/usr/src/gnu/usr.bin/cvs/src/server.c

Bug Summary

File:	src/gnu/usr.bin/cvs/src/server.c
Warning:	line 819, column 5 Potential leak of memory pointed to by 'env'
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name server.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/gnu/usr.bin/cvs/obj/src -resource-dir /usr/local/lib/clang/13.0.0 -D HAVE_CONFIG_H -I . -I /usr/src/gnu/usr.bin/cvs/src -I .. -I . -I /usr/src/gnu/usr.bin/cvs/lib -I /usr/src/gnu/usr.bin/cvs/diff -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/gnu/usr.bin/cvs/obj/src -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/gnu/usr.bin/cvs/src/server.c
1/* This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2, or (at your option)
 any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.  */

11#include <assert.h>
12#include "cvs.h"
13#include "watch.h"
14#include "edit.h"
15#include "fileattr.h"
16#include "getline.h"
17#include "buffer.h"

19#if defined(SERVER_SUPPORT1) || defined(CLIENT_SUPPORT1)
20# ifdef HAVE_GSSAPI
21/* This stuff isn't included solely with SERVER_SUPPORT since some of these
* functions (encryption & the like) get compiled with or without server
* support.
*
* FIXME - They should be in a different file.
*/
27#   include <netdb.h>
28#   include "xgssapi.h"
29/* We use Kerberos 5 routines to map the GSSAPI credential to a user
 name.  */
31#   include <krb5.h>

33/* We need this to wrap data.  */
34static gss_ctx_id_t gcontext;

36static void gserver_authenticate_connection PROTO((void))(void);

38/* Whether we are already wrapping GSSAPI communication.  */
39static int cvs_gssapi_wrapping;

41#   ifdef ENCRYPTION
42/* Whether to encrypt GSSAPI communication.  We use a global variable
 like this because we use the same buffer type (gssapi_wrap) to
 handle both authentication and encryption, and we don't want
 multiple instances of that buffer in the communication stream.  */
46int cvs_gssapi_encrypt;
47#   endif
48# endif	/* HAVE_GSSAPI */
49#endif	/* defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT) */

51#ifdef SERVER_SUPPORT1

53#ifdef HAVE_WINSOCK_H
54#include <winsock.h>
55#endif

57#if defined (AUTH_SERVER_SUPPORT) || defined (HAVE_KERBEROS) || defined (HAVE_GSSAPI)
58#include <sys/socket.h>
59#endif

61#ifdef HAVE_SYSLOG_H1
62#include <syslog.h>
63#endif

65#ifdef HAVE_KERBEROS
66# include <netinet/in.h>
67# include <krb.h>
68# ifndef HAVE_KRB_GET_ERR_TEXT
69#   define krb_get_err_text(status) krb_err_txt[status]
70# endif

72/* Information we need if we are going to use Kerberos encryption.  */
73static C_Block kblock;
74static Key_schedule sched;

76#endif

78/* for select */
79#include "xselect.h"

81#ifndef O_NONBLOCK0x0004
82#define O_NONBLOCK0x0004 O_NDELAY0x0004
83#endif

85/* EWOULDBLOCK is not defined by POSIX, but some BSD systems will
 return it, rather than EAGAIN, for nonblocking writes.  */
87#ifdef EWOULDBLOCK35
88#define blocking_error(err)((err) == 35 || (err) == 35) ((err) == EWOULDBLOCK35 || (err) == EAGAIN35)
89#else
90#define blocking_error(err)((err) == 35 || (err) == 35) ((err) == EAGAIN35)
91#endif

93/* For initgroups().  */
94#if HAVE_INITGROUPS1
95#include <grp.h>
96#endif /* HAVE_INITGROUPS */

98# ifdef AUTH_SERVER_SUPPORT

100#   ifdef HAVE_GETSPNAM
101#     include <shadow.h>
102#   endif

104/* The cvs username sent by the client, which might or might not be
 the same as the system username the server eventually switches to
 run as.  CVS_Username gets set iff password authentication is
 successful. */
108char *CVS_Username = NULL((void*)0);

110/* Used to check that same repos is transmitted in pserver auth and in
 later CVS protocol.  Exported because root.c also uses. */
112static char *Pserver_Repos = NULL((void*)0);

114/* Should we check for system usernames/passwords?  Can be changed by
 CVSROOT/config.  */
116int system_auth = 1;

118# endif /* AUTH_SERVER_SUPPORT */

120/* Should we disable Update-prog/Checkin-prog? Can be changed by
 CVSROOT/config.  */
122int disable_x_prog = 0;

124
125/* While processing requests, this buffer accumulates data to be sent to
 the client, and then once we are in do_cvs_command, we use it
 for all the data to be sent.  */
128static struct buffer *buf_to_net;

130/* This buffer is used to read input from the client.  */
131static struct buffer *buf_from_net;

133/*
* This is where we stash stuff we are going to use.  Format string
* which expects a single directory within it, starting with a slash.
*/
137static char *server_temp_dir;

139/* This is the original value of server_temp_dir, before any possible
 changes inserted by serve_max_dotdot.  */
141static char *orig_server_temp_dir;

143/* Nonzero if we should keep the temp directory around after we exit.  */
144static int dont_delete_temp;

146static void server_write_entries PROTO((void))(void);

148/* All server communication goes through buffer structures.  Most of
 the buffers are built on top of a file descriptor.  This structure
 is used as the closure field in a buffer.  */

152struct fd_buffer
153{
  /* The file descriptor.  */
  int fd;
  /* Nonzero if the file descriptor is in blocking mode.  */
  int blocking;
158};

160static struct buffer *fd_buffer_initialize
PROTO ((int, int, void (*) (struct buffer *)))(int, int, void (*) (struct buffer *));
162static int fd_buffer_input PROTO((void *, char *, int, int, int *))(void *, char *, int, int, int *);
163static int fd_buffer_output PROTO((void *, const char *, int, int *))(void *, const char *, int, int *);
164static int fd_buffer_flush PROTO((void *))(void *);
165static int fd_buffer_block PROTO((void *, int))(void *, int);
166static int fd_buffer_shutdown PROTO((void *))(void *);

168/* Initialize a buffer built on a file descriptor.  FD is the file
 descriptor.  INPUT is nonzero if this is for input, zero if this is
 for output.  MEMORY is the function to call when a memory error
 occurs.  */

173static struct buffer *
174fd_buffer_initialize (fd, input, memory)
   int fd;
   int input;
   void (*memory) PROTO((struct buffer *))(struct buffer *);
178{
  struct fd_buffer *n;

  n = (struct fd_buffer *) xmalloc (sizeof *n);
  n->fd = fd;
  n->blocking = 1;
  return buf_initialize (input ? fd_buffer_input : NULL((void*)0),
	   input ? NULL((void*)0) : fd_buffer_output,
	   input ? NULL((void*)0) : fd_buffer_flush,
	   fd_buffer_block,
	   fd_buffer_shutdown,
	   memory,
	   n);
191}

193/* The buffer input function for a buffer built on a file descriptor.  */

195static int
196fd_buffer_input (closure, data, need, size, got)
   void *closure;
   char *data;
   int need;
   int size;
   int *got;
202{
  struct fd_buffer *fd = (struct fd_buffer *) closure;
  int nbytes;

  if (! fd->blocking)
nbytes = read (fd->fd, data, size);
  else
  {
/* This case is not efficient.  Fortunately, I don't think it
         ever actually happens.  */
nbytes = read (fd->fd, data, need == 0 ? 1 : need);
  }

  if (nbytes > 0)
  {
*got = nbytes;
return 0;
  }

  *got = 0;

  if (nbytes == 0)
  {
/* End of file.  This assumes that we are using POSIX or BSD
         style nonblocking I/O.  On System V we will get a zero
         return if there is no data, even when not at EOF.  */
return -1;
  }

  /* Some error occurred.  */

  if (blocking_error (errno)(((*__errno())) == 35 || ((*__errno())) == 35))
  {
/* Everything's fine, we just didn't get any data.  */
return 0;
  }

  return errno(*__errno());
240}

242/* The buffer output function for a buffer built on a file descriptor.  */

244static int
245fd_buffer_output (closure, data, have, wrote)
   void *closure;
   const char *data;
   int have;
   int *wrote;
250{
  struct fd_buffer *fd = (struct fd_buffer *) closure;

  *wrote = 0;

  while (have > 0)
  {
int nbytes;

nbytes = write (fd->fd, data, have);

if (nbytes <= 0)
{
   if (! fd->blocking
&& (nbytes == 0 || blocking_error (errno)(((*__errno())) == 35 || ((*__errno())) == 35)))
   {
/* A nonblocking write failed to write any data.  Just
                 return.  */
return 0;
   }

   /* Some sort of error occurred.  */

   if (nbytes == 0)
       return EIO5;

   return errno(*__errno());
}

*wrote += nbytes;
data += nbytes;
have -= nbytes;
  }

  return 0;
285}

287/* The buffer flush function for a buffer built on a file descriptor.  */

289/*ARGSUSED*/
290static int
291fd_buffer_flush (closure)
   void *closure;
293{
  /* Nothing to do.  File descriptors are always flushed.  */
  return 0;
296}

298/* The buffer block function for a buffer built on a file descriptor.  */

300static int
301fd_buffer_block (closure, block)
   void *closure;
   int block;
304{
  struct fd_buffer *fd = (struct fd_buffer *) closure;
  int flags;

  flags = fcntl (fd->fd, F_GETFL3, 0);
  if (flags < 0)
return errno(*__errno());

  if (block)
flags &= ~O_NONBLOCK0x0004;
  else
flags |= O_NONBLOCK0x0004;

  if (fcntl (fd->fd, F_SETFL4, flags) < 0)
      return errno(*__errno());

  fd->blocking = block;

  return 0;
323}

325/* The buffer shutdown function for a buffer built on a file descriptor.  */

327static int
328fd_buffer_shutdown (closure)
   void *closure;
330{
  free (closure);
  return 0;
333}

335/* Populate all of the directories between BASE_DIR and its relative
 subdirectory DIR with CVSADM directories.  Return 0 for success or
 errno value.  */
338static int create_adm_p PROTO((char *, char *))(char *, char *);

340static int
341create_adm_p (base_dir, dir)
  char *base_dir;
  char *dir;
344{
  char *dir_where_cvsadm_lives, *dir_to_register, *p, *tmp;
  int retval, done;
  FILE *f;

  if (strcmp (dir, ".") == 0)
return 0;			/* nothing to do */

  /* Allocate some space for our directory-munging string. */
  p = malloc (strlen (dir) + 1);
  if (p == NULL((void*)0))
return ENOMEM12;

  dir_where_cvsadm_lives = malloc (strlen (base_dir) + strlen (dir) + 100);
  if (dir_where_cvsadm_lives == NULL((void*)0)) {
free(p);
return ENOMEM12;
  }

  /* Allocate some space for the temporary string in which we will
     construct filenames. */
  tmp = malloc (strlen (base_dir) + strlen (dir) + 100);
  if (tmp == NULL((void*)0)) {
free(p);
free(dir_where_cvsadm_lives);
return ENOMEM12;
  }

  
  /* We make several passes through this loop.  On the first pass,
     we simply create the CVSADM directory in the deepest directory.
     For each subsequent pass, we try to remove the last path
     element from DIR, create the CVSADM directory in the remaining
     pathname, and register the subdirectory in the newly created
     CVSADM directory. */

  retval = done = 0;

  strcpy (p, dir);
  strcpy (dir_where_cvsadm_lives, base_dir);
  strcat (dir_where_cvsadm_lives, "/");
  strcat (dir_where_cvsadm_lives, p);
  dir_to_register = NULL((void*)0);

  while (1)
  {
/* Create CVSADM. */
(void) sprintf (tmp, "%s/%s", dir_where_cvsadm_lives, CVSADM"CVS");
if ((CVS_MKDIRmkdir (tmp, 0777) < 0) && (errno(*__errno()) != EEXIST17))
{
   retval = errno(*__errno());
   goto finish;
}

/* Create CVSADM_REP. */
(void) sprintf (tmp, "%s/%s", dir_where_cvsadm_lives, CVSADM_REP"CVS/Repository");
if (! isfile (tmp))
{
   /* Use Emptydir as the placeholder until the client sends
      us the real value.  This code is similar to checkout.c
      (emptydir_name), but the code below returns errors
      differently.  */

   char *empty;
   empty = malloc (strlen (current_parsed_root->directory)
	    + sizeof (CVSROOTADM"CVSROOT")
	    + sizeof (CVSNULLREPOS"Emptydir")
	    + 3);
   if (! empty)
   {
retval = ENOMEM12;
goto finish;
   }

   /* Create the directory name. */
   (void) sprintf (empty, "%s/%s/%s", current_parsed_root->directory,
	    CVSROOTADM"CVSROOT", CVSNULLREPOS"Emptydir");

   /* Create the directory if it doesn't exist. */
   if (! isfile (empty))
   {
mode_t omask;
omask = umask (cvsumask);
if (CVS_MKDIRmkdir (empty, 0777) < 0)
{
    retval = errno(*__errno());
    free (empty);
    goto finish;
}
(void) umask (omask);
   }
   
   
   f = CVS_FOPENfopen (tmp, "w");
   if (f == NULL((void*)0))
   {
retval = errno(*__errno());
free (empty);
goto finish;
   }
   /* Write the directory name to CVSADM_REP. */
   if (fprintf (f, "%s\n", empty) < 0)
   {
retval = errno(*__errno());
fclose (f);
free (empty);
goto finish;
   }
   if (fclose (f) == EOF(-1))
   {
retval = errno(*__errno());
free (empty);
goto finish;
   }

   /* Clean up after ourselves. */
   free (empty);
}

/* Create CVSADM_ENT.  We open in append mode because we
  don't want to clobber an existing Entries file.  */
(void) sprintf (tmp, "%s/%s", dir_where_cvsadm_lives, CVSADM_ENT"CVS/Entries");
f = CVS_FOPENfopen (tmp, "a");
if (f == NULL((void*)0))
{
   retval = errno(*__errno());
   goto finish;
}
if (fclose (f) == EOF(-1))
{
   retval = errno(*__errno());
   goto finish;
}

if (dir_to_register != NULL((void*)0))
{
   /* FIXME: Yes, this results in duplicate entries in the
      Entries.Log file, but it doesn't currently matter.  We
      might need to change this later on to make sure that we
      only write one entry.  */

   Subdir_Register ((List *) NULL((void*)0), dir_where_cvsadm_lives,
	     dir_to_register);
}

if (done)
   break;

dir_to_register = strrchr (p, '/');
if (dir_to_register == NULL((void*)0))
{
   dir_to_register = p;
   strcpy (dir_where_cvsadm_lives, base_dir);
   done = 1;
}
else
{
   *dir_to_register = '\0';
   dir_to_register++;
   strcpy (dir_where_cvsadm_lives, base_dir);
   strcat (dir_where_cvsadm_lives, "/");
   strcat (dir_where_cvsadm_lives, p);
}
  }

finish:
  free (tmp);
  free (dir_where_cvsadm_lives);
  free (p);
  return retval;
514}

516/*
* Make directory DIR, including all intermediate directories if necessary.
* Returns 0 for success or errno code.
*/
520static int mkdir_p PROTO((char *))(char *);

522static int
523mkdir_p (dir)
   char *dir;
525{
  char *p;
  char *q = malloc (strlen (dir) + 1);
  int retval;

  if (q == NULL((void*)0))
return ENOMEM12;

  retval = 0;

  /*
   * Skip over leading slash if present.  We won't bother to try to
   * make '/'.
   */
  p = dir + 1;
  while (1)
  {
while (*p != '/' && *p != '\0')
   ++p;
if (*p == '/')
{
   strncpy (q, dir, p - dir);
   q[p - dir] = '\0';
   if (q[p - dir - 1] != '/'  &&  CVS_MKDIRmkdir (q, 0777) < 0)
   {
int saved_errno = errno(*__errno());

if (saved_errno != EEXIST17
    && ((saved_errno != EACCES13 && saved_errno != EROFS30)
	|| !isdir (q)))
{
    retval = saved_errno;
    goto done;
}
   }
   ++p;
}
else
{
   if (CVS_MKDIRmkdir (dir, 0777) < 0)
retval = errno(*__errno());
   goto done;
}
  }
done:
  free (q);
  return retval;
572}
573
574/*
* Print the error response for error code STATUS.  The caller is
* reponsible for making sure we get back to the command loop without
* any further output occuring.
* Must be called only in contexts where it is OK to send output.
*/
580static void
581print_error (status)
  int status;
583{
  char *msg;
  char tmpstr[80];

  buf_output0 (buf_to_net, "error  ");
  msg = strerror (status);
  if (msg == NULL((void*)0))
  {
     sprintf (tmpstr, "unknown error %d", status);
     msg = tmpstr;
  }
  buf_output0 (buf_to_net, msg);
  buf_append_char (buf_to_net, '\n');

  buf_flush (buf_to_net, 0);
598}

600static int pending_error;
601/*
* Malloc'd text for pending error.  Each line must start with "E ".  The
* last line should not end with a newline.
*/
605static char *pending_error_text;

607/* If an error is pending, print it and return 1.  If not, return 0.
 Must be called only in contexts where it is OK to send output.  */
609static int
610print_pending_error ()
611{
  if (pending_error_text)
  {
buf_output0 (buf_to_net, pending_error_text);
buf_append_char (buf_to_net, '\n');
if (pending_error)
   print_error (pending_error);
else
   buf_output0 (buf_to_net, "error  \n");

buf_flush (buf_to_net, 0);

pending_error = 0;
free (pending_error_text);
pending_error_text = NULL((void*)0);
return 1;
  }
  else if (pending_error)
  {
print_error (pending_error);
pending_error = 0;
return 1;
  }
  else
return 0;
636}

638/* Is an error pending?  */
639#define error_pending()(pending_error || pending_error_text) (pending_error || pending_error_text)

641static int alloc_pending PROTO ((size_t size))(size_t size);

643/* Allocate SIZE bytes for pending_error_text and return nonzero
 if we could do it.  */
645static int
646alloc_pending (size)
  size_t size;
648{
  if (error_pending ()(pending_error || pending_error_text))
/* Probably alloc_pending callers will have already checked for
  this case.  But we might as well handle it if they don't, I
  guess.  */
return 0;
  pending_error_text = malloc (size);
  if (pending_error_text == NULL((void*)0))
  {
pending_error = ENOMEM12;
return 0;
  }
  return 1;
661}
662
663static void serve_is_modified PROTO ((char *))(char *);

665static int supported_response PROTO ((char *))(char *);

667static int
668supported_response (name)
   char *name;
670{
  struct response *rs;

  for (rs = responses; rs->name != NULL((void*)0); ++rs)
if (strcmp (rs->name, name) == 0)
   return rs->status == rs_supported;
  error (1, 0, "internal error: testing support for unknown response?");
  /* NOTREACHED */
  return 0;
679}

681static void
682serve_valid_responses (arg)
   char *arg;
684{
  char *p = arg;
  char *q;
  struct response *rs;
  do
  {
q = strchr (p, ' ');
if (q != NULL((void*)0))
   *q++ = '\0';
for (rs = responses; rs->name != NULL((void*)0); ++rs)
{
   if (strcmp (rs->name, p) == 0)
break;
}
if (rs->name == NULL((void*)0))
   /*
    * It is a response we have never heard of (and thus never
    * will want to use).  So don't worry about it.
    */
   ;
else
   rs->status = rs_supported;
p = q;
  } while (q != NULL((void*)0));
  for (rs = responses; rs->name != NULL((void*)0); ++rs)
  {
if (rs->status == rs_essential)
{
   buf_output0 (buf_to_net, "E response `");
   buf_output0 (buf_to_net, rs->name);
   buf_output0 (buf_to_net, "' not supported by client\nerror  \n");

   /* FIXME: This call to buf_flush could conceivably
      cause deadlock, as noted in server_cleanup.  */
   buf_flush (buf_to_net, 1);

   /* I'm doing this manually rather than via error_exit ()
      because I'm not sure whether we want to call server_cleanup.
      Needs more investigation....  */

724#ifdef SYSTEM_CLEANUP
   /* Hook for OS-specific behavior, for example socket subsystems on
      NT and OS2 or dealing with windows and arguments on Mac.  */
   SYSTEM_CLEANUP ();
728#endif

   exit (EXIT_FAILURE1);
}
else if (rs->status == rs_optional)
   rs->status = rs_not_supported;
  }
735}

737static void
738serve_root (arg)
  char *arg;
740{
  char *env;
  char *path;
  
  if (error_pending()(pending_error || pending_error_text)) return;
1
Assuming 'pending_error' is 0→
2
←
Assuming 'pending_error_text' is null→
3
←
Taking false branch→

  if (!isabsolute (arg))
4
←
Assuming the condition is false→
5
←
Taking false branch→
  {
if (alloc_pending (80 + strlen (arg)))
   sprintf (pending_error_text,
     "E Root %s must be an absolute pathname", arg);
return;
  }

  /* Sending "Root" twice is illegal.

