I use tcsh so it's setenv for me, and I put it in my .login file.
>> Here is the whole sequence of events.
>>
>> /usr solo > sudo cvs login
>> (Logging in to anoncvs@anoncvs.netbsd.org)
>> CVS password: ( I type in anoncvs here)
>> /usr solo > sudo cvs checkout -P src
>> cvs checkout: authorization failed: server anoncvs.netbsd.org rejected
>> access to /cvsroot for user anoncvs
>> cvs checkout: authorization failed: server anoncvs.netbsd.org rejected
>> access
>> cvs checkout: used empty password; try "cvs login" with a real password
>
> I think the "sudo" thing is confusing cvs, so that it doesn't know where
> to find your ~/.cvslogin file.
>
>> 	This is my second attempt after trying the first time.  This time
>> I'm su'd to root.
>
> You know, you don't need to be root to checkout sources. If you want
> your tree to be owned by root, that should work, though.
>
>> solo# echo $CVSROOT
>> :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot
>> solo# cvs login
>> (Logging in to anoncvs@anoncvs.netbsd.org)
>> CVS password:
>> solo# cvs checkout -P src
>>
>> 	I don't get my prompt back and no traffic is passed.  It just sits
>> there.  I do have a firewall setup using ipfilter.  Could this be
>> causing a problem?  Right now my ruleset denies everything unless I
>> initiate the connection.  It works fine for every other kind of
>> connection: sftp, ssh, scp, etc.
>
> That works for me too. Do you log denied packets?
> 	
	I do indeed, and here is the culprit.

Feb 20 11:15:58 solo ipmon[111]: 11:15:57.244810             ppp0 @0:1 b 
nbanonc
vs2.isc.org,11569 -> ubppp233-213.dialin.buffalo.edu,29540 PR tcp len 20 
10240 -
AR IN

Feb 20 11:16:05 solo ipmon[111]: 11:16:04.417953             ppp0 @0:1 b 
nbanoncvs2.isc.org,31008 -> ubppp233-213.dialin.buffalo.edu,29810 PR tcp 
len
20 10240 -AR IN

         My first rule,

# Deny everything by default
block in log quick on ppp0

         is where the packets are getting blocked.  This shouldn't matter 
because the next rule is...

# Allow any outgoing connections that we initiate
pass out quick on ppp0 proto tcp from any to any keep state

         and I'm the one initiating the connection the anoncvs server.  
I'm going to try to bring my system up sans firewall and see if I can 
authenticate with anoncvs then.  More to follow.

Ian


Of course it runs NetBSD
www.netbsd.org


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com