     The other way to handle a duplicate Root requests would be as a
     request to clear out all state and start over as if it was a
     new connection.  Doing this would cause interoperability
     headaches, so it should be a different request, if there is
     any reason why such a feature is needed.  */
  if (current_parsed_root != NULL((void*)0))
6
←
Assuming 'current_parsed_root' is equal to NULL→
7
←
Taking false branch→
  {
if (alloc_pending (80 + strlen (arg)))
   sprintf (pending_error_text,
     "E Protocol error: Duplicate Root request, for %s", arg);
return;
  }

769#ifdef AUTH_SERVER_SUPPORT
  if (Pserver_Repos != NULL((void*)0))
  {
if (strcmp (Pserver_Repos, arg) != 0)
{
   if (alloc_pending (80 + strlen (Pserver_Repos) + strlen (arg)))
/* The explicitness is to aid people who are writing clients.
   I don't see how this information could help an
   attacker.  */
sprintf (pending_error_text, "\
779E Protocol error: Root says \"%s\" but pserver says \"%s\"",
	 arg, Pserver_Repos);
}
  }
783#endif

  if (current_parsed_root7.1
'current_parsed_root' is equal to NULL
 != NULL((void*)0))
8
←
Taking false branch→
free_cvsroot_t (current_parsed_root);
  current_parsed_root = local_cvsroot (arg);

  /* For pserver, this will already have happened, and the call will do
     nothing.  But for rsh, we need to do it now.  */
  parse_config (current_parsed_root->directory);

  path = malloc (strlen (current_parsed_root->directory)
   + sizeof (CVSROOTADM"CVSROOT")
   + 2);
  if (path == NULL((void*)0))
9
←
Assuming 'path' is not equal to NULL→
10
←
Taking false branch→
  {
pending_error = ENOMEM12;
return;
  }
  (void) sprintf (path, "%s/%s", current_parsed_root->directory, CVSROOTADM"CVSROOT");
  if (readonlyfs == 0 && !isaccessible (path, R_OK0x04 | X_OK0x01))
11
←
Assuming 'readonlyfs' is not equal to 0→
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (path)))
   sprintf (pending_error_text, "E Cannot access %s", path);
pending_error = save_errno;
  }
  free (path);

811#ifdef HAVE_PUTENV1
  env = malloc (strlen (CVSROOT_ENV"CVSROOT") + strlen (current_parsed_root->directory) + 2);
12
←
Memory is allocated→
  if (env == NULL((void*)0))
13
←
Assuming 'env' is not equal to NULL→
14
←
Taking false branch→
  {
pending_error = ENOMEM12;
return;
  }
  (void) sprintf (env, "%s=%s", CVSROOT_ENV"CVSROOT", current_parsed_root->directory);
  (void) putenv (env);
15
←
Potential leak of memory pointed to by 'env'
  /* do not free env, as putenv has control of it */
821#endif
822}
823
824static int max_dotdot_limit = 0;

826/* Is this pathname OK to recurse into when we are running as the server?
 If not, call error() with a fatal error.  */
828void
829server_pathname_check (path)
  char *path;
831{
  /* An absolute pathname is almost surely a path on the *client* machine,
     and is unlikely to do us any good here.  It also is probably capable
     of being a security hole in the anonymous readonly case.  */
  if (isabsolute (path))
/* Giving an error is actually kind of a cop-out, in the sense
  that it would be nice for "cvs co -d /foo/bar/baz" to work.
  A quick fix in the server would be requiring Max-dotdot of
  at least one if pathnames are absolute, and then putting
  /abs/foo/bar/baz in the temp dir beside the /d/d/d stuff.
  A cleaner fix in the server might be to decouple the
  pathnames we pass back to the client from pathnames in our
  temp directory (this would also probably remove the need
  for Max-dotdot).  A fix in the client would have the client
  turn it into "cd /foo/bar; cvs co -d baz" (more or less).
  This probably has some problems with pathnames which appear
  in messages.  */
error (1, 0, "absolute pathname `%s' illegal for server", path);
  if (pathname_levels (path) > max_dotdot_limit)
  {
/* Similar to the isabsolute case in security implications.  */
error (0, 0, "protocol error: `%s' contains more leading ..", path);
error (1, 0, "than the %d which Max-dotdot specified",
      max_dotdot_limit);
  }
856}

858static int outside_root PROTO ((char *))(char *);

860/* Is file or directory REPOS an absolute pathname within the
 current_parsed_root->directory?  If yes, return 0.  If no, set pending_error
 and return 1.  */
863static int
864outside_root (repos)
  char *repos;
866{
  size_t repos_len = strlen (repos);
  size_t root_len = strlen (current_parsed_root->directory);

  /* I think isabsolute (repos) should always be true, and that
     any RELATIVE_REPOS stuff should only be in CVS/Repository
     files, not the protocol (for compatibility), but I'm putting
     in the isabsolute check just in case.  */
  if (!isabsolute (repos))
  {
if (alloc_pending (repos_len + 80))
   sprintf (pending_error_text, "\
878E protocol error: %s is not absolute", repos);
return 1;
  }

  if (repos_len < root_len
|| strncmp (current_parsed_root->directory, repos, root_len) != 0)
  {
  not_within:
if (alloc_pending (strlen (current_parsed_root->directory)
	   + strlen (repos)
	   + 80))
   sprintf (pending_error_text, "\
890E protocol error: directory '%s' not within root '%s'",
     repos, current_parsed_root->directory);
return 1;
  }
  if (repos_len > root_len)
  {
if (repos[root_len] != '/')
   goto not_within;
if (pathname_levels (repos + root_len + 1) > 0)
   goto not_within;
  }
  return 0;
902}

904static int outside_dir PROTO ((char *))(char *);

906/* Is file or directory FILE outside the current directory (that is, does
 it contain '/')?  If no, return 0.  If yes, set pending_error
 and return 1.  */
909static int
910outside_dir (file)
  char *file;
912{
  if (strchr (file, '/') != NULL((void*)0))
  {
if (alloc_pending (strlen (file)
	   + 80))
   sprintf (pending_error_text, "\
918E protocol error: directory '%s' not within current directory",
     file);
return 1;
  }
  return 0;
923}

925/*
* Add as many directories to the temp directory as the client tells us it
* will use "..", so we never try to access something outside the temp
* directory via "..".
*/
930static void
931serve_max_dotdot (arg)
  char *arg;
933{
  int lim = atoi (arg);
  int i;
  char *p;

  if (lim < 0 || lim > 10000)
return;
  p = malloc (strlen (server_temp_dir) + 2 * lim + 10);
  if (p == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  strcpy (p, server_temp_dir);
  for (i = 0; i < lim; ++i)
strcat (p, "/d");
  if (server_temp_dir != orig_server_temp_dir)
free (server_temp_dir);
  server_temp_dir = p;
  max_dotdot_limit = lim;
953}
954
955static char *dir_name;

957static void
958dirswitch (dir, repos)
  char *dir;
  char *repos;
961{
  int status;
  FILE *f;
  size_t dir_len;

  server_write_entries ();

  if (error_pending()(pending_error || pending_error_text)) return;

  /* Check for bad directory name.

     FIXME: could/should unify these checks with server_pathname_check
     except they need to report errors differently.  */
  if (isabsolute (dir))
  {
if (alloc_pending (80 + strlen (dir)))
   sprintf (pending_error_text,
     "E absolute pathname `%s' illegal for server", dir);
return;
  }
  if (pathname_levels (dir) > max_dotdot_limit)
  {
if (alloc_pending (80 + strlen (dir)))
   sprintf (pending_error_text,
     "E protocol error: `%s' has too many ..", dir);
return;
  }

  dir_len = strlen (dir);

  /* Check for a trailing '/'.  This is not ISDIRSEP because \ in the
     protocol is an ordinary character, not a directory separator (of
     course, it is perhaps unwise to use it in directory names, but that
     is another issue).  */
  if (dir_len > 0
&& dir[dir_len - 1] == '/')
  {
if (alloc_pending (80 + dir_len))
   sprintf (pending_error_text,
     "E protocol error: invalid directory syntax in %s", dir);
return;
  }

  if (dir_name != NULL((void*)0))
free (dir_name);

  dir_name = malloc (strlen (server_temp_dir) + dir_len + 40);
  if (dir_name == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  
  strcpy (dir_name, server_temp_dir);
  strcat (dir_name, "/");
  strcat (dir_name, dir);

  status = mkdir_p (dir_name);
  if (status != 0
&& status != EEXIST17)
  {
if (alloc_pending (80 + strlen (dir_name)))
   sprintf (pending_error_text, "E cannot mkdir %s", dir_name);
pending_error = status;
return;
  }

  /* We need to create adm directories in all path elements because
     we want the server to descend them, even if the client hasn't
     sent the appropriate "Argument xxx" command to match the
     already-sent "Directory xxx" command.  See recurse.c
     (start_recursion) for a big discussion of this.  */

  status = create_adm_p (server_temp_dir, dir);
  if (status != 0)
  {
if (alloc_pending (80 + strlen (dir_name)))
   sprintf (pending_error_text, "E cannot create_adm_p %s", dir_name);
pending_error = status;
return;
  }

  if ( CVS_CHDIRchdir (dir_name) < 0)
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (dir_name)))
   sprintf (pending_error_text, "E cannot change to %s", dir_name);
pending_error = save_errno;
return;
  }
  /*
   * This is pretty much like calling Create_Admin, but Create_Admin doesn't
   * report errors in the right way for us.
   */
  if ((CVS_MKDIRmkdir (CVSADM"CVS", 0777) < 0) && (errno(*__errno()) != EEXIST17))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (dir_name) + strlen (CVSADM"CVS")))
   sprintf (pending_error_text,
     "E cannot mkdir %s/%s", dir_name, CVSADM"CVS");
pending_error = save_errno;
return;
  }

  /* The following will overwrite the contents of CVSADM_REP.  This
     is the correct behavior -- mkdir_p may have written a
     placeholder value to this file and we need to insert the
     correct value. */

  f = CVS_FOPENfopen (CVSADM_REP"CVS/Repository", "w");
  if (f == NULL((void*)0))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (dir_name) + strlen (CVSADM_REP"CVS/Repository")))
   sprintf (pending_error_text,
     "E cannot open %s/%s", dir_name, CVSADM_REP"CVS/Repository");
pending_error = save_errno;
return;
  }
  if (fprintf (f, "%s", repos) < 0)
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (dir_name) + strlen (CVSADM_REP"CVS/Repository")))
   sprintf (pending_error_text,
     "E error writing %s/%s", dir_name, CVSADM_REP"CVS/Repository");
pending_error = save_errno;
fclose (f);
return;
  }
  /* Non-remote CVS handles a module representing the entire tree
     (e.g., an entry like ``world -a .'') by putting /. at the end
     of the Repository file, so we do the same.  */
  if (strcmp (dir, ".") == 0
&& current_parsed_root != NULL((void*)0)
&& current_parsed_root->directory != NULL((void*)0)
&& strcmp (current_parsed_root->directory, repos) == 0)
  {
      if (fprintf (f, "/.") < 0)
{
   int save_errno = errno(*__errno());
   if (alloc_pending (80 + strlen (dir_name) + strlen (CVSADM_REP"CVS/Repository")))
sprintf (pending_error_text,
	 "E error writing %s/%s", dir_name, CVSADM_REP"CVS/Repository");
   pending_error = save_errno;
   fclose (f);
   return;
}
  }
  if (fprintf (f, "\n") < 0)
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (dir_name) + strlen (CVSADM_REP"CVS/Repository")))
   sprintf (pending_error_text,
     "E error writing %s/%s", dir_name, CVSADM_REP"CVS/Repository");
pending_error = save_errno;
fclose (f);
return;
  }
  if (fclose (f) == EOF(-1))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (dir_name) + strlen (CVSADM_REP"CVS/Repository")))
   sprintf (pending_error_text,
     "E error closing %s/%s", dir_name, CVSADM_REP"CVS/Repository");
pending_error = save_errno;
return;
  }
  /* We open in append mode because we don't want to clobber an
     existing Entries file.  */
  f = CVS_FOPENfopen (CVSADM_ENT"CVS/Entries", "a");
  if (f == NULL((void*)0))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_ENT"CVS/Entries")))
   sprintf (pending_error_text, "E cannot open %s", CVSADM_ENT"CVS/Entries");
pending_error = save_errno;
return;
  }
  if (fclose (f) == EOF(-1))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_ENT"CVS/Entries")))
   sprintf (pending_error_text, "E cannot close %s", CVSADM_ENT"CVS/Entries");
pending_error = save_errno;
return;
  }
1147}

1149static void
1150serve_repository (arg)
  char *arg;
1152{
  if (alloc_pending (80))
strcpy (pending_error_text,
"E Repository request is obsolete; aborted");
  return;
1157}

1159static void
1160serve_directory (arg)
  char *arg;
1162{
  int status;
  char *repos;

  status = buf_read_line (buf_from_net, &repos, (int *) NULL((void*)0));
  if (status == 0)
  {
if (!outside_root (repos))
   dirswitch (arg, repos);
free (repos);
  }
  else if (status == -2)
  {
      pending_error = ENOMEM12;
  }
  else
  {
pending_error_text = malloc (80 + strlen (arg));
if (pending_error_text == NULL((void*)0))
{
   pending_error = ENOMEM12;
}
else if (status == -1)
{
   sprintf (pending_error_text,
     "E end of file reading mode for %s", arg);
}
else
{
   sprintf (pending_error_text,
     "E error reading mode for %s", arg);
   pending_error = status;
}
  }
1196}
1197
1198static void
1199serve_static_directory (arg)
  char *arg;
1201{
  FILE *f;

  if (error_pending ()(pending_error || pending_error_text)) return;

  f = CVS_FOPENfopen (CVSADM_ENTSTAT"CVS/Entries.Static", "w+");
  if (f == NULL((void*)0))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_ENTSTAT"CVS/Entries.Static")))
   sprintf (pending_error_text, "E cannot open %s", CVSADM_ENTSTAT"CVS/Entries.Static");
pending_error = save_errno;
return;
  }
  if (fclose (f) == EOF(-1))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_ENTSTAT"CVS/Entries.Static")))
   sprintf (pending_error_text, "E cannot close %s", CVSADM_ENTSTAT"CVS/Entries.Static");
pending_error = save_errno;
return;
  }
1223}

1225static void
1226serve_sticky (arg)
  char *arg;
1228{
  FILE *f;

  if (error_pending ()(pending_error || pending_error_text)) return;

  f = CVS_FOPENfopen (CVSADM_TAG"CVS/Tag", "w+");
  if (f == NULL((void*)0))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_TAG"CVS/Tag")))
   sprintf (pending_error_text, "E cannot open %s", CVSADM_TAG"CVS/Tag");
pending_error = save_errno;
return;
  }
  if (fprintf (f, "%s\n", arg) < 0)
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_TAG"CVS/Tag")))
   sprintf (pending_error_text, "E cannot write to %s", CVSADM_TAG"CVS/Tag");
pending_error = save_errno;
return;
  }
  if (fclose (f) == EOF(-1))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_TAG"CVS/Tag")))
   sprintf (pending_error_text, "E cannot close %s", CVSADM_TAG"CVS/Tag");
pending_error = save_errno;
return;
  }
1258}
1259
1260/*
* Read SIZE bytes from buf_from_net, write them to FILE.
*
* Currently this isn't really used for receiving parts of a file --
* the file is still sent over in one chunk.  But if/when we get
* spiffy in-process gzip support working, perhaps the compressed
* pieces could be sent over as they're ready, if the network is fast
* enough.  Or something.
*/
1269static void
1270receive_partial_file (size, file)
   int size;
   int file;
1273{
  while (size > 0)
  {
int status, nread;
char *data;

status = buf_read_data (buf_from_net, size, &data, &nread);
if (status != 0)
{
   if (status == -2)
pending_error = ENOMEM12;
   else
   {
pending_error_text = malloc (80);
if (pending_error_text == NULL((void*)0))
    pending_error = ENOMEM12;
else if (status == -1)
{
    sprintf (pending_error_text,
	     "E premature end of file from client");
    pending_error = 0;
}
else
{
    sprintf (pending_error_text,
	     "E error reading from client");
    pending_error = status;
}
   }
   return;
}

size -= nread;

while (nread > 0)
{
   int nwrote;

   nwrote = write (file, data, nread);
   if (nwrote < 0)
   {
       int save_errno = errno(*__errno());
if (alloc_pending (40))
    strcpy (pending_error_text, "E unable to write");
pending_error = save_errno;

/* Read and discard the file data.  */
while (size > 0)
{
    int status, nread;
    char *data;

    status = buf_read_data (buf_from_net, size, &data, &nread);
    if (status != 0)
	return;
    size -= nread;
}

return;
   }
   nread -= nwrote;
   data += nwrote;
}
  }
1337}

1339/* Receive SIZE bytes, write to filename FILE.  */
1340static void
1341receive_file (size, file, gzipped)
   int size;
   char *file;
   int gzipped;
1345{
  int fd;
  char *arg = file;

  /* Write the file.  */
  fd = CVS_OPENopen (arg, O_WRONLY0x0001 | O_CREAT0x0200 | O_TRUNC0x0400, 0600);
  if (fd < 0)
  {
int save_errno = errno(*__errno());
if (alloc_pending (40 + strlen (arg)))
   sprintf (pending_error_text, "E cannot open %s", arg);
pending_error = save_errno;
return;
  }

  if (gzipped)
  {
/* Using gunzip_and_write isn't really a high-performance
  approach, because it keeps the whole thing in memory
  (contiguous memory, worse yet).  But it seems easier to
  code than the alternative (and less vulnerable to subtle
  bugs).  Given that this feature is mainly for
  compatibility, that is the better tradeoff.  */

int toread = size;
char *filebuf;
char *p;

filebuf = malloc (size);
p = filebuf;
/* If NULL, we still want to read the data and discard it.  */

while (toread > 0)
{
   int status, nread;
   char *data;

   status = buf_read_data (buf_from_net, toread, &data, &nread);
   if (status != 0)
   {
if (status == -2)
    pending_error = ENOMEM12;
else
{
    pending_error_text = malloc (80);
    if (pending_error_text == NULL((void*)0))
	pending_error = ENOMEM12;
    else if (status == -1)
    {
	sprintf (pending_error_text,
		 "E premature end of file from client");
	pending_error = 0;
    }
    else
    {
	sprintf (pending_error_text,
		 "E error reading from client");
	pending_error = status;
    }
}
if (filebuf != NULL((void*)0))
    free(filebuf);
return;
   }

   toread -= nread;

   if (filebuf != NULL((void*)0))
   {
memcpy (p, data, nread);
p += nread;
   }
}
if (filebuf == NULL((void*)0))
{
   pending_error = ENOMEM12;
   goto out;
}

if (gunzip_and_write (fd, file, (unsigned char *) filebuf, size))
{
   if (alloc_pending (80))
sprintf (pending_error_text,
	 "E aborting due to compression error");
}
free (filebuf);
  }
  else
receive_partial_file (size, fd);

  if (pending_error_text)
  {
char *p = realloc (pending_error_text,
	   strlen (pending_error_text) + strlen (arg) + 30);
if (p)
{
   pending_error_text = p;
   sprintf (p + strlen (p), ", file %s", arg);
}
/* else original string is supposed to be unchanged */
  }

out:
  if (close (fd) < 0 && !error_pending ()(pending_error || pending_error_text))
  {
int save_errno = errno(*__errno());
if (alloc_pending (40 + strlen (arg)))
   sprintf (pending_error_text, "E cannot close %s", arg);
pending_error = save_errno;
return;
  }
1456}

1458/* Kopt for the next file sent in Modified or Is-modified.  */
1459static char *kopt;

1461/* Timestamp (Checkin-time) for next file sent in Modified or
 Is-modified.  */
1463static int checkin_time_valid;
1464static time_t checkin_time;

1466static void serve_modified PROTO ((char *))(char *);

1468static void
1469serve_modified (arg)
   char *arg;
1471{
  int size, status;
  char *size_text;
  char *mode_text;

  int gzipped = 0;

  /*
   * This used to return immediately if error_pending () was true.
   * However, that fails, because it causes each line of the file to
   * be echoed back to the client as an unrecognized command.  The
   * client isn't reading from the socket, so eventually both
   * processes block trying to write to the other.  Now, we try to
   * read the file if we can.
   */

  status = buf_read_line (buf_from_net, &mode_text, (int *) NULL((void*)0));
  if (status != 0)
  {
      if (status == -2)
   pending_error = ENOMEM12;
else
{
   pending_error_text = malloc (80 + strlen (arg));
   if (pending_error_text == NULL((void*)0))
pending_error = ENOMEM12;
   else
   {
if (status == -1)
    sprintf (pending_error_text,
	     "E end of file reading mode for %s", arg);
else
{
    sprintf (pending_error_text,
	     "E error reading mode for %s", arg);
    pending_error = status;
}
   }
}
return;
  }

  status = buf_read_line (buf_from_net, &size_text, (int *) NULL((void*)0));
  if (status != 0)
  {
if (status == -2)
   pending_error = ENOMEM12;
else
{
   pending_error_text = malloc (80 + strlen (arg));
   if (pending_error_text == NULL((void*)0))
pending_error = ENOMEM12;
   else
   {
if (status == -1)
    sprintf (pending_error_text,
	     "E end of file reading size for %s", arg);
else
{
    sprintf (pending_error_text,
	     "E error reading size for %s", arg);
    pending_error = status;
}
   }
}
free (mode_text);
return;
  }
  if (size_text[0] == 'z')
  {
gzipped = 1;
size = atoi (size_text + 1);
  }
  else
size = atoi (size_text);
  free (size_text);

  if (error_pending ()(pending_error || pending_error_text))
  {
      /* Now that we know the size, read and discard the file data.  */
while (size > 0)
{
   int status, nread;
   char *data;

   status = buf_read_data (buf_from_net, size, &data, &nread);
   if (status != 0)
return;
   size -= nread;
}
free (mode_text);
return;
  }

  if (outside_dir (arg))
  {
free (mode_text);
return;
  }

  if (size >= 0)
  {
receive_file (size, arg, gzipped);
if (error_pending ()(pending_error || pending_error_text))
{
   free (mode_text);
   return;
}
  }

  if (checkin_time_valid)
  {
struct utimbuf t;

memset (&t, 0, sizeof (t));
t.modtime = t.actime = checkin_time;
if (utime (arg, &t) < 0)
{
   int save_errno = errno(*__errno());
   if (alloc_pending (80 + strlen (arg)))
sprintf (pending_error_text, "E cannot utime %s", arg);
   pending_error = save_errno;
   free (mode_text);
   return;
}
checkin_time_valid = 0;
  }

  {
int status = change_mode (arg, mode_text, 0);
free (mode_text);
if (status)
{
   if (alloc_pending (40 + strlen (arg)))
sprintf (pending_error_text,
	 "E cannot change mode for %s", arg);
   pending_error = status;
   return;
}
  }

  /* Make sure that the Entries indicate the right kopt.  We probably
     could do this even in the non-kopt case and, I think, save a stat()
     call in time_stamp_server.  But for conservatism I'm leaving the
     non-kopt case alone.  */
  if (kopt != NULL((void*)0))
serve_is_modified (arg);
1618}

1620
1621static void
1622serve_enable_unchanged (arg)
   char *arg;
1624{
1625}

1627struct an_entry {
  struct an_entry *next;
  char *entry;
1630};

1632static struct an_entry *entries;

1634static void serve_unchanged PROTO ((char *))(char *);

1636static void
1637serve_unchanged (arg)
  char *arg;
1639{
  struct an_entry *p;
  char *name;
  char *cp;
  char *timefield;

  if (error_pending ()(pending_error || pending_error_text)) return;

  if (outside_dir (arg))
return;

  /* Rewrite entries file to have `=' in timestamp field.  */
  for (p = entries; p != NULL((void*)0); p = p->next)
  {
name = p->entry + 1;
cp = strchr (name, '/');
if (cp != NULL((void*)0)
   && strlen (arg) == cp - name
   && strncmp (arg, name, cp - name) == 0)
{
   if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
   {
/* We didn't find the record separator or it is followed by
 * the end of the string, so just exit.
 */
if (alloc_pending (80))
    sprintf (pending_error_text,
             "E Malformed Entry encountered.");
return;
   }
   /* If the time field is not currently empty, then one of
    * serve_modified, serve_is_modified, & serve_unchanged were
    * already called for this file.  We would like to ignore the
    * reinvocation silently or, better yet, exit with an error
    * message, but we just avoid the copy-forward and overwrite the
    * value from the last invocation instead.  See the comment below
    * for more.
    */
   if (*timefield == '/')
   {
/* Copy forward one character.  Space was allocated for this
 * already in serve_entry().  */
cp = timefield + strlen (timefield);
cp[1] = '\0';
while (cp > timefield)
{
    *cp = cp[-1];
    --cp;
}
   }
   /* If *TIMEFIELD wasn't "/", we assume that it was because of
    * multiple calls to Is-Modified & Unchanged by the client and
    * just overwrite the value from the last call.  Technically, we
    * should probably either ignore calls after the first or send the
    * client an error, since the client/server protocol specification
    * specifies that only one call to either Is-Modified or Unchanged
    * is allowed, but broken versions of WinCVS & TortoiseCVS rely on
    * this behavior.
    */
   *timefield = '=';
   break;
}
  }
1702}

1704static void
1705serve_is_modified (arg)
  char *arg;
1707{
  struct an_entry *p;
  char *name;
  char *cp;
  char *timefield;
  /* Have we found this file in "entries" yet.  */
  int found;

  if (error_pending ()(pending_error || pending_error_text)) return;

  if (outside_dir (arg))
return;

  /* Rewrite entries file to have `M' in timestamp field.  */
  found = 0;
  for (p = entries; p != NULL((void*)0); p = p->next)
  {
name = p->entry + 1;
cp = strchr (name, '/');
if (cp != NULL((void*)0)
   && strlen (arg) == cp - name
   && strncmp (arg, name, cp - name) == 0)
{
   if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
   {
/* We didn't find the record separator or it is followed by
 * the end of the string, so just exit.
 */
if (alloc_pending (80))
    sprintf (pending_error_text,
             "E Malformed Entry encountered.");
return;
   }
   /* If the time field is not currently empty, then one of
    * serve_modified, serve_is_modified, & serve_unchanged were
    * already called for this file.  We would like to ignore the
    * reinvocation silently or, better yet, exit with an error
    * message, but we just avoid the copy-forward and overwrite the
    * value from the last invocation instead.  See the comment below
    * for more.
    */
   if (*timefield == '/')
   {
/* Copy forward one character.  Space was allocated for this
 * already in serve_entry().  */
cp = timefield + strlen (timefield);
cp[1] = '\0';
while (cp > timefield)
{
    *cp = cp[-1];
    --cp;
}
   }
   /* If *TIMEFIELD wasn't "/", we assume that it was because of
    * multiple calls to Is-Modified & Unchanged by the client and
    * just overwrite the value from the last call.  Technically, we
    * should probably either ignore calls after the first or send the
    * client an error, since the client/server protocol specification
    * specifies that only one call to either Is-Modified or Unchanged
    * is allowed, but broken versions of WinCVS & TortoiseCVS rely on
    * this behavior.
    */
   *timefield = 'M';
   if (kopt != NULL((void*)0))
   {
if (alloc_pending (strlen (name) + 80))
    sprintf (pending_error_text,
	     "E protocol error: both Kopt and Entry for %s",
	     arg);
free (kopt);
kopt = NULL((void*)0);
return;
   }
   found = 1;
   break;
}
  }
  if (!found)
  {
/* We got Is-modified but no Entry.  Add a dummy entry.
  The "D" timestamp is what makes it a dummy.  */
p = (struct an_entry *) malloc (sizeof (struct an_entry));
if (p == NULL((void*)0))
{
   pending_error = ENOMEM12;
   return;
}
p->entry = malloc (strlen (arg) + 80);
if (p->entry == NULL((void*)0))
{
   pending_error = ENOMEM12;
   free (p);
   return;
}
strcpy (p->entry, "/");
strcat (p->entry, arg);
strcat (p->entry, "//D/");
if (kopt != NULL((void*)0))
{
   strcat (p->entry, kopt);
   free (kopt);
   kopt = NULL((void*)0);
}
strcat (p->entry, "/");
p->next = entries;
entries = p;
  }
1814}

1816static void serve_entry PROTO ((char *))(char *);

1818static void
1819serve_entry (arg)
   char *arg;
1821{
  struct an_entry *p;
  char *cp;
  int i = 0;
  if (error_pending()(pending_error || pending_error_text)) return;

  /* Verify that the entry is well-formed.  This can avoid problems later.
   * At the moment we only check that the Entry contains five slashes in
   * approximately the correct locations since some of the code makes
   * assumptions about this.
   */
  cp = arg;
  if (*cp == 'D') cp++;
  while (i++ < 5)
  {
    if (!cp || *cp != '/')
    {
        if (alloc_pending (80))
            sprintf (pending_error_text,
                     "E protocol error: Malformed Entry");
         return;
    }
  cp = strchr (cp + 1, '/');
  }

  p = xmalloc (sizeof (struct an_entry));
  if (p == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  /* Leave space for serve_unchanged to write '=' if it wants.  */
  cp = malloc (strlen (arg) + 2);
  if (cp == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  strcpy (cp, arg);
  p->next = entries;
  p->entry = cp;
  entries = p;
1863}

1865static void serve_kopt PROTO ((char *))(char *);

1867static void
1868serve_kopt (arg)
   char *arg;
1870{
  if (error_pending ()(pending_error || pending_error_text))
return;

  if (kopt != NULL((void*)0))
  {
if (alloc_pending (80 + strlen (arg)))
   sprintf (pending_error_text,
     "E protocol error: duplicate Kopt request: %s", arg);
return;
  }

  /* Do some sanity checks.  In particular, that it is not too long.
     This lets the rest of the code not worry so much about buffer
     overrun attacks.  Probably should call RCS_check_kflag here,
     but that would mean changing RCS_check_kflag to handle errors
     other than via exit(), fprintf(), and such.  */
  if (strlen (arg) > 10)
  {
if (alloc_pending (80 + strlen (arg)))
   sprintf (pending_error_text,
     "E protocol error: invalid Kopt request: %s", arg);
return;
  }

  kopt = malloc (strlen (arg) + 1);
  if (kopt == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  strcpy (kopt, arg);
1902}

1904static void serve_checkin_time PROTO ((char *))(char *);

1906static void
1907serve_checkin_time (arg)
   char *arg;
1909{
  if (error_pending ()(pending_error || pending_error_text))
return;

  if (checkin_time_valid)
  {
if (alloc_pending (80 + strlen (arg)))
   sprintf (pending_error_text,
     "E protocol error: duplicate Checkin-time request: %s",
     arg);
return;
  }

  checkin_time = get_date (arg);
  if (checkin_time == (time_t)-1)
  {
if (alloc_pending (80 + strlen (arg)))
   sprintf (pending_error_text, "E cannot parse date %s", arg);
return;
  }
  checkin_time_valid = 1;
1930}

1932static void
1933server_write_entries ()
1934{
  FILE *f;
  struct an_entry *p;
  struct an_entry *q;

  if (entries == NULL((void*)0))
return;

  f = NULL((void*)0);
  /* Note that we free all the entries regardless of errors.  */
  if (!error_pending ()(pending_error || pending_error_text))
  {
/* We open in append mode because we don't want to clobber an
         existing Entries file.  If we are checking out a module
         which explicitly lists more than one file in a particular
         directory, then we will wind up calling
         server_write_entries for each such file.  */
f = CVS_FOPENfopen (CVSADM_ENT"CVS/Entries", "a");
if (f == NULL((void*)0))
{
   int save_errno = errno(*__errno());
   if (alloc_pending (80 + strlen (CVSADM_ENT"CVS/Entries")))
sprintf (pending_error_text, "E cannot open %s", CVSADM_ENT"CVS/Entries");
   pending_error = save_errno;
}
  }
  for (p = entries; p != NULL((void*)0);)
  {
if (!error_pending ()(pending_error || pending_error_text))
{
   if (fprintf (f, "%s\n", p->entry) < 0)
   {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen(CVSADM_ENT"CVS/Entries")))
    sprintf (pending_error_text,
	     "E cannot write to %s", CVSADM_ENT"CVS/Entries");
pending_error = save_errno;
   }
}
free (p->entry);
q = p->next;
free (p);
p = q;
  }
  entries = NULL((void*)0);
  if (f != NULL((void*)0) && fclose (f) == EOF(-1) && !error_pending ()(pending_error || pending_error_text))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_ENT"CVS/Entries")))
   sprintf (pending_error_text, "E cannot close %s", CVSADM_ENT"CVS/Entries");
pending_error = save_errno;
  }
1986}
1987
1988struct notify_note {
  /* Directory in which this notification happens.  malloc'd*/
  char *dir;

  /* malloc'd.  */
  char *filename;

  /* The following three all in one malloc'd block, pointed to by TYPE.
     Each '\0' terminated.  */
  /* "E" or "U".  */
  char *type;
  /* time+host+dir */
  char *val;
  char *watches;

  struct notify_note *next;
2004};

2006static struct notify_note *notify_list;
2007/* Used while building list, to point to the last node that already exists.  */
2008static struct notify_note *last_node;

2010static void serve_notify PROTO ((char *))(char *);

2012static void
2013serve_notify (arg)
  char *arg;
2015{
  struct notify_note *new = NULL((void*)0);
  char *data = NULL((void*)0);
  int status;

  if (error_pending ()(pending_error || pending_error_text)) return;

  if (outside_dir (arg))
return;

  if (dir_name == NULL((void*)0))
goto error;

  new = (struct notify_note *) malloc (sizeof (struct notify_note));
  if (new == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  new->dir = malloc (strlen (dir_name) + 1);
  new->filename = malloc (strlen (arg) + 1);
  if (new->dir == NULL((void*)0) || new->filename == NULL((void*)0))
  {
pending_error = ENOMEM12;
if (new->dir != NULL((void*)0))
   free (new->dir);
free (new);
return;
  }
  strcpy (new->dir, dir_name);
  strcpy (new->filename, arg);

  status = buf_read_line (buf_from_net, &data, (int *) NULL((void*)0));
  if (status != 0)
  {
if (status == -2)
   pending_error = ENOMEM12;
else
{
   pending_error_text = malloc (80 + strlen (arg));
   if (pending_error_text == NULL((void*)0))
pending_error = ENOMEM12;
   else
   {
if (status == -1)
    sprintf (pending_error_text,
	     "E end of file reading notification for %s", arg);
else
{
    sprintf (pending_error_text,
	     "E error reading notification for %s", arg);
    pending_error = status;
}
   }
}
free (new->filename);
free (new->dir);
free (new);
  }
  else
  {
char *cp;

if (!data[0])
   goto error;

if (strchr (data, '+'))
   goto error;

new->type = data;
if (data[1] != '\t')
   goto error;
data[1] = '\0';
cp = data + 2;
new->val = cp;
cp = strchr (cp, '\t');
if (cp == NULL((void*)0))
   goto error;
*cp++ = '+';
cp = strchr (cp, '\t');
if (cp == NULL((void*)0))
   goto error;
*cp++ = '+';
cp = strchr (cp, '\t');
if (cp == NULL((void*)0))
   goto error;
*cp++ = '\0';
new->watches = cp;
/* If there is another tab, ignore everything after it,
  for future expansion.  */
cp = strchr (cp, '\t');
if (cp != NULL((void*)0))
{
   *cp = '\0';
}

new->next = NULL((void*)0);

if (last_node == NULL((void*)0))
{
   notify_list = new;
}
else
   last_node->next = new;
last_node = new;
  }
  return;
error:
  pending_error = 0;
  if (alloc_pending (80))
strcpy (pending_error_text,
"E Protocol error; misformed Notify request");
  if (data != NULL((void*)0))
free (data);
  if (new != NULL((void*)0))
  {
free (new->filename);
free (new->dir);
free (new);
  }
  return;
2136}

2138/* Process all the Notify requests that we have stored up.  Returns 0
 if successful, if not prints error message (via error()) and
 returns negative value.  */
2141static int
2142server_notify ()
2143{
  struct notify_note *p;
  char *repos;

  while (notify_list != NULL((void*)0))
  {
if ( CVS_CHDIRchdir (notify_list->dir) < 0)
{
   error (0, errno(*__errno()), "cannot change to %s", notify_list->dir);
   return -1;
}
repos = Name_Repository (NULL((void*)0), NULL((void*)0));

lock_dir_for_write (repos);

fileattr_startdir (repos);

notify_do (*notify_list->type, notify_list->filename, getcaller(),
   notify_list->val, notify_list->watches, repos);

buf_output0 (buf_to_net, "Notified ");
{
   char *dir = notify_list->dir + strlen (server_temp_dir) + 1;
   if (dir[0] == '\0')
       buf_append_char (buf_to_net, '.');
   else
       buf_output0 (buf_to_net, dir);
   buf_append_char (buf_to_net, '/');
   buf_append_char (buf_to_net, '\n');
}
buf_output0 (buf_to_net, repos);
buf_append_char (buf_to_net, '/');
buf_output0 (buf_to_net, notify_list->filename);
buf_append_char (buf_to_net, '\n');
free (repos);

p = notify_list->next;
free (notify_list->filename);
free (notify_list->dir);
free (notify_list->type);
free (notify_list);
notify_list = p;

fileattr_write ();
fileattr_free ();

Lock_Cleanup ();
  }

  last_node = NULL((void*)0);

  /* The code used to call fflush (stdout) here, but that is no
     longer necessary.  The data is now buffered in buf_to_net,
     which will be flushed by the caller, do_cvs_command.  */

  return 0;
2199}
2200
2201static int argument_count;
2202static char **argument_vector;
2203static int argument_vector_size;

2205static void
2206serve_argument (arg)
   char *arg;
2208{
  char *p;
  
  if (error_pending()(pending_error || pending_error_text)) return;

  if (argument_count >= 10000)
  {
     if (alloc_pending (80))
         sprintf (pending_error_text,
                  "E Protocol error: too many arguments");
     return;
  }

  
  if (argument_vector_size <= argument_count)
  {
argument_vector_size *= 2;
argument_vector =
   (char **) realloc ((char *)argument_vector,
	       argument_vector_size * sizeof (char *));
if (argument_vector == NULL((void*)0))
{
   pending_error = ENOMEM12;
   return;
}
  }
  p = malloc (strlen (arg) + 1);
  if (p == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  strcpy (p, arg);
  argument_vector[argument_count++] = p;
2242}

2244static void
2245serve_argumentx (arg)
   char *arg;
2247{
  char *p;
  
  if (error_pending()(pending_error || pending_error_text)) return;

  if (argument_count <= 1)
  {
      if (alloc_pending (80))
          sprintf (pending_error_text,
                   "E Protocol error: called argumentx without prior call to argument");
      return;
  }

  
  p = argument_vector[argument_count - 1];
  p = realloc (p, strlen (p) + 1 + strlen (arg) + 1);
  if (p == NULL((void*)0))
  {
pending_error = ENOMEM12;
return;
  }
  strcat (p, "\n");
  strcat (p, arg);
  argument_vector[argument_count - 1] = p;
2271}

2273static void
2274serve_global_option (arg)
  char *arg;
2276{
  if (arg[0] != '-' || arg[1] == '\0' || arg[2] != '\0')
  {
  error_return:
if (alloc_pending (strlen (arg) + 80))
   sprintf (pending_error_text,
     "E Protocol error: bad global option %s",
     arg);
return;
  }
  switch (arg[1])
  {
case 'n':
   noexec = 1;
   break;
case 'q':
   quiet = 1;
   break;
case 'r':
   cvswrite = 0;
   break;
case 'Q':
   really_quiet = 1;
   break;
case 'l':
   logoff = 1;
   break;
case 't':
   trace = 1;
   break;
default:
   goto error_return;
  }
2309}

2311static void
2312serve_set (arg)
  char *arg;
2314{
  /* FIXME: This sends errors immediately (I think); they should be
     put into pending_error.  */
  variable_set (arg);
2318}

2320#ifdef ENCRYPTION

2322#ifdef HAVE_KERBEROS

2324static void
2325serve_kerberos_encrypt (arg)
   char *arg;
2327{
  /* All future communication with the client will be encrypted.  */

  buf_to_net = krb_encrypt_buffer_initialize (buf_to_net, 0, sched,
				kblock,
				buf_to_net->memory_error);
  buf_from_net = krb_encrypt_buffer_initialize (buf_from_net, 1, sched,
				  kblock,
				  buf_from_net->memory_error);
2336}

2338#endif /* HAVE_KERBEROS */

2340#ifdef HAVE_GSSAPI

2342static void
2343serve_gssapi_encrypt (arg)
   char *arg;
2345{
  if (cvs_gssapi_wrapping)
  {
/* We're already using a gssapi_wrap buffer for stream
         authentication.  Flush everything we've output so far, and
         turn on encryption for future data.  On the input side, we
         should only have unwrapped as far as the Gssapi-encrypt
         command, so future unwrapping will become encrypted.  */
buf_flush (buf_to_net, 1);
cvs_gssapi_encrypt = 1;
return;
  }

  /* All future communication with the client will be encrypted.  */

  cvs_gssapi_encrypt = 1;

  buf_to_net = cvs_gssapi_wrap_buffer_initialize (buf_to_net, 0,
				    gcontext,
				    buf_to_net->memory_error);
  buf_from_net = cvs_gssapi_wrap_buffer_initialize (buf_from_net, 1,
				      gcontext,
				      buf_from_net->memory_error);

  cvs_gssapi_wrapping = 1;
2370}

2372#endif /* HAVE_GSSAPI */

2374#endif /* ENCRYPTION */

2376#ifdef HAVE_GSSAPI

2378static void
2379serve_gssapi_authenticate (arg)
   char *arg;
2381{
  if (cvs_gssapi_wrapping)
  {
/* We're already using a gssapi_wrap buffer for encryption.
         That includes authentication, so we don't have to do
         anything further.  */
return;
  }

  buf_to_net = cvs_gssapi_wrap_buffer_initialize (buf_to_net, 0,
				    gcontext,
				    buf_to_net->memory_error);
  buf_from_net = cvs_gssapi_wrap_buffer_initialize (buf_from_net, 1,
				      gcontext,
				      buf_from_net->memory_error);

  cvs_gssapi_wrapping = 1;
2398}

2400#endif /* HAVE_GSSAPI */
2401
2402#ifdef SERVER_FLOWCONTROL
2403/* The maximum we'll queue to the remote client before blocking.  */
2404# ifndef SERVER_HI_WATER(2 * 1024 * 1024)
2405#  define SERVER_HI_WATER(2 * 1024 * 1024) (2 * 1024 * 1024)
2406# endif /* SERVER_HI_WATER */
2407/* When the buffer drops to this, we restart the child */
2408# ifndef SERVER_LO_WATER(1 * 1024 * 1024)
2409#  define SERVER_LO_WATER(1 * 1024 * 1024) (1 * 1024 * 1024)
2410# endif /* SERVER_LO_WATER */

2412static int set_nonblock_fd PROTO((int))(int);

2414/*
* Set buffer BUF to non-blocking I/O.  Returns 0 for success or errno
* code.
*/

2419static int
2420set_nonblock_fd (fd)
   int fd;
2422{
  int flags;

  flags = fcntl (fd, F_GETFL3, 0);
  if (flags < 0)
return errno(*__errno());
  if (fcntl (fd, F_SETFL4, flags | O_NONBLOCK0x0004) < 0)
return errno(*__errno());
  return 0;
2431}

2433#endif /* SERVER_FLOWCONTROL */
2434
2435static void serve_questionable PROTO((char *))(char *);

2437static void
2438serve_questionable (arg)
  char *arg;
2440{
  static int initted;

  if (!initted)
  {
/* Pick up ignores from CVSROOTADM_IGNORE, $HOME/.cvsignore on server,
  and CVSIGNORE on server.  */
ign_setup ();
initted = 1;
  }

  if (dir_name == NULL((void*)0))
  {
buf_output0 (buf_to_net, "E Protocol error: 'Directory' missing");
return;
  }

  if (outside_dir (arg))
return;

  if (!ign_name (arg))
  {
char *update_dir;

buf_output (buf_to_net, "M ? ", 4);
update_dir = dir_name + strlen (server_temp_dir) + 1;
if (!(update_dir[0] == '.' && update_dir[1] == '\0'))
{
   buf_output0 (buf_to_net, update_dir);
   buf_output (buf_to_net, "/", 1);
}
buf_output0 (buf_to_net, arg);
buf_output (buf_to_net, "\n", 1);
  }
2474}

2476static void serve_case PROTO ((char *))(char *);

2478static void
2479serve_case (arg)
  char *arg;
2481{
  ign_case = 1;
2483}
2484
2485static struct buffer *protocol;

2487/* This is the output which we are saving up to send to the server, in the
 child process.  We will push it through, via the `protocol' buffer, when
 we have a complete line.  */
2490static struct buffer *saved_output;
2491/* Likewise, but stuff which will go to stderr.  */
2492static struct buffer *saved_outerr;
2493
2494static void
2495protocol_memory_error (buf)
  struct buffer *buf;
2497{
  error (1, ENOMEM12, "Virtual memory exhausted");
2499}

2501/*
* Process IDs of the subprocess, or negative if that subprocess
* does not exist.
*/
2505static pid_t command_pid;

2507static void
2508outbuf_memory_error (buf)
  struct buffer *buf;
2510{
  static const char msg[] = "E Fatal server error\n\
2512error ENOMEM Virtual memory exhausted.\n";
  if (command_pid > 0)
kill (command_pid, SIGTERM15);

  /*
   * We have arranged things so that printing this now either will
   * be legal, or the "E fatal error" line will get glommed onto the
   * end of an existing "E" or "M" response.
   */

  /* If this gives an error, not much we could do.  syslog() it?  */
  write (STDOUT_FILENO1, msg, sizeof (msg) - 1);
2524#ifdef HAVE_SYSLOG_H1
  syslog (LOG_DAEMON(3<<3) | LOG_ERR3, "virtual memory exhausted");
2526#endif
  error_exit ();
2528}

2530static void
2531input_memory_error (buf)
   struct buffer *buf;
2533{
  outbuf_memory_error (buf);
2535}
2536


2539/* If command is legal, return 1.
* Else if command is illegal and croak_on_illegal is set, then die.
* Else just return 0 to indicate that command is illegal.
*/
2543static int
2544check_command_legal_p (cmd_name)
  char *cmd_name;
2546{
  /* Right now, only pserver notices illegal commands -- namely,
   * write attempts by a read-only user.  Therefore, if CVS_Username
   * is not set, this just returns 1, because CVS_Username unset
   * means pserver is not active.
   */
2552#ifdef AUTH_SERVER_SUPPORT
  if (CVS_Username == NULL((void*)0))
      return 1;

  if (lookup_command_attribute (cmd_name) & CVS_CMD_MODIFIES_REPOSITORY4)
  {
      /* This command has the potential to modify the repository, so
       * we check if the user have permission to do that.
       *
       * (Only relevant for remote users -- local users can do
       * whatever normal Unix file permissions allow them to do.)
       *
       * The decision method:
       *
       *    If $CVSROOT/CVSADMROOT_READERS exists and user is listed
       *    in it, then read-only access for user.
       *
       *    Or if $CVSROOT/CVSADMROOT_WRITERS exists and user NOT
       *    listed in it, then also read-only access for user.
       *
       *    Else read-write access for user.
       */

       char *linebuf = NULL((void*)0);
       int num_red = 0;
       size_t linebuf_len = 0;
       char *fname;
       size_t flen;
       FILE *fp;
       int found_it = 0;
       
       /* else */
       flen = strlen (current_parsed_root->directory)
              + strlen (CVSROOTADM"CVSROOT")
              + strlen (CVSROOTADM_READERS"readers")
              + 3;

       fname = xmalloc (flen);
       (void) sprintf (fname, "%s/%s/%s", current_parsed_root->directory,
	CVSROOTADM"CVSROOT", CVSROOTADM_READERS"readers");

       fp = fopen (fname, "r");

       if (fp == NULL((void*)0))
{
    if (!existence_error (errno)(((*__errno())) == 2))
    {
 /* Need to deny access, so that attackers can't fool
    us with some sort of denial of service attack.  */
 error (0, errno(*__errno()), "cannot open %s", fname);
 free (fname);
 return 0;
    }
}
       else  /* successfully opened readers file */
       {
           while ((num_red = get_line (&linebuf, &linebuf_len, fp)) >= 0)
           {
               /* Hmmm, is it worth importing my own readline
                  library into CVS?  It takes care of chopping
                  leading and trailing whitespace, "#" comments, and
                  newlines automatically when so requested.  Would
                  save some code here...  -kff */

               /* Chop newline by hand, for strcmp()'s sake. */
               if (num_red > 0 && linebuf[num_red - 1] == '\n')
                   linebuf[num_red - 1] = '\0';

               if (strcmp (linebuf, CVS_Username) == 0)
                   goto handle_illegal;
           }
    if (num_red < 0 && !feof (fp)(!__isthreaded ? (((fp)->_flags & 0x0020) != 0) : (feof
)(fp)))
 error (0, errno(*__errno()), "cannot read %s", fname);

           /* If not listed specifically as a reader, then this user
              has write access by default unless writers are also
              specified in a file . */
    if (fclose (fp) < 0)
 error (0, errno(*__errno()), "cannot close %s", fname);
       }
free (fname);

/* Now check the writers file.  */

       flen = strlen (current_parsed_root->directory)
              + strlen (CVSROOTADM"CVSROOT")
              + strlen (CVSROOTADM_WRITERS"writers")
              + 3;

       fname = xmalloc (flen);
       (void) sprintf (fname, "%s/%s/%s", current_parsed_root->directory,
	CVSROOTADM"CVSROOT", CVSROOTADM_WRITERS"writers");

       fp = fopen (fname, "r");

       if (fp == NULL((void*)0))
       {
    if (linebuf)
        free (linebuf);
    if (existence_error (errno)(((*__errno())) == 2))
    {
 /* Writers file does not exist, so everyone is a writer,
    by default.  */
 free (fname);
 return 1;
    }
    else
    {
 /* Need to deny access, so that attackers can't fool
    us with some sort of denial of service attack.  */
 error (0, errno(*__errno()), "cannot read %s", fname);
 free (fname);
 return 0;
    }
       }

       found_it = 0;
       while ((num_red = get_line (&linebuf, &linebuf_len, fp)) >= 0)
       {
           /* Chop newline by hand, for strcmp()'s sake. */
           if (num_red > 0 && linebuf[num_red - 1] == '\n')
               linebuf[num_red - 1] = '\0';
         
           if (strcmp (linebuf, CVS_Username) == 0)
           {
               found_it = 1;
               break;
           }
       }
if (num_red < 0 && !feof (fp)(!__isthreaded ? (((fp)->_flags & 0x0020) != 0) : (feof
)(fp)))
    error (0, errno(*__errno()), "cannot read %s", fname);

       if (found_it)
       {
           if (fclose (fp) < 0)
 error (0, errno(*__errno()), "cannot close %s", fname);
           if (linebuf)
               free (linebuf);
    free (fname);
           return 1;
       }
       else   /* writers file exists, but this user not listed in it */
       {
       handle_illegal:
           if (fclose (fp) < 0)
 error (0, errno(*__errno()), "cannot close %s", fname);
           if (linebuf)
               free (linebuf);
    free (fname);
    return 0;
       }
  }
2704#endif /* AUTH_SERVER_SUPPORT */

  /* If ever reach end of this function, command must be legal. */
  return 1;
2708}


2711
2712/* Execute COMMAND in a subprocess with the approriate funky things done.  */

2714static struct fd_set_wrapper { fd_set fds; } command_fds_to_drain;
2715static int max_command_fd;

2717#ifdef SERVER_FLOWCONTROL
2718static int flowcontrol_pipe[2];
2719#endif /* SERVER_FLOWCONTROL */

2721static void
2722do_cvs_command (cmd_name, command)
  char *cmd_name;
  int (*command) PROTO((int argc, char **argv))(int argc, char **argv);
2725{
  /*
   * The following file descriptors are set to -1 if that file is not
   * currently open.
   */

  /* Data on these pipes is a series of '\n'-terminated lines.  */
  int stdout_pipe[2];
  int stderr_pipe[2];

  /*
   * Data on this pipe is a series of counted (see buf_send_counted)
   * packets.  Each packet must be processed atomically (i.e. not
   * interleaved with data from stdout_pipe or stderr_pipe).
   */
  int protocol_pipe[2];
  
  int dev_null_fd = -1;

  int errs;

  command_pid = -1;
  stdout_pipe[0] = -1;
  stdout_pipe[1] = -1;
  stderr_pipe[0] = -1;
  stderr_pipe[1] = -1;
  protocol_pipe[0] = -1;
  protocol_pipe[1] = -1;

  server_write_entries ();

  if (print_pending_error ())
goto free_args_and_return;

  /* Global `command_name' is probably "server" right now -- only
     serve_export() sets it to anything else.  So we will use local
     parameter `cmd_name' to determine if this command is legal for
     this user.  */
  if (!check_command_legal_p (cmd_name))
  {
buf_output0 (buf_to_net, "E ");
buf_output0 (buf_to_net, program_name);
buf_output0 (buf_to_net, " [server aborted]: \"");
buf_output0 (buf_to_net, cmd_name);
buf_output0 (buf_to_net, "\" requires write access to the repository\n\
2770error  \n");
goto free_args_and_return;
  }

  (void) server_notify ();

  /*
   * We use a child process which actually does the operation.  This
   * is so we can intercept its standard output.  Even if all of CVS
   * were written to go to some special routine instead of writing
   * to stdout or stderr, we would still need to do the same thing
   * for the RCS commands.
   */

  if (pipe (stdout_pipe) < 0)
  {
buf_output0 (buf_to_net, "E pipe failed\n");
print_error (errno(*__errno()));
goto error_exit;
  }
  if (pipe (stderr_pipe) < 0)
  {
buf_output0 (buf_to_net, "E pipe failed\n");
print_error (errno(*__errno()));
goto error_exit;
  }
  if (pipe (protocol_pipe) < 0)
  {
buf_output0 (buf_to_net, "E pipe failed\n");
print_error (errno(*__errno()));
goto error_exit;
  }
2802#ifdef SERVER_FLOWCONTROL
  if (pipe (flowcontrol_pipe) < 0)
  {
buf_output0 (buf_to_net, "E pipe failed\n");
print_error (errno(*__errno()));
goto error_exit;
  }
  set_nonblock_fd (flowcontrol_pipe[0]);
  set_nonblock_fd (flowcontrol_pipe[1]);
2811#endif /* SERVER_FLOWCONTROL */

  dev_null_fd = CVS_OPENopen (DEVNULL"/dev/null", O_RDONLY0x0000);
  if (dev_null_fd < 0)
  {
buf_output0 (buf_to_net, "E open /dev/null failed\n");
print_error (errno(*__errno()));
goto error_exit;
  }

  /* We shouldn't have any partial lines from cvs_output and
     cvs_outerr, but we handle them here in case there is a bug.  */
  /* FIXME: appending a newline, rather than using "MT" as we
     do in the child process, is probably not really a very good
     way to "handle" them.  */
  if (! buf_empty_p (saved_output))
  {
buf_append_char (saved_output, '\n');
buf_copy_lines (buf_to_net, saved_output, 'M');
  }
  if (! buf_empty_p (saved_outerr))
  {
buf_append_char (saved_outerr, '\n');
buf_copy_lines (buf_to_net, saved_outerr, 'E');
  }

  /* Flush out any pending data.  */
  buf_flush (buf_to_net, 1);

  /* Don't use vfork; we're not going to exec().  */
  command_pid = fork ();
  if (command_pid < 0)
  {
buf_output0 (buf_to_net, "E fork failed\n");
print_error (errno(*__errno()));
goto error_exit;
  }
  if (command_pid == 0)
  {
int exitstatus;

/* Since we're in the child, and the parent is going to take
  care of packaging up our error messages, we can clear this
  flag.  */
error_use_protocol = 0;

protocol = fd_buffer_initialize (protocol_pipe[1], 0,
			 protocol_memory_error);

/* At this point we should no longer be using buf_to_net and
         buf_from_net.  Instead, everything should go through
         protocol.  */
buf_to_net = NULL((void*)0);
buf_from_net = NULL((void*)0);

/* These were originally set up to use outbuf_memory_error.
         Since we're now in the child, we should use the simpler
         protocol_memory_error function.  */
saved_output->memory_error = protocol_memory_error;
saved_outerr->memory_error = protocol_memory_error;

if (dup2 (dev_null_fd, STDIN_FILENO0) < 0)
   error (1, errno(*__errno()), "can't set up pipes");
if (dup2 (stdout_pipe[1], STDOUT_FILENO1) < 0)
   error (1, errno(*__errno()), "can't set up pipes");
if (dup2 (stderr_pipe[1], STDERR_FILENO2) < 0)
   error (1, errno(*__errno()), "can't set up pipes");
close (dev_null_fd);
close (stdout_pipe[0]);
close (stdout_pipe[1]);
close (stderr_pipe[0]);
close (stderr_pipe[1]);
close (protocol_pipe[0]);
close_on_exec (protocol_pipe[1]);
2885#ifdef SERVER_FLOWCONTROL
close_on_exec (flowcontrol_pipe[0]);
close (flowcontrol_pipe[1]);
2888#endif /* SERVER_FLOWCONTROL */

/*
* Set this in .bashrc if you want to give yourself time to attach
* to the subprocess with a debugger.
*/
if (getenv ("CVS_SERVER_SLEEP"))
{
   int secs = atoi (getenv ("CVS_SERVER_SLEEP"));
   sleep (secs);
}

exitstatus = (*command) (argument_count, argument_vector);

/* Output any partial lines.  If the client doesn't support
  "MT", we go ahead and just tack on a newline since the
  protocol doesn't support anything better.  */
if (! buf_empty_p (saved_output))
{
   buf_output0 (protocol, supported_response ("MT") ? "MT text " : "M ");
   buf_append_buffer (protocol, saved_output);
   buf_output (protocol, "\n", 1);
   buf_send_counted (protocol);
}
/* For now we just discard partial lines on stderr.  I suspect
  that CVS can't write such lines unless there is a bug.  */

/*
* When we exit, that will close the pipes, giving an EOF to
* the parent.
*/
buf_free (protocol);
exit (exitstatus);
  }

  /* OK, sit around getting all the input from the child.  */
  {
struct buffer *stdoutbuf;
struct buffer *stderrbuf;
struct buffer *protocol_inbuf;
/* Number of file descriptors to check in select ().  */
int num_to_check;
int count_needed = 1;
2931#ifdef SERVER_FLOWCONTROL
int have_flowcontrolled = 0;
2933#endif /* SERVER_FLOWCONTROL */

FD_ZERO (&command_fds_to_drain.fds)do { fd_set *_p = (&command_fds_to_drain.fds); __size_t _n
 = (((1024) + ((((unsigned)(sizeof(__fd_mask) * 8))) - 1)) / (
((unsigned)(sizeof(__fd_mask) * 8)))); while (_n > 0) _p->
fds_bits[--_n] = 0; } while (0);
num_to_check = stdout_pipe[0];
FD_SET (stdout_pipe[0], &command_fds_to_drain.fds)__fd_set((stdout_pipe[0]), (&command_fds_to_drain.fds));
if (stderr_pipe[0] > num_to_check)
 num_to_check = stderr_pipe[0];
FD_SET (stderr_pipe[0], &command_fds_to_drain.fds)__fd_set((stderr_pipe[0]), (&command_fds_to_drain.fds));
if (protocol_pipe[0] > num_to_check)
 num_to_check = protocol_pipe[0];
FD_SET (protocol_pipe[0], &command_fds_to_drain.fds)__fd_set((protocol_pipe[0]), (&command_fds_to_drain.fds));
if (STDOUT_FILENO1 > num_to_check)
 num_to_check = STDOUT_FILENO1;
max_command_fd = num_to_check;
/*
* File descriptors are numbered from 0, so num_to_check needs to
* be one larger than the largest descriptor.
*/
++num_to_check;
if (num_to_check > FD_SETSIZE1024)
{
   buf_output0 (buf_to_net,
	 "E internal error: FD_SETSIZE not big enough.\n\
2956error  \n");
   goto error_exit;
}

stdoutbuf = fd_buffer_initialize (stdout_pipe[0], 1,
			  input_memory_error);

stderrbuf = fd_buffer_initialize (stderr_pipe[0], 1,
			  input_memory_error);

protocol_inbuf = fd_buffer_initialize (protocol_pipe[0], 1,
			       input_memory_error);

set_nonblock (buf_to_net);
set_nonblock (stdoutbuf);
set_nonblock (stderrbuf);
set_nonblock (protocol_inbuf);

if (close (stdout_pipe[1]) < 0)
{
   buf_output0 (buf_to_net, "E close failed\n");
   print_error (errno(*__errno()));
   goto error_exit;
}
stdout_pipe[1] = -1;

if (close (stderr_pipe[1]) < 0)
{
   buf_output0 (buf_to_net, "E close failed\n");
   print_error (errno(*__errno()));
   goto error_exit;
}
stderr_pipe[1] = -1;

if (close (protocol_pipe[1]) < 0)
{
   buf_output0 (buf_to_net, "E close failed\n");
   print_error (errno(*__errno()));
   goto error_exit;
}
protocol_pipe[1] = -1;

2998#ifdef SERVER_FLOWCONTROL
if (close (flowcontrol_pipe[0]) < 0)
{
   buf_output0 (buf_to_net, "E close failed\n");
   print_error (errno(*__errno()));
   goto error_exit;
}
flowcontrol_pipe[0] = -1;
3006#endif /* SERVER_FLOWCONTROL */

if (close (dev_null_fd) < 0)
{
   buf_output0 (buf_to_net, "E close failed\n");
   print_error (errno(*__errno()));
   goto error_exit;
}
dev_null_fd = -1;

while (stdout_pipe[0] >= 0
      || stderr_pipe[0] >= 0
      || protocol_pipe[0] >= 0
      || count_needed <= 0)
{
   fd_set readfds;
   fd_set writefds;
   int numfds;
3024#ifdef SERVER_FLOWCONTROL
   int bufmemsize;
   struct timeval *timeout_ptr;
   struct timeval timeout;

   /*
    * See if we are swamping the remote client and filling our VM.
    * Tell child to hold off if we do.
    */
   bufmemsize = buf_count_mem (buf_to_net);
   if (!have_flowcontrolled && (bufmemsize > SERVER_HI_WATER(2 * 1024 * 1024)))
   {
if (write(flowcontrol_pipe[1], "S", 1) == 1)
    have_flowcontrolled = 1;
   }
   else if (have_flowcontrolled && (bufmemsize < SERVER_LO_WATER(1 * 1024 * 1024)))
   {
if (write(flowcontrol_pipe[1], "G", 1) == 1)
    have_flowcontrolled = 0;
   }
3044#endif /* SERVER_FLOWCONTROL */

   FD_ZERO (&readfds)do { fd_set *_p = (&readfds); __size_t _n = (((1024) + ((
((unsigned)(sizeof(__fd_mask) * 8))) - 1)) / (((unsigned)(sizeof
(__fd_mask) * 8)))); while (_n > 0) _p->fds_bits[--_n] =
 0; } while (0);
   FD_ZERO (&writefds)do { fd_set *_p = (&writefds); __size_t _n = (((1024) + (
(((unsigned)(sizeof(__fd_mask) * 8))) - 1)) / (((unsigned)(sizeof
(__fd_mask) * 8)))); while (_n > 0) _p->fds_bits[--_n] =
 0; } while (0);

   if (count_needed <= 0)
   {
/* there is data pending which was read from the protocol pipe
 * so don't block if we don't find any data
 */
timeout.tv_sec = 0;
timeout.tv_usec = 0;
timeout_ptr = &timeout;
   }
   else
   {
/* block indefinately */
timeout_ptr = NULL((void*)0);
   }

   if (! buf_empty_p (buf_to_net))
FD_SET (STDOUT_FILENO, &writefds)__fd_set((1), (&writefds));

   if (stdout_pipe[0] >= 0)
   {
FD_SET (stdout_pipe[0], &readfds)__fd_set((stdout_pipe[0]), (&readfds));
   }
   if (stderr_pipe[0] >= 0)
   {
FD_SET (stderr_pipe[0], &readfds)__fd_set((stderr_pipe[0]), (&readfds));
   }
   if (protocol_pipe[0] >= 0
3076#ifdef SERVER_FLOWCONTROL
   && !have_flowcontrolled
3078#endif
   )
   {
FD_SET (protocol_pipe[0], &readfds)__fd_set((protocol_pipe[0]), (&readfds));
   }

   /* This process of selecting on the three pipes means that
    we might not get output in the same order in which it
    was written, thus producing the well-known
    "out-of-order" bug.  If the child process uses
    cvs_output and cvs_outerr, it will send everything on
    the protocol_pipe and avoid this problem, so the
    solution is to use cvs_output and cvs_outerr in the
    child process.  */
   do {
/* This used to select on exceptions too, but as far
                 as I know there was never any reason to do that and
                 SCO doesn't let you select on exceptions on pipes.  */
numfds = select (num_to_check, &readfds, &writefds,
		 (fd_set *)0, timeout_ptr);
if (numfds < 0
	&& errno(*__errno()) != EINTR4)
{
    buf_output0 (buf_to_net, "E select failed\n");
    print_error (errno(*__errno()));
    goto error_exit;
}
   } while (numfds < 0);

   if (numfds == 0)
   {
FD_ZERO (&readfds)do { fd_set *_p = (&readfds); __size_t _n = (((1024) + ((
((unsigned)(sizeof(__fd_mask) * 8))) - 1)) / (((unsigned)(sizeof
(__fd_mask) * 8)))); while (_n > 0) _p->fds_bits[--_n] =
 0; } while (0);
FD_ZERO (&writefds)do { fd_set *_p = (&writefds); __size_t _n = (((1024) + (
(((unsigned)(sizeof(__fd_mask) * 8))) - 1)) / (((unsigned)(sizeof
(__fd_mask) * 8)))); while (_n > 0) _p->fds_bits[--_n] =
 0; } while (0);
   }

   if (FD_ISSET (STDOUT_FILENO, &writefds)__fd_isset((1), (&writefds)))
   {
/* What should we do with errors?  syslog() them?  */
buf_send_output (buf_to_net);
   }

   if (protocol_pipe[0] >= 0
&& (FD_ISSET (protocol_pipe[0], &readfds)__fd_isset((protocol_pipe[0]), (&readfds))))
   {
int status;
int count_read;

status = buf_input_data (protocol_inbuf, &count_read);

if (status == -1)
{
    close (protocol_pipe[0]);
    protocol_pipe[0] = -1;
}
else if (status > 0)
{
    buf_output0 (buf_to_net, "E buf_input_data failed\n");
    print_error (status);
    goto error_exit;
}

/*
 * We only call buf_copy_counted if we have read
 * enough bytes to make it worthwhile.  This saves us
 * from continually recounting the amount of data we
 * have.
 */
count_needed -= count_read;
   }
   /* this is still part of the protocol pipe procedure, but it is
    * outside the above conditional so that unprocessed data can be
    * left in the buffer and stderr/stdout can be read when a flush
    * signal is received and control can return here without passing
    * through the select code and maybe blocking
    */
   while (count_needed <= 0)
   {
int special = 0;

count_needed = buf_copy_counted (buf_to_net,
				     protocol_inbuf,
				     &special);

/* What should we do with errors?  syslog() them?  */
buf_send_output (buf_to_net);

/* If SPECIAL got set to <0, it means that the child
 * wants us to flush the pipe & maybe stderr or stdout.
 *
 * After that we break to read stderr & stdout again before
 * going back to the protocol pipe
 *
 * Upon breaking, count_needed = 0, so the next pass will only
 * perform a non-blocking select before returning here to finish
 * processing data we already read from the protocol buffer
 */
 if (special == -1)
 {
     cvs_flushout();
     break;
 }
if (special == -2)
{
    /* If the client supports the 'F' command, we send it. */
    if (supported_response ("F"))
    {
	buf_append_char (buf_to_net, 'F');
	buf_append_char (buf_to_net, '\n');
    }
    cvs_flusherr ();
    break;
}
   }

   if (stdout_pipe[0] >= 0
&& (FD_ISSET (stdout_pipe[0], &readfds)__fd_isset((stdout_pipe[0]), (&readfds))))
   {
       int status;

       status = buf_input_data (stdoutbuf, (int *) NULL((void*)0));

buf_copy_lines (buf_to_net, stdoutbuf, 'M');

if (status == -1)
{
    close (stdout_pipe[0]);
    stdout_pipe[0] = -1;
}
else if (status > 0)
{
    buf_output0 (buf_to_net, "E buf_input_data failed\n");
    print_error (status);
    goto error_exit;
}

/* What should we do with errors?  syslog() them?  */
buf_send_output (buf_to_net);
   }

   if (stderr_pipe[0] >= 0
&& (FD_ISSET (stderr_pipe[0], &readfds)__fd_isset((stderr_pipe[0]), (&readfds))))
   {
       int status;

       status = buf_input_data (stderrbuf, (int *) NULL((void*)0));

buf_copy_lines (buf_to_net, stderrbuf, 'E');

if (status == -1)
{
    close (stderr_pipe[0]);
    stderr_pipe[0] = -1;
}
else if (status > 0)
{
    buf_output0 (buf_to_net, "E buf_input_data failed\n");
    print_error (status);
    goto error_exit;
}

/* What should we do with errors?  syslog() them?  */
buf_send_output (buf_to_net);
   }
}

/*
* OK, we've gotten EOF on all the pipes.  If there is
* anything left on stdoutbuf or stderrbuf (this could only
* happen if there was no trailing newline), send it over.
*/
if (! buf_empty_p (stdoutbuf))
{
   buf_append_char (stdoutbuf, '\n');
   buf_copy_lines (buf_to_net, stdoutbuf, 'M');
}
if (! buf_empty_p (stderrbuf))
{
   buf_append_char (stderrbuf, '\n');
   buf_copy_lines (buf_to_net, stderrbuf, 'E');
}
if (! buf_empty_p (protocol_inbuf))
   buf_output0 (buf_to_net,
	 "E Protocol error: uncounted data discarded\n");

3262#ifdef SERVER_FLOWCONTROL
close (flowcontrol_pipe[1]);
flowcontrol_pipe[1] = -1;
3265#endif /* SERVER_FLOWCONTROL */

errs = 0;

while (command_pid > 0)
{
   int status;
   pid_t waited_pid;
   waited_pid = waitpid (command_pid, &status, 0);
   if (waited_pid < 0)
   {
/*
 * Intentionally ignoring EINTR.  Other errors
 * "can't happen".
 */
continue;
   }
   
   if (WIFEXITED (status)(((status) & 0177) == 0))
errs += WEXITSTATUS (status)(int)(((unsigned)(status) >> 8) & 0xff);
   else
   {
       int sig = WTERMSIG (status)(((status) & 0177));
       char buf[50];
/*
 * This is really evil, because signals might be numbered
 * differently on the two systems.  We should be using
 * signal names (either of the "Terminated" or the "SIGTERM"
 * variety).  But cvs doesn't currently use libiberty...we
 * could roll our own....  FIXME.
 */
buf_output0 (buf_to_net, "E Terminated with fatal signal ");
sprintf (buf, "%d\n", sig);
buf_output0 (buf_to_net, buf);

/* Test for a core dump.  Is this portable?  */
if (status & 0x80)
{
    buf_output0 (buf_to_net, "E Core dumped; preserving ");
    buf_output0 (buf_to_net, orig_server_temp_dir);
    buf_output0 (buf_to_net, " on server.\n\
3306E CVS locks may need cleaning up.\n");
    dont_delete_temp = 1;
}
++errs;
   }
   if (waited_pid == command_pid)
command_pid = -1;
}

/*
* OK, we've waited for the child.  By now all CVS locks are free
* and it's OK to block on the network.
*/
set_block (buf_to_net);
buf_flush (buf_to_net, 1);
buf_shutdown (protocol_inbuf);
buf_free (protocol_inbuf);
buf_shutdown (stderrbuf);
buf_free (stderrbuf);
buf_shutdown (stdoutbuf);
buf_free (stdoutbuf);
  }

  if (errs)
/* We will have printed an error message already.  */
buf_output0 (buf_to_net, "error  \n");
  else
buf_output0 (buf_to_net, "ok\n");
  goto free_args_and_return;

error_exit:
  if (command_pid > 0)
kill (command_pid, SIGTERM15);

  while (command_pid > 0)
  {
pid_t waited_pid;
waited_pid = waitpid (command_pid, (int *) 0, 0);
if (waited_pid < 0 && errno(*__errno()) == EINTR4)
   continue;
if (waited_pid == command_pid)
   command_pid = -1;
  }

  close (dev_null_fd);
  close (protocol_pipe[0]);
  close (protocol_pipe[1]);
  close (stderr_pipe[0]);
  close (stderr_pipe[1]);
  close (stdout_pipe[0]);
  close (stdout_pipe[1]);
3357#ifdef SERVER_FLOWCONTROL
  close (flowcontrol_pipe[0]);
  close (flowcontrol_pipe[1]);
3360#endif /* SERVER_FLOWCONTROL */

free_args_and_return:
  /* Now free the arguments.  */
  {
/* argument_vector[0] is a dummy argument, we don't mess with it.  */
char **cp;
for (cp = argument_vector + 1;
    cp < argument_vector + argument_count;
    ++cp)
   free (*cp);

argument_count = 1;
  }

  /* Flush out any data not yet sent.  */
  set_block (buf_to_net);
  buf_flush (buf_to_net, 1);

  return;
3380}
3381
3382#ifdef SERVER_FLOWCONTROL
3383/*
* Called by the child at convenient points in the server's execution for
* the server child to block.. ie: when it has no locks active.
*/
3387void
3388server_pause_check()
3389{
  int paused = 0;
  char buf[1];

  while (read (flowcontrol_pipe[0], buf, 1) == 1)
  {
if (*buf == 'S')	/* Stop */
   paused = 1;
else if (*buf == 'G')	/* Go */
   paused = 0;
else
   return;		/* ??? */
  }
  while (paused) {
int numfds, numtocheck;
fd_set fds;

FD_ZERO (&fds)do { fd_set *_p = (&fds); __size_t _n = (((1024) + ((((unsigned
)(sizeof(__fd_mask) * 8))) - 1)) / (((unsigned)(sizeof(__fd_mask
) * 8)))); while (_n > 0) _p->fds_bits[--_n] = 0; } while
 (0);
FD_SET (flowcontrol_pipe[0], &fds)__fd_set((flowcontrol_pipe[0]), (&fds));
numtocheck = flowcontrol_pipe[0] + 1;

do {
   numfds = select (numtocheck, &fds, (fd_set *)0,
	     (fd_set *)0, (struct timeval *)NULL((void*)0));
   if (numfds < 0
&& errno(*__errno()) != EINTR4)
   {
buf_output0 (buf_to_net, "E select failed\n");
print_error (errno(*__errno()));
return;
   }
} while (numfds < 0);
   
if (FD_ISSET (flowcontrol_pipe[0], &fds)__fd_isset((flowcontrol_pipe[0]), (&fds)))
{
   int got;

   while ((got = read (flowcontrol_pipe[0], buf, 1)) == 1)
   {
if (*buf == 'S')	/* Stop */
    paused = 1;
else if (*buf == 'G')	/* Go */
    paused = 0;
else
    return;		/* ??? */
   }

   /* This assumes that we are using BSD or POSIX nonblocking
             I/O.  System V nonblocking I/O returns zero if there is
             nothing to read.  */
   if (got == 0)
       error (1, 0, "flow control EOF");
   if (got < 0 && ! blocking_error (errno)(((*__errno())) == 35 || ((*__errno())) == 35))
   {
       error (1, errno(*__errno()), "flow control read failed");
   }
}
  }
3447}
3448#endif /* SERVER_FLOWCONTROL */
3449
3450/* This variable commented in server.h.  */
3451char *server_dir = NULL((void*)0);

3453static void output_dir PROTO((char *, char *))(char *, char *);

3455static void
3456output_dir (update_dir, repository)
  char *update_dir;
  char *repository;
3459{
  if (server_dir != NULL((void*)0))
  {
buf_output0 (protocol, server_dir);
buf_output0 (protocol, "/");
  }
  if (update_dir[0] == '\0')
buf_output0 (protocol, ".");
  else
buf_output0 (protocol, update_dir);
  buf_output0 (protocol, "/\n");
  buf_output0 (protocol, repository);
  buf_output0 (protocol, "/");
3472}
3473
3474/*
* Entries line that we are squirreling away to send to the client when
* we are ready.
*/
3478static char *entries_line;

3480/*
* File which has been Scratch_File'd, we are squirreling away that fact
* to inform the client when we are ready.
*/
3484static char *scratched_file;

3486/*
* The scratched_file will need to be removed as well as having its entry
* removed.
*/
3490static int kill_scratched_file;

3492void
3493server_register (name, version, timestamp, options, tag, date, conflict)
  char *name;
  char *version;
  char *timestamp;
  char *options;
  char *tag;
  char *date;
  char *conflict;
3501{
  int len;

  if (options == NULL((void*)0))
options = "";

  if (trace)
  {
(void) fprintf (stderr(&__sF[2]),
	"%s-> server_register(%s, %s, %s, %s, %s, %s, %s)\n",
	CLIENT_SERVER_STR((server_active) ? "S" : " "),
	name, version, timestamp ? timestamp : "", options,
	tag ? tag : "", date ? date : "",
	conflict ? conflict : "");
  }

  if (entries_line != NULL((void*)0))
  {
/*
* If CVS decides to Register it more than once (which happens
* on "cvs update foo/foo.c" where foo and foo.c are already
* checked out), use the last of the entries lines Register'd.
*/
free (entries_line);
  }

  /*
   * I have reports of Scratch_Entry and Register both happening, in
   * two different cases.  Using the last one which happens is almost
   * surely correct; I haven't tracked down why they both happen (or
   * even verified that they are for the same file).
   */
  if (scratched_file != NULL((void*)0))
  {
free (scratched_file);
scratched_file = NULL((void*)0);
  }

  len = (strlen (name) + strlen (version) + strlen (options) + 80);
  if (tag)
len += strlen (tag);
  if (date)
len += strlen (date);
  
  entries_line = xmalloc (len);
  sprintf (entries_line, "/%s/%s/", name, version);
  if (conflict != NULL((void*)0))
  {
strcat (entries_line, "+=");
  }
  strcat (entries_line, "/");
  strcat (entries_line, options);
  strcat (entries_line, "/");
  if (tag != NULL((void*)0))
  {
strcat (entries_line, "T");
strcat (entries_line, tag);
  }
  else if (date != NULL((void*)0))
  {
strcat (entries_line, "D");
strcat (entries_line, date);
  }
3564}

3566void
3567server_scratch (fname)
  char *fname;
3569{
  /*
   * I have reports of Scratch_Entry and Register both happening, in
   * two different cases.  Using the last one which happens is almost
   * surely correct; I haven't tracked down why they both happen (or
   * even verified that they are for the same file).
   *
   * Don't know if this is what whoever wrote the above comment was
   * talking about, but this can happen in the case where a join
   * removes a file - the call to Register puts the '-vers' into the
   * Entries file after the file is removed
   */
  if (entries_line != NULL((void*)0))
  {
free (entries_line);
entries_line = NULL((void*)0);
  }

  if (scratched_file != NULL((void*)0))
  {
buf_output0 (protocol,
     "E CVS server internal error: duplicate Scratch_Entry\n");
buf_send_counted (protocol);
return;
  }
  scratched_file = xstrdup (fname);
  kill_scratched_file = 1;
3596}

3598void
3599server_scratch_entry_only ()
3600{
  kill_scratched_file = 0;
3602}

3604/* Print a new entries line, from a previous server_register.  */
3605static void
3606new_entries_line ()
3607{
  if (entries_line)
  {
buf_output0 (protocol, entries_line);
buf_output (protocol, "\n", 1);
  }
  else
/* Return the error message as the Entries line.  */
buf_output0 (protocol,
     "CVS server internal error: Register missing\n");
  free (entries_line);
  entries_line = NULL((void*)0);
3619}
3620

3622static void
3623serve_ci (arg)
  char *arg;
3625{
  do_cvs_command ("commit", commit);
3627}

3629static void
3630checked_in_response (file, update_dir, repository)
  char *file;
  char *update_dir;
  char *repository;
3634{
  if (supported_response ("Mode"))
  {
struct stat sb;
char *mode_string;

if ( CVS_STATstat (file, &sb) < 0)
{
   /* Not clear to me why the file would fail to exist, but it
      was happening somewhere in the testsuite.  */
   if (!existence_error (errno)(((*__errno())) == 2))
error (0, errno(*__errno()), "cannot stat %s", file);
}
else
{
   buf_output0 (protocol, "Mode ");
   mode_string = mode_to_string (sb.st_mode);
   buf_output0 (protocol, mode_string);
   buf_output0 (protocol, "\n");
   free (mode_string);
}
  }

  buf_output0 (protocol, "Checked-in ");
  output_dir (update_dir, repository);
  buf_output0 (protocol, file);
  buf_output (protocol, "\n", 1);
  new_entries_line ();
3662}

3664void
3665server_checked_in (file, update_dir, repository)
  char *file;
  char *update_dir;
  char *repository;
3669{
  if (noexec)
return;
  if (scratched_file != NULL((void*)0) && entries_line == NULL((void*)0))
  {
/*
* This happens if we are now doing a "cvs remove" after a previous
* "cvs add" (without a "cvs ci" in between).
*/
buf_output0 (protocol, "Remove-entry ");
output_dir (update_dir, repository);
buf_output0 (protocol, file);
buf_output (protocol, "\n", 1);
free (scratched_file);
scratched_file = NULL((void*)0);
  }
  else
  {
checked_in_response (file, update_dir, repository);
  }
  buf_send_counted (protocol);
3690}

3692void
3693server_update_entries (file, update_dir, repository, updated)
  char *file;
  char *update_dir;
  char *repository;
  enum server_updated_arg4 updated;
3698{
  if (noexec)
return;
  if (updated == SERVER_UPDATED)
checked_in_response (file, update_dir, repository);
  else
  {
if (!supported_response ("New-entry"))
   return;
buf_output0 (protocol, "New-entry ");
output_dir (update_dir, repository);
buf_output0 (protocol, file);
buf_output (protocol, "\n", 1);
new_entries_line ();
  }

  buf_send_counted (protocol);
3715}
3716
3717static void
3718serve_update (arg)
  char *arg;
3720{
  do_cvs_command ("update", update);
3722}

3724static void
3725serve_diff (arg)
  char *arg;
3727{
  do_cvs_command ("diff", diff);
3729}

3731static void
3732serve_log (arg)
  char *arg;
3734{
  do_cvs_command ("log", cvslog);
3736}

3738static void
3739serve_rlog (arg)
  char *arg;
3741{
  /* Tell cvslog() to behave like rlog not log.  */
  command_name = "rlog";
  do_cvs_command ("rlog", cvslog);
3745}

3747static void
3748serve_add (arg)
  char *arg;
3750{
  do_cvs_command ("add", add);
3752}

3754static void
3755serve_remove (arg)
  char *arg;
3757{
  do_cvs_command ("remove", cvsremove);
3759}

3761static void
3762serve_status (arg)
  char *arg;
3764{
  do_cvs_command ("status", cvsstatus);
3766}

3768static void
3769serve_rdiff (arg)
  char *arg;
3771{
  do_cvs_command ("rdiff", patch);
3773}

3775static void
3776serve_tag (arg)
  char *arg;
3778{
  do_cvs_command ("cvstag", cvstag);
3780}

3782static void
3783serve_rtag (arg)
  char *arg;
3785{
  /* Tell cvstag() to behave like rtag not tag.  */
  command_name = "rtag";
  do_cvs_command ("rtag", cvstag);
3789}

3791static void
3792serve_import (arg)
  char *arg;
3794{
  do_cvs_command ("import", import);
3796}

3798static void
3799serve_admin (arg)
  char *arg;
3801{
  do_cvs_command ("admin", admin);
3803}

3805static void
3806serve_history (arg)
  char *arg;
3808{
  do_cvs_command ("history", history);
3810}

3812static void
3813serve_release (arg)
  char *arg;
3815{
  do_cvs_command ("release", release);
3817}

3819static void serve_watch_on PROTO ((char *))(char *);

3821static void
3822serve_watch_on (arg)
  char *arg;
3824{
  do_cvs_command ("watch_on", watch_on);
3826}

3828static void serve_watch_off PROTO ((char *))(char *);

3830static void
3831serve_watch_off (arg)
  char *arg;
3833{
  do_cvs_command ("watch_off", watch_off);
3835}

3837static void serve_watch_add PROTO ((char *))(char *);

3839static void
3840serve_watch_add (arg)
  char *arg;
3842{
  do_cvs_command ("watch_add", watch_add);
3844}

3846static void serve_watch_remove PROTO ((char *))(char *);

3848static void
3849serve_watch_remove (arg)
  char *arg;
3851{
  do_cvs_command ("watch_remove", watch_remove);
3853}

3855static void serve_watchers PROTO ((char *))(char *);

3857static void
3858serve_watchers (arg)
  char *arg;
3860{
  do_cvs_command ("watchers", watchers);
3862}

3864static void serve_editors PROTO ((char *))(char *);

3866static void
3867serve_editors (arg)
  char *arg;
3869{
  do_cvs_command ("editors", editors);
3871}

3873static void serve_noop PROTO ((char *))(char *);

3875static void
3876serve_noop (arg)
  char *arg;
3878{

  server_write_entries ();
  if (!print_pending_error ())
  {
(void) server_notify ();
buf_output0 (buf_to_net, "ok\n");
  }
  buf_flush (buf_to_net, 1);
3887}

3889static void serve_version PROTO ((char *))(char *);

3891static void
3892serve_version (arg)
  char *arg;
3894{
  do_cvs_command ("version", version);
3896}

3898static void serve_init PROTO ((char *))(char *);

3900static void
3901serve_init (arg)
  char *arg;
3903{
  if (!isabsolute (arg))
  {
if (alloc_pending (80 + strlen (arg)))
   sprintf (pending_error_text,
     "E Root %s must be an absolute pathname", arg);
/* Fall through to do_cvs_command which will return the
  actual error.  */
  }

  if (current_parsed_root != NULL((void*)0))
free_cvsroot_t (current_parsed_root);
  current_parsed_root = local_cvsroot (arg);

  do_cvs_command ("init", init);
3918}

3920static void serve_annotate PROTO ((char *))(char *);

3922static void
3923serve_annotate (arg)
  char *arg;
3925{
  do_cvs_command ("annotate", annotate);
3927}

3929static void serve_rannotate PROTO ((char *))(char *);

3931static void
3932serve_rannotate (arg)
  char *arg;
3934{
  /* Tell annotate() to behave like rannotate not annotate.  */
  command_name = "rannotate";
  do_cvs_command ("rannotate", annotate);
3938}
3939
3940static void
3941serve_co (arg)
  char *arg;
3943{
  char *tempdir;
  int status;

  if (print_pending_error ())
return;

  if (!isdir (CVSADM"CVS"))
  {
/*
* The client has not sent a "Repository" line.  Check out
* into a pristine directory.
*/
tempdir = malloc (strlen (server_temp_dir) + 80);
if (tempdir == NULL((void*)0))
{
   buf_output0 (buf_to_net, "E Out of memory\n");
   return;
}
strcpy (tempdir, server_temp_dir);
strcat (tempdir, "/checkout-dir");
status = mkdir_p (tempdir);
if (status != 0 && status != EEXIST17)
{
   buf_output0 (buf_to_net, "E Cannot create ");
   buf_output0 (buf_to_net, tempdir);
   buf_append_char (buf_to_net, '\n');
   print_error (errno(*__errno()));
   free (tempdir);
   return;
}

if ( CVS_CHDIRchdir (tempdir) < 0)
{
   buf_output0 (buf_to_net, "E Cannot change to directory ");
   buf_output0 (buf_to_net, tempdir);
   buf_append_char (buf_to_net, '\n');
   print_error (errno(*__errno()));
   free (tempdir);
   return;
}
free (tempdir);
  }

  /* Compensate for server_export()'s setting of command_name.
   *
   * [It probably doesn't matter if do_cvs_command() gets "export"
   *  or "checkout", but we ought to be accurate where possible.]
   */
  do_cvs_command ((strcmp (command_name, "export") == 0) ?
                  "export" : "checkout",
                  checkout);
3995}

3997static void
3998serve_export (arg)
  char *arg;
4000{
  /* Tell checkout() to behave like export not checkout.  */
  command_name = "export";
  serve_co (arg);
4004}
4005
4006void
4007server_copy_file (file, update_dir, repository, newfile)
  char *file;
  char *update_dir;
  char *repository;
  char *newfile;
4012{
  /* At least for now, our practice is to have the server enforce
     noexec for the repository and the client enforce it for the
     working directory.  This might want more thought, and/or
     documentation in cvsclient.texi (other responses do it
     differently).  */

  if (!supported_response ("Copy-file"))
return;
  buf_output0 (protocol, "Copy-file ");
  output_dir (update_dir, repository);
  buf_output0 (protocol, file);
  buf_output0 (protocol, "\n");
  buf_output0 (protocol, newfile);
  buf_output0 (protocol, "\n");
4027}

4029/* See server.h for description.  */

4031void
4032server_modtime (finfo, vers_ts)
  struct file_info *finfo;
  Vers_TS *vers_ts;
4035{
  char date[MAXDATELEN50];
  char outdate[MAXDATELEN50];

  assert (vers_ts->vn_rcs != NULL)((vers_ts->vn_rcs != ((void*)0)) ? (void)0 : __assert2("/usr/src/gnu/usr.bin/cvs/src/server.c"
, 4039, __func__, "vers_ts->vn_rcs != NULL"));

  if (!supported_response ("Mod-time"))
return;

  if (RCS_getrevtime (finfo->rcs, vers_ts->vn_rcs, date, 0) == (time_t) -1)
/* FIXME? should we be printing some kind of warning?  For one
  thing I'm not 100% sure whether this happens in non-error
  circumstances.  */
return;
  date_to_internet (outdate, date);
  buf_output0 (protocol, "Mod-time ");
  buf_output0 (protocol, outdate);
  buf_output0 (protocol, "\n");
4053}

4055/* See server.h for description.  */

4057#if defined (USE_PROTOTYPES) ? USE_PROTOTYPES : defined (__STDC__1)
4058/* Need to prototype because mode_t might be smaller than int.  */
4059void
4060server_updated (
  struct file_info *finfo,
  Vers_TS *vers,
  enum server_updated_arg4 updated,
  mode_t mode,
  unsigned char *checksum,
  struct buffer *filebuf)
4067#else
4068void
4069server_updated (finfo, vers, updated, mode, checksum, filebuf)
  struct file_info *finfo;
  Vers_TS *vers;
  enum server_updated_arg4 updated;
  mode_t mode;
  unsigned char *checksum;
  struct buffer *filebuf;
4076#endif
4077{
  if (noexec)
  {
/* Hmm, maybe if we did the same thing for entries_file, we
  could get rid of the kludges in server_register and
  server_scratch which refrain from warning if both
  Scratch_Entry and Register get called.  Maybe.  */
if (scratched_file)
{
   free (scratched_file);
   scratched_file = NULL((void*)0);
}
return;
  }

  if (entries_line != NULL((void*)0) && scratched_file == NULL((void*)0))
  {
FILE *f;
struct buffer_data *list, *last;
unsigned long size;
char size_text[80];

/* The contents of the file will be in one of filebuf,
  list/last, or here.  */
unsigned char *file;
size_t file_allocated;
size_t file_used;

if (filebuf != NULL((void*)0))
{
   size = buf_length (filebuf);
   if (mode == (mode_t) -1)
error (1, 0, "\
4110CVS server internal error: no mode in server_updated");
}
else
{
   struct stat sb;

   if ( CVS_STATstat (finfo->file, &sb) < 0)
   {
if (existence_error (errno)(((*__errno())) == 2))
{
    /* If we have a sticky tag for a branch on which
       the file is dead, and cvs update the directory,
       it gets a T_CHECKOUT but no file.  So in this
       case just forget the whole thing.  */
    free (entries_line);
    entries_line = NULL((void*)0);
    goto done;
}
error (1, errno(*__errno()), "reading %s", finfo->fullname);
   }
   size = sb.st_size;
   if (mode == (mode_t) -1)
   {
/* FIXME: When we check out files the umask of the
   server (set in .bashrc if rsh is in use) affects
   what mode we send, and it shouldn't.  */
mode = sb.st_mode;
   }
}

if (checksum != NULL((void*)0))
{
   static int checksum_supported = -1;

   if (checksum_supported == -1)
   {
checksum_supported = supported_response ("Checksum");
   }

   if (checksum_supported)
   {
       int i;
char buf[3];

       buf_output0 (protocol, "Checksum ");
for (i = 0; i < 16; i++)
{
    sprintf (buf, "%02x", (unsigned int) checksum[i]);
    buf_output0 (protocol, buf);
}
buf_append_char (protocol, '\n');
   }
}

if (updated == SERVER_UPDATED)
{
   Node *node;
   Entnode *entnode;

   if (!(supported_response ("Created")
  && supported_response ("Update-existing")))
buf_output0 (protocol, "Updated ");
   else
   {
assert (vers != NULL)((vers != ((void*)0)) ? (void)0 : __assert2("/usr/src/gnu/usr.bin/cvs/src/server.c"
, 4174, __func__, "vers != NULL"));
if (vers->ts_user == NULL((void*)0))
    buf_output0 (protocol, "Created ");
else
    buf_output0 (protocol, "Update-existing ");
   }

   /* Now munge the entries to say that the file is unmodified,
      in case we end up processing it again (e.g. modules3-6
      in the testsuite).  */
   node = findnode_fn (finfo->entries, finfo->file);
   entnode = (Entnode *)node->data;
   free (entnode->timestamp);
   entnode->timestamp = xstrdup ("=");
}
else if (updated == SERVER_MERGED)
   buf_output0 (protocol, "Merged ");
else if (updated == SERVER_PATCHED)
   buf_output0 (protocol, "Patched ");
else if (updated == SERVER_RCS_DIFF)
   buf_output0 (protocol, "Rcs-diff ");
else
   abort ();
output_dir (finfo->update_dir, finfo->repository);
buf_output0 (protocol, finfo->file);
buf_output (protocol, "\n", 1);

new_entries_line ();

      {
   char *mode_string;

   mode_string = mode_to_string (mode);
   buf_output0 (protocol, mode_string);
   buf_output0 (protocol, "\n");
   free (mode_string);
}

list = last = NULL((void*)0);

file = NULL((void*)0);
file_allocated = 0;
file_used = 0;

if (size > 0)
{
   /* Throughout this section we use binary mode to read the
      file we are sending.  The client handles any line ending
      translation if necessary.  */

   if (file_gzip_level
/*
 * For really tiny files, the gzip process startup
 * time will outweigh the compression savings.  This
 * might be computable somehow; using 100 here is just
 * a first approximation.
 */
&& size > 100)
   {
/* Basing this routine on read_and_gzip is not a
   high-performance approach.  But it seems easier
   to code than the alternative (and less
   vulnerable to subtle bugs).  Given that this feature
   is mainly for compatibility, that is the better
   tradeoff.  */

int fd;

/* Callers must avoid passing us a buffer if
                 file_gzip_level is set.  We could handle this case,
                 but it's not worth it since this case never arises
                 with a current client and server.  */
if (filebuf != NULL((void*)0))
    error (1, 0, "\
4248CVS server internal error: unhandled case in server_updated");

fd = CVS_OPENopen (finfo->file, O_RDONLY0x0000 | OPEN_BINARY(0), 0);
if (fd < 0)
    error (1, errno(*__errno()), "reading %s", finfo->fullname);
if (read_and_gzip (fd, finfo->fullname, &file,
		   &file_allocated, &file_used,
		   file_gzip_level))
    error (1, 0, "aborting due to compression error");
size = file_used;
if (close (fd) < 0)
    error (1, errno(*__errno()), "reading %s", finfo->fullname);
/* Prepending length with "z" is flag for using gzip here.  */
buf_output0 (protocol, "z");
   }
   else if (filebuf == NULL((void*)0))
   {
long status;

f = CVS_FOPENfopen (finfo->file, "rb");
if (f == NULL((void*)0))
    error (1, errno(*__errno()), "reading %s", finfo->fullname);
status = buf_read_file (f, size, &list, &last);
if (status == -2)
    (*protocol->memory_error) (protocol);
else if (status != 0)
    error (1, ferror (f)(!__isthreaded ? (((f)->_flags & 0x0040) != 0) : (ferror
)(f)) ? errno(*__errno()) : 0, "reading %s",
	   finfo->fullname);
if (fclose (f) == EOF(-1))
    error (1, errno(*__errno()), "reading %s", finfo->fullname);
   }
}

sprintf (size_text, "%lu\n", size);
buf_output0 (protocol, size_text);

if (file != NULL((void*)0))
{
   buf_output (protocol, (char *) file, file_used);
   free (file);
   file = NULL((void*)0);
}
else if (filebuf == NULL((void*)0))
   buf_append_data (protocol, list, last);
else
{
   buf_append_buffer (protocol, filebuf);
   buf_free (filebuf);
}
/* Note we only send a newline here if the file ended with one.  */

/*
* Avoid using up too much disk space for temporary files.
* A file which does not exist indicates that the file is up-to-date,
* which is now the case.  If this is SERVER_MERGED, the file is
* not up-to-date, and we indicate that by leaving the file there.
* I'm thinking of cases like "cvs update foo/foo.c foo".
*/
if ((updated == SERVER_UPDATED
    || updated == SERVER_PATCHED
    || updated == SERVER_RCS_DIFF)
   && filebuf == NULL((void*)0)
   /* But if we are joining, we'll need the file when we call
      join_file.  */
   && !joining ())
{
   if (CVS_UNLINKunlink (finfo->file) < 0)
error (0, errno(*__errno()), "cannot remove temp file for %s",
       finfo->fullname);
}
  }
  else if (scratched_file != NULL((void*)0) && entries_line == NULL((void*)0))
  {
if (strcmp (scratched_file, finfo->file) != 0)
   error (1, 0,
   "CVS server internal error: `%s' vs. `%s' scratched",
   scratched_file,
   finfo->file);
free (scratched_file);
scratched_file = NULL((void*)0);

if (kill_scratched_file)
   buf_output0 (protocol, "Removed ");
else
   buf_output0 (protocol, "Remove-entry ");
output_dir (finfo->update_dir, finfo->repository);
buf_output0 (protocol, finfo->file);
buf_output (protocol, "\n", 1);
/* keep the vers structure up to date in case we do a join
* - if there isn't a file, it can't very well have a version number, can it?
*
* we do it here on the assumption that since we just told the client
* to remove the file/entry, it will, and we want to remember that.
* If it fails, that's the client's problem, not ours
*/
if (vers && vers->vn_user != NULL((void*)0))
{
   free (vers->vn_user);
   vers->vn_user = NULL((void*)0);
}
if (vers && vers->ts_user != NULL((void*)0))
{
   free (vers->ts_user);
   vers->ts_user = NULL((void*)0);
}
  }
  else if (scratched_file == NULL((void*)0) && entries_line == NULL((void*)0))
  {
/*
* This can happen with death support if we were processing
* a dead file in a checkout.
*/
  }
  else
error (1, 0,
      "CVS server internal error: Register *and* Scratch_Entry.\n");
  buf_send_counted (protocol);
done:;
4366}

4368/* Return whether we should send patches in RCS format.  */

4370int
4371server_use_rcs_diff ()
4372{
  return supported_response ("Rcs-diff");
4374}

4376void
4377server_set_entstat (update_dir, repository)
  char *update_dir;
  char *repository;
4380{
  static int set_static_supported = -1;
  if (set_static_supported == -1)
set_static_supported = supported_response ("Set-static-directory");
  if (!set_static_supported) return;

  buf_output0 (protocol, "Set-static-directory ");
  output_dir (update_dir, repository);
  buf_output0 (protocol, "\n");
  buf_send_counted (protocol);
4390}

4392void
4393server_clear_entstat (update_dir, repository)
   char *update_dir;
   char *repository;
4396{
  static int clear_static_supported = -1;
  if (clear_static_supported == -1)
clear_static_supported = supported_response ("Clear-static-directory");
  if (!clear_static_supported) return;

  if (noexec)
return;

  buf_output0 (protocol, "Clear-static-directory ");
  output_dir (update_dir, repository);
  buf_output0 (protocol, "\n");
  buf_send_counted (protocol);
4409}
4410
4411void
4412server_set_sticky (update_dir, repository, tag, date, nonbranch)
  char *update_dir;
  char *repository;
  char *tag;
  char *date;
  int nonbranch;
4418{
  static int set_sticky_supported = -1;

  assert (update_dir != NULL)((update_dir != ((void*)0)) ? (void)0 : __assert2("/usr/src/gnu/usr.bin/cvs/src/server.c"
, 4421, __func__, "update_dir != NULL"));

  if (set_sticky_supported == -1)
set_sticky_supported = supported_response ("Set-sticky");
  if (!set_sticky_supported) return;

  if (noexec)
return;

  if (tag == NULL((void*)0) && date == NULL((void*)0))
  {
buf_output0 (protocol, "Clear-sticky ");
output_dir (update_dir, repository);
buf_output0 (protocol, "\n");
  }
  else
  {
buf_output0 (protocol, "Set-sticky ");
output_dir (update_dir, repository);
buf_output0 (protocol, "\n");
if (tag != NULL((void*)0))
{
   if (nonbranch)
buf_output0 (protocol, "N");
   else
buf_output0 (protocol, "T");
   buf_output0 (protocol, tag);
}
else
{
   buf_output0 (protocol, "D");
   buf_output0 (protocol, date);
}
buf_output0 (protocol, "\n");
  }
  buf_send_counted (protocol);
4457}
4458
4459struct template_proc_data
4460{
  char *update_dir;
  char *repository;
4463};

4465/* Here as a static until we get around to fixing Parse_Info to pass along
 a void * for it.  */
4467static struct template_proc_data *tpd;

4469static int
4470template_proc (repository, template)
  char *repository;
  char *template;
4473{
  FILE *fp;
  char buf[1024];
  size_t n;
  struct stat sb;
  struct template_proc_data *data = tpd;

  if (!supported_response ("Template"))
/* Might want to warn the user that the rcsinfo feature won't work.  */
return 0;
  buf_output0 (protocol, "Template ");
  output_dir (data->update_dir, data->repository);
  buf_output0 (protocol, "\n");

  fp = CVS_FOPENfopen (template, "rb");
  if (fp == NULL((void*)0))
  {
error (0, errno(*__errno()), "Couldn't open rcsinfo template file %s", template);
return 1;
  }
  if (fstat (fileno (fp)(!__isthreaded ? ((fp)->_file) : (fileno)(fp)), &sb) < 0)
  {
error (0, errno(*__errno()), "cannot stat rcsinfo template file %s", template);
return 1;
  }
  sprintf (buf, "%ld\n", (long) sb.st_size);
  buf_output0 (protocol, buf);
  while (!feof (fp)(!__isthreaded ? (((fp)->_flags & 0x0020) != 0) : (feof
)(fp)))
  {
n = fread (buf, 1, sizeof buf, fp);
buf_output (protocol, buf, n);
if (ferror (fp)(!__isthreaded ? (((fp)->_flags & 0x0040) != 0) : (ferror
)(fp)))
{
   error (0, errno(*__errno()), "cannot read rcsinfo template file %s", template);
   (void) fclose (fp);
   return 1;
}
  }
  if (fclose (fp) < 0)
error (0, errno(*__errno()), "cannot close rcsinfo template file %s", template);
  return 0;
4514}

4516void
4517server_template (update_dir, repository)
  char *update_dir;
  char *repository;
4520{
  struct template_proc_data data;
  data.update_dir = update_dir;
  data.repository = repository;
  tpd = &data;
  (void) Parse_Info (CVSROOTADM_RCSINFO"rcsinfo", repository, template_proc, 1);
4526}
4527
4528static void
4529serve_gzip_contents (arg)
   char *arg;
4531{
  int level;
  level = atoi (arg);
  if (level == 0)
level = 6;
  file_gzip_level = level;
4537}

4539static void
4540serve_gzip_stream (arg)
   char *arg;
4542{
  int level;
  level = atoi (arg);
  if (level == 0)
level = 6;

  /* All further communication with the client will be compressed.  */

  buf_to_net = compress_buffer_initialize (buf_to_net, 0, level,
			     buf_to_net->memory_error);
  buf_from_net = compress_buffer_initialize (buf_from_net, 1, level,
			       buf_from_net->memory_error);
4554}
4555
4556/* Tell the client about RCS options set in CVSROOT/cvswrappers. */
4557static void
4558serve_wrapper_sendme_rcs_options (arg)
   char *arg;
4560{
  /* Actually, this is kind of sdrawkcab-ssa: the client wants
   * verbatim lines from a cvswrappers file, but the server has
   * already parsed the cvswrappers file into the wrap_list struct.
   * Therefore, the server loops over wrap_list, unparsing each
   * entry before sending it.
   */
  char *wrapper_line = NULL((void*)0);

  wrap_setup ();

  for (wrap_unparse_rcs_options (&wrapper_line, 1);
       wrapper_line;
       wrap_unparse_rcs_options (&wrapper_line, 0))
  {
buf_output0 (buf_to_net, "Wrapper-rcsOption ");
buf_output0 (buf_to_net, wrapper_line);
buf_output0 (buf_to_net, "\012");;
free (wrapper_line);
  }

  buf_output0 (buf_to_net, "ok\012");

  /* The client is waiting for us, so we better send the data now.  */
  buf_flush (buf_to_net, 1);
4585}

4587
4588static void
4589serve_ignore (arg)
  char *arg;
4591{
  /*
   * Just ignore this command.  This is used to support the
   * update-patches command, which is not a real command, but a signal
   * to the client that update will accept the -u argument.
   */
4597}
4598
4599static int
4600expand_proc (argc, argv, where, mwhere, mfile, shorten,
    local_specified, omodule, msg)
  int argc;
  char **argv;
  char *where;
  char *mwhere;
  char *mfile;
  int shorten;
  int local_specified;
  char *omodule;
  char *msg;
4611{
  int i;
  char *dir = argv[0];

  /* If mwhere has been specified, the thing we're expanding is a
     module -- just return its name so the client will ask for the
     right thing later.  If it is an alias or a real directory,
     mwhere will not be set, so send out the appropriate
     expansion. */

  if (mwhere != NULL((void*)0))
  {
buf_output0 (buf_to_net, "Module-expansion ");
if (server_dir != NULL((void*)0))
{
   buf_output0 (buf_to_net, server_dir);
   buf_output0 (buf_to_net, "/");
}
buf_output0 (buf_to_net, mwhere);
if (mfile != NULL((void*)0))
{
   buf_append_char (buf_to_net, '/');
   buf_output0 (buf_to_net, mfile);
}
buf_append_char (buf_to_net, '\n');
  }
  else
  {
/* We may not need to do this anymore -- check the definition
         of aliases before removing */
if (argc == 1)
{
   buf_output0 (buf_to_net, "Module-expansion ");
   if (server_dir != NULL((void*)0))
   {
buf_output0 (buf_to_net, server_dir);
buf_output0 (buf_to_net, "/");
   }
   buf_output0 (buf_to_net, dir);
   buf_append_char (buf_to_net, '\n');
}
else
{
   for (i = 1; i < argc; ++i)
   {
       buf_output0 (buf_to_net, "Module-expansion ");
if (server_dir != NULL((void*)0))
{
    buf_output0 (buf_to_net, server_dir);
    buf_output0 (buf_to_net, "/");
}
buf_output0 (buf_to_net, dir);
buf_append_char (buf_to_net, '/');
buf_output0 (buf_to_net, argv[i]);
buf_append_char (buf_to_net, '\n');
   }
}
  }
  return 0;
4670}

4672static void
4673serve_expand_modules (arg)
  char *arg;
4675{
  int i;
  int err;
  DBM *db;
  err = 0;

  server_expanding = 1;
  db = open_module ();
  for (i = 1; i < argument_count; i++)
err += do_module (db, argument_vector[i],
	  CHECKOUT, "Updating", expand_proc,
	  NULL((void*)0), 0, 0, 0, 0,
	  (char *) NULL((void*)0));
  close_module (db);
  server_expanding = 0;
  {
/* argument_vector[0] is a dummy argument, we don't mess with it.  */
char **cp;
for (cp = argument_vector + 1;
    cp < argument_vector + argument_count;
    ++cp)
   free (*cp);

argument_count = 1;
  }
  if (err)
/* We will have printed an error message already.  */
buf_output0 (buf_to_net, "error  \n");
  else
buf_output0 (buf_to_net, "ok\n");

  /* The client is waiting for the module expansions, so we must
     send the output now.  */
  buf_flush (buf_to_net, 1);
4709}

4711void
4712server_prog (dir, name, which)
  char *dir;
  char *name;
  enum progs which;
4716{
  if (!supported_response ("Set-checkin-prog"))
  {
buf_output0 (buf_to_net, "E \
4720warning: this client does not support -i or -u flags in the modules file.\n");
return;
  }
  switch (which)
  {
case PROG_CHECKIN:
   buf_output0 (buf_to_net, "Set-checkin-prog ");
   break;
case PROG_UPDATE:
   buf_output0 (buf_to_net, "Set-update-prog ");
   break;
  }
  buf_output0 (buf_to_net, dir);
  buf_append_char (buf_to_net, '\n');
  buf_output0 (buf_to_net, name);
  buf_append_char (buf_to_net, '\n');
4736}

4738static void
4739serve_checkin_prog (arg)
  char *arg;
4741{
  FILE *f;

  /* Before we do anything we first check if this command is not 
     disabled. */
  if (disable_x_prog)
  {
if (alloc_pending (80))
   sprintf (pending_error_text, "\
4750E Checkin-prog disabled by configuration");
return;
  }

  f = CVS_FOPENfopen (CVSADM_CIPROG"CVS/Checkin.prog", "w+");
  if (f == NULL((void*)0))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_CIPROG"CVS/Checkin.prog")))
   sprintf (pending_error_text, "E cannot open %s", CVSADM_CIPROG"CVS/Checkin.prog");
pending_error = save_errno;
return;
  }
  if (fprintf (f, "%s\n", arg) < 0)
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_CIPROG"CVS/Checkin.prog")))
   sprintf (pending_error_text,
     "E cannot write to %s", CVSADM_CIPROG"CVS/Checkin.prog");
pending_error = save_errno;
return;
  }
  if (fclose (f) == EOF(-1))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_CIPROG"CVS/Checkin.prog")))
   sprintf (pending_error_text, "E cannot close %s", CVSADM_CIPROG"CVS/Checkin.prog");
pending_error = save_errno;
return;
  }
4780}

4782static void
4783serve_update_prog (arg)
  char *arg;
4785{
  FILE *f;

  /* Before we do anything we first check if this command is not 
     disabled. */
  if (disable_x_prog)
  {
if (alloc_pending (80))
   sprintf (pending_error_text, "\
4794E Update-prog disabled by configuration");
return;
  }
  
  /* Before we do anything we need to make sure we are not in readonly
     mode.  */
  if (!check_command_legal_p ("commit"))
  {
/* I might be willing to make this a warning, except we lack the
  machinery to do so.  */
if (alloc_pending (80))
   sprintf (pending_error_text, "\
4806E Flag -u in modules not allowed in readonly mode");
return;
  }

  f = CVS_FOPENfopen (CVSADM_UPROG"CVS/Update.prog", "w+");
  if (f == NULL((void*)0))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_UPROG"CVS/Update.prog")))
   sprintf (pending_error_text, "E cannot open %s", CVSADM_UPROG"CVS/Update.prog");
pending_error = save_errno;
return;
  }
  if (fprintf (f, "%s\n", arg) < 0)
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_UPROG"CVS/Update.prog")))
   sprintf (pending_error_text, "E cannot write to %s", CVSADM_UPROG"CVS/Update.prog");
pending_error = save_errno;
return;
  }
  if (fclose (f) == EOF(-1))
  {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (CVSADM_UPROG"CVS/Update.prog")))
   sprintf (pending_error_text, "E cannot close %s", CVSADM_UPROG"CVS/Update.prog");
pending_error = save_errno;
return;
  }
4835}
4836
4837static void serve_valid_requests PROTO((char *arg))(char *arg);

4839#endif /* SERVER_SUPPORT */
4840#if defined(SERVER_SUPPORT1) || defined(CLIENT_SUPPORT1)

4842/*
* Parts of this table are shared with the client code,
* but the client doesn't need to know about the handler
* functions.
*/

4848struct request requests[] =
4849{
4850#ifdef SERVER_SUPPORT1
4851#define REQ_LINE(n, f, s) {n, f, s}
4852#else
4853#define REQ_LINE(n, f, s) {n, s}
4854#endif

REQ_LINE("Root", serve_root, RQ_ESSENTIAL1 | RQ_ROOTLESS8),
REQ_LINE("Valid-responses", serve_valid_responses,
  RQ_ESSENTIAL1 | RQ_ROOTLESS8),
REQ_LINE("valid-requests", serve_valid_requests,
  RQ_ESSENTIAL1 | RQ_ROOTLESS8),
REQ_LINE("Repository", serve_repository, 0),
REQ_LINE("Directory", serve_directory, RQ_ESSENTIAL1),
REQ_LINE("Max-dotdot", serve_max_dotdot, 0),
REQ_LINE("Static-directory", serve_static_directory, 0),
REQ_LINE("Sticky", serve_sticky, 0),
REQ_LINE("Checkin-prog", serve_checkin_prog, 0),
REQ_LINE("Update-prog", serve_update_prog, 0),
REQ_LINE("Entry", serve_entry, RQ_ESSENTIAL1),
REQ_LINE("Kopt", serve_kopt, 0),
REQ_LINE("Checkin-time", serve_checkin_time, 0),
REQ_LINE("Modified", serve_modified, RQ_ESSENTIAL1),
REQ_LINE("Is-modified", serve_is_modified, 0),

/* The client must send this request to interoperate with CVS 1.5
   through 1.9 servers.  The server must support it (although it can
   be and is a noop) to interoperate with CVS 1.5 to 1.9 clients.  */
REQ_LINE("UseUnchanged", serve_enable_unchanged, RQ_ENABLEME4 | RQ_ROOTLESS8),

REQ_LINE("Unchanged", serve_unchanged, RQ_ESSENTIAL1),
REQ_LINE("Notify", serve_notify, 0),
REQ_LINE("Questionable", serve_questionable, 0),
REQ_LINE("Case", serve_case, 0),
REQ_LINE("Argument", serve_argument, RQ_ESSENTIAL1),
REQ_LINE("Argumentx", serve_argumentx, RQ_ESSENTIAL1),
REQ_LINE("Global_option", serve_global_option, RQ_ROOTLESS8),
REQ_LINE("Gzip-stream", serve_gzip_stream, 0),
REQ_LINE("wrapper-sendme-rcsOptions",
         serve_wrapper_sendme_rcs_options,
         0),
REQ_LINE("Set", serve_set, RQ_ROOTLESS8),
4891#ifdef ENCRYPTION
4892#  ifdef HAVE_KERBEROS
REQ_LINE("Kerberos-encrypt", serve_kerberos_encrypt, 0),
4894#  endif
4895#  ifdef HAVE_GSSAPI
REQ_LINE("Gssapi-encrypt", serve_gssapi_encrypt, 0),
4897#  endif
4898#endif
4899#ifdef HAVE_GSSAPI
REQ_LINE("Gssapi-authenticate", serve_gssapi_authenticate, 0),
4901#endif
REQ_LINE("expand-modules", serve_expand_modules, 0),
REQ_LINE("ci", serve_ci, RQ_ESSENTIAL1),
REQ_LINE("co", serve_co, RQ_ESSENTIAL1),
REQ_LINE("update", serve_update, RQ_ESSENTIAL1),
REQ_LINE("diff", serve_diff, 0),
REQ_LINE("log", serve_log, 0),
REQ_LINE("rlog", serve_rlog, 0),
REQ_LINE("add", serve_add, 0),
REQ_LINE("remove", serve_remove, 0),
REQ_LINE("update-patches", serve_ignore, 0),
REQ_LINE("gzip-file-contents", serve_gzip_contents, 0),
REQ_LINE("status", serve_status, 0),
REQ_LINE("rdiff", serve_rdiff, 0),
REQ_LINE("tag", serve_tag, 0),
REQ_LINE("rtag", serve_rtag, 0),
REQ_LINE("import", serve_import, 0),
REQ_LINE("admin", serve_admin, 0),
REQ_LINE("export", serve_export, 0),
REQ_LINE("history", serve_history, 0),
REQ_LINE("release", serve_release, 0),
REQ_LINE("watch-on", serve_watch_on, 0),
REQ_LINE("watch-off", serve_watch_off, 0),
REQ_LINE("watch-add", serve_watch_add, 0),
REQ_LINE("watch-remove", serve_watch_remove, 0),
REQ_LINE("watchers", serve_watchers, 0),
REQ_LINE("editors", serve_editors, 0),
REQ_LINE("init", serve_init, RQ_ROOTLESS8),
REQ_LINE("annotate", serve_annotate, 0),
REQ_LINE("rannotate", serve_rannotate, 0),
REQ_LINE("noop", serve_noop, RQ_ROOTLESS8),
REQ_LINE("version", serve_version, RQ_ROOTLESS8),
REQ_LINE(NULL((void*)0), NULL((void*)0), 0)

4935#undef REQ_LINE
4936};

4938#endif /* SERVER_SUPPORT or CLIENT_SUPPORT */
4939#ifdef SERVER_SUPPORT1

4941static void
4942serve_valid_requests (arg)
   char *arg;
4944{
  struct request *rq;
  if (print_pending_error ())
return;
  buf_output0 (buf_to_net, "Valid-requests");
  for (rq = requests; rq->name != NULL((void*)0); rq++)
  {
if (rq->func != NULL((void*)0))
{
   buf_append_char (buf_to_net, ' ');
   buf_output0 (buf_to_net, rq->name);
}
  }
  buf_output0 (buf_to_net, "\nok\n");

  /* The client is waiting for the list of valid requests, so we
     must send the output now.  */
  buf_flush (buf_to_net, 1);
4962}

4964#ifdef SUNOS_KLUDGE
4965/*
* Delete temporary files.  SIG is the signal making this happen, or
* 0 if not called as a result of a signal.
*/
4969static int command_pid_is_dead;
4970static void wait_sig (sig)
   int sig;
4972{
  int status;
  int save_errno = errno(*__errno());

  pid_t r = wait (&status);
  if (r == command_pid)
command_pid_is_dead++;
  errno(*__errno()) = save_errno;
4980}
4981#endif /* SUNOS_KLUDGE */

4983void
4984server_cleanup (sig)
  int sig;
4986{
  /* Do "rm -rf" on the temp directory.  */
  static int called = 0;
  int status;
  int save_noexec;

  if (called++)
return;

  /* already processing cleanup, do not want recursion */
4996#ifdef SIGABRT6
  (void) SIG_deregister (SIGABRT6, server_cleanup);
4998#endif
4999#ifdef SIGHUP1
  (void) SIG_deregister (SIGHUP1, server_cleanup);
5001#endif
5002#ifdef SIGINT2
  (void) SIG_deregister (SIGINT2, server_cleanup);
5004#endif
5005#ifdef SIGQUIT3
  (void) SIG_deregister (SIGQUIT3, server_cleanup);
5007#endif
5008#ifdef SIGPIPE13
  (void) SIG_deregister (SIGPIPE13, server_cleanup);
5010#endif
5011#ifdef SIGTERM15
  (void) SIG_deregister (SIGTERM15, server_cleanup);
5013#endif

  if (buf_to_net != NULL((void*)0))
  {
/* FIXME: If this is not the final call from server, this
  could deadlock, because the client might be blocked writing
  to us.  This should not be a problem in practice, because
  we do not generate much output when the client is not
  waiting for it.  */
set_block (buf_to_net);
buf_flush (buf_to_net, 1);

/* The calls to buf_shutdown are currently only meaningful
  when we are using compression.  First we shut down
  BUF_FROM_NET.  That will pick up the checksum generated
  when the client shuts down its buffer.  Then, after we have
  generated any final output, we shut down BUF_TO_NET.  */

status = buf_shutdown (buf_from_net);
if (status != 0)
{
   error (0, status, "shutting down buffer from client");
   buf_flush (buf_to_net, 1);
}
  }

  if (dont_delete_temp)
  {
if (buf_to_net != NULL((void*)0))
   (void) buf_shutdown (buf_to_net);
return;
  }

  /* What a bogus kludge.  This disgusting code makes all kinds of
     assumptions about SunOS, and is only for a bug in that system.
     So only enable it on Suns.  */
5049#ifdef SUNOS_KLUDGE
  if (command_pid > 0)
  {
/* To avoid crashes on SunOS due to bugs in SunOS tmpfs
  triggered by the use of rename() in RCS, wait for the
  subprocess to die.  Unfortunately, this means draining output
  while waiting for it to unblock the signal we sent it.  Yuck!  */
int status;
pid_t r;

signal (SIGCHLD20, wait_sig);
if (sig)
   /* Perhaps SIGTERM would be more correct.  But the child
      process will delay the SIGINT delivery until its own
      children have exited.  */
   kill (command_pid, SIGINT2);
/* The caller may also have sent a signal to command_pid, so
  always try waiting.  First, though, check and see if it's still
  there....  */
  do_waitpid:
r = waitpid (command_pid, &status, WNOHANG1);
if (r == 0)
   ;
else if (r == command_pid)
   command_pid_is_dead++;
else if (r == -1)
   switch (errno(*__errno()))
   {
case ECHILD10:
    command_pid_is_dead++;
    break;
case EINTR4:
    goto do_waitpid;
   }
else
   /* waitpid should always return one of the above values */
   abort ();
while (!command_pid_is_dead)
{
   struct timeval timeout;
   struct fd_set_wrapper readfds;
   char buf[100];
   int i;

   /* Use a non-zero timeout to avoid eating up CPU cycles.  */
   timeout.tv_sec = 2;
   timeout.tv_usec = 0;
   readfds = command_fds_to_drain;
   switch (select (max_command_fd + 1, &readfds.fds,
	    (fd_set *)0, (fd_set *)0,
	    &timeout))
   {
case -1:
    if (errno(*__errno()) != EINTR4)
	abort ();
case 0:
    /* timeout */
    break;
case 1:
    for (i = 0; i <= max_command_fd; i++)
    {
	if (!FD_ISSET (i, &readfds.fds)__fd_isset((i), (&readfds.fds)))
	    continue;
	/* this fd is non-blocking */
	while (read (i, buf, sizeof (buf)) >= 1)
	    ;
    }
    break;
default:
    abort ();
   }
}
  }
5122#endif /* SUNOS_KLUDGE */

  CVS_CHDIRchdir (Tmpdir);
  /* Temporarily clear noexec, so that we clean up our temp directory
     regardless of it (this could more cleanly be handled by moving
     the noexec check to all the unlink_file_dir callers from
     unlink_file_dir itself).  */
  save_noexec = noexec;
  noexec = 0;
  /* FIXME?  Would be nice to not ignore errors.  But what should we do?
     We could try to do this before we shut down the network connection,
     and try to notify the client (but the client might not be waiting
     for responses).  We could try something like syslog() or our own
     log file.  */
  unlink_file_dir (orig_server_temp_dir);
  noexec = save_noexec;

  if (buf_to_net != NULL((void*)0))
(void) buf_shutdown (buf_to_net);
5141}

5143int server_active = 0;
5144int server_expanding = 0;

5146int
5147server (argc, argv)
   int argc;
   char **argv;
5150{
  if (argc == -1)
  {
static const char *const msg[] =
{
   "Usage: %s %s\n",
   "  Normally invoked by a cvs client on a remote machine.\n",
   NULL((void*)0)
};
usage (msg);
  }
  /* Ignore argc and argv.  They might be from .cvsrc.  */

  buf_to_net = fd_buffer_initialize (STDOUT_FILENO1, 0,
		       outbuf_memory_error);
  buf_from_net = stdio_buffer_initialize (stdin(&__sF[0]), 1, outbuf_memory_error);

  saved_output = buf_nonio_initialize (outbuf_memory_error);
  saved_outerr = buf_nonio_initialize (outbuf_memory_error);

  /* Since we're in the server parent process, error should use the
     protocol to report error messages.  */
  error_use_protocol = 1;

  /* OK, now figure out where we stash our temporary files.  */
  {
char *p;

/* The code which wants to chdir into server_temp_dir is not set
  up to deal with it being a relative path.  So give an error
  for that case.  */
if (!isabsolute (Tmpdir))
{
   if (alloc_pending (80 + strlen (Tmpdir)))
sprintf (pending_error_text,
	 "E Value of %s for TMPDIR is not absolute", Tmpdir);

   /* FIXME: we would like this error to be persistent, that
      is, not cleared by print_pending_error.  The current client
      will exit as soon as it gets an error, but the protocol spec
      does not require a client to do so.  */
}
else
{
   int status;
   int i = 0;

   server_temp_dir = malloc (strlen (Tmpdir) + 80);
   if (server_temp_dir == NULL((void*)0))
   {
/*
 * Strictly speaking, we're not supposed to output anything
 * now.  But we're about to exit(), give it a try.
 */
printf ("E Fatal server error, aborting.\n\
5205error ENOMEM Virtual memory exhausted.\n");

/* I'm doing this manually rather than via error_exit ()
   because I'm not sure whether we want to call server_cleanup.
   Needs more investigation....  */

5211#ifdef SYSTEM_CLEANUP
/* Hook for OS-specific behavior, for example socket
   subsystems on NT and OS2 or dealing with windows
   and arguments on Mac.  */
SYSTEM_CLEANUP ();
5216#endif

exit (EXIT_FAILURE1);
   }
   strcpy (server_temp_dir, Tmpdir);

   /* Remove a trailing slash from TMPDIR if present.  */
   p = server_temp_dir + strlen (server_temp_dir) - 1;
   if (*p == '/')
*p = '\0';

   /*
    * I wanted to use cvs-serv/PID, but then you have to worry about
    * the permissions on the cvs-serv directory being right.  So
    * use cvs-servPID.
    */
   strcat (server_temp_dir, "/cvs-serv");

   p = server_temp_dir + strlen (server_temp_dir);
   sprintf (p, "%ld", (long) getpid ());

   orig_server_temp_dir = server_temp_dir;

   /* Create the temporary directory, and set the mode to
             700, to discourage random people from tampering with
             it.  */
   while ((status = mkdir_p (server_temp_dir)) == EEXIST17)
   {
       static const char suffix[] = "abcdefghijklmnopqrstuvwxyz";

       if (i >= sizeof suffix - 1) break;
if (i == 0) p = server_temp_dir + strlen (server_temp_dir);
p[0] = suffix[i++];
p[1] = '\0';
   }
   if (status != 0)
   {
if (alloc_pending (80 + strlen (server_temp_dir)))
    sprintf (pending_error_text,
	    "E can't create temporary directory %s",
	    server_temp_dir);
pending_error = status;
   }
5259#ifndef CHMOD_BROKEN
   else if (chmod (server_temp_dir, S_IRWXU0000700) < 0)
   {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (server_temp_dir)))
    sprintf (pending_error_text,
5265"E cannot change permissions on temporary directory %s",
	     server_temp_dir);
pending_error = save_errno;
   }
5269#endif
   else if (CVS_CHDIRchdir (server_temp_dir) < 0)
   {
int save_errno = errno(*__errno());
if (alloc_pending (80 + strlen (server_temp_dir)))
    sprintf (pending_error_text,
5275"E cannot change to temporary directory %s",
	     server_temp_dir);
pending_error = save_errno;
   }
}
  }

5282#ifdef SIGABRT6
  (void) SIG_register (SIGABRT6, server_cleanup);
5284#endif
5285#ifdef SIGHUP1
  (void) SIG_register (SIGHUP1, server_cleanup);
5287#endif
5288#ifdef SIGINT2
  (void) SIG_register (SIGINT2, server_cleanup);
5290#endif
5291#ifdef SIGQUIT3
  (void) SIG_register (SIGQUIT3, server_cleanup);
5293#endif
5294#ifdef SIGPIPE13
  (void) SIG_register (SIGPIPE13, server_cleanup);
5296#endif
5297#ifdef SIGTERM15
  (void) SIG_register (SIGTERM15, server_cleanup);
5299#endif

  /* Now initialize our argument vector (for arguments from the client).  */

  /* Small for testing.  */
  argument_vector_size = 1;
  argument_vector =
(char **) malloc (argument_vector_size * sizeof (char *));
  if (argument_vector == NULL((void*)0))
  {
/*
* Strictly speaking, we're not supposed to output anything
* now.  But we're about to exit(), give it a try.
*/
printf ("E Fatal server error, aborting.\n\
5314error ENOMEM Virtual memory exhausted.\n");

/* I'm doing this manually rather than via error_exit ()
  because I'm not sure whether we want to call server_cleanup.
  Needs more investigation....  */

5320#ifdef SYSTEM_CLEANUP
/* Hook for OS-specific behavior, for example socket subsystems on
  NT and OS2 or dealing with windows and arguments on Mac.  */
SYSTEM_CLEANUP ();
5324#endif

exit (EXIT_FAILURE1);
  }

  argument_count = 1;
  /* This gets printed if the client supports an option which the
     server doesn't, causing the server to print a usage message.
     FIXME: probably should be using program_name here.
     FIXME: just a nit, I suppose, but the usage message the server
     prints isn't literally true--it suggests "cvs server" followed
     by options which are for a particular command.  Might be nice to
     say something like "client apparently supports an option not supported
     by this server" or something like that instead of usage message.  */
  argument_vector[0] = "cvs server";

  while (1)
  {
char *cmd, *orig_cmd;
struct request *rq;
int status;

status = buf_read_line (buf_from_net, &cmd, (int *) NULL((void*)0));
if (status == -2)
{
   buf_output0 (buf_to_net, "E Fatal server error, aborting.\n\
5350error ENOMEM Virtual memory exhausted.\n");
   break;
}
if (status != 0)
   break;

orig_cmd = cmd;
for (rq = requests; rq->name != NULL((void*)0); ++rq)
   if (strncmp (cmd, rq->name, strlen (rq->name)) == 0)
   {
int len = strlen (rq->name);
if (cmd[len] == '\0')
    cmd += len;
else if (cmd[len] == ' ')
    cmd += len + 1;
else
    /*
     * The first len characters match, but it's a different
     * command.  e.g. the command is "cooperate" but we matched
     * "co".
     */
    continue;

if (!(rq->flags & RQ_ROOTLESS8)
    && current_parsed_root == NULL((void*)0))
{
    /* For commands which change the way in which data
       is sent and received, for example Gzip-stream,
       this does the wrong thing.  Since the client
       assumes that everything is being compressed,
       unconditionally, there is no way to give this
       error to the client without turning on
       compression.  The obvious fix would be to make
       Gzip-stream RQ_ROOTLESS (with the corresponding
       change to the spec), and that might be a good
       idea but then again I can see some settings in
       CVSROOT about what compression level to allow.
       I suppose a more baroque answer would be to
       turn on compression (say, at level 1), just
       enough to give the "Root request missing"
       error.  For now we just lose.  */
    if (alloc_pending (80))
	sprintf (pending_error_text,
		 "E Protocol error: Root request missing");
}
else
    (*rq->func) (cmd);
break;
   }
if (rq->name == NULL((void*)0))
{
   if (!print_pending_error ())
   {
       buf_output0 (buf_to_net, "error  unrecognized request `");
buf_output0 (buf_to_net, cmd);
buf_append_char (buf_to_net, '\'');
buf_append_char (buf_to_net, '\n');
   }
}
free (orig_cmd);
  }
  server_cleanup (0);
  return 0;
5413}

5415
5416#if defined (HAVE_KERBEROS) || defined (AUTH_SERVER_SUPPORT) || defined (HAVE_GSSAPI)
5417static void switch_to_user PROTO((const char *))(const char *);

5419static void
5420switch_to_user (username)
  const char *username;
5422{
  struct passwd *pw;

  pw = getpwnam (username);
  if (pw == NULL((void*)0))
  {
/* Normally this won't be reached; check_password contains
  a similar check.  */

printf ("E Fatal error, aborting.\n\
5432error 0 %s: no such user\n", username);
/* Don't worry about server_cleanup; server_active isn't set yet.  */
error_exit ();
  }

5437#if HAVE_INITGROUPS1
  if (initgroups (pw->pw_name, pw->pw_gid) < 0
5439#  ifdef EPERM1
/* At least on the system I tried, initgroups() only works as root.
  But we do still want to report ENOMEM and whatever other
  errors initgroups() might dish up.  */
&& errno(*__errno()) != EPERM1
5444#  endif
)
  {
/* This could be a warning, but I'm not sure I see the point
  in doing that instead of an error given that it would happen
  on every connection.  We could log it somewhere and not tell
  the user.  But at least for now make it an error.  */
printf ("error 0 initgroups failed: %s\n", strerror (errno(*__errno())));
/* Don't worry about server_cleanup; server_active isn't set yet.  */
error_exit ();
  }
5455#endif /* HAVE_INITGROUPS */

5457#ifdef SETXID_SUPPORT
  /* honor the setgid bit iff set*/
  if (getgid() != getegid())
  {
if (setgid (getegid ()) < 0)
{
   /* See comments at setuid call below for more discussion.  */
   printf ("error 0 setgid failed: %s\n", strerror (errno(*__errno())));
   /* Don't worry about server_cleanup;
      server_active isn't set yet.  */
   error_exit ();
}
  }
  else
5471#endif
  {
if (setgid (pw->pw_gid) < 0)
{
   /* See comments at setuid call below for more discussion.  */
   printf ("error 0 setgid failed: %s\n", strerror (errno(*__errno())));
   /* Don't worry about server_cleanup;
      server_active isn't set yet.  */
   error_exit ();
}
  }
  
  if (setuid (pw->pw_uid) < 0)
  {
/* Note that this means that if run as a non-root user,
  CVSROOT/passwd must contain the user we are running as
  (e.g. "joe:FsEfVcu:cvs" if run as "cvs" user).  This seems
  cleaner than ignoring the error like CVS 1.10 and older but
  it does mean that some people might need to update their
  CVSROOT/passwd file.  */
printf ("error 0 setuid failed: %s\n", strerror (errno(*__errno())));
/* Don't worry about server_cleanup; server_active isn't set yet.  */
error_exit ();
  }

  /* We don't want our umask to change file modes.  The modes should
     be set by the modes used in the repository, and by the umask of
     the client.  */
  umask (0);

5501#ifdef AUTH_SERVER_SUPPORT
  /* Make sure our CVS_Username has been set. */
  if (CVS_Username == NULL((void*)0))
CVS_Username = xstrdup (username);
5505#endif
    
5507#if HAVE_PUTENV1
  /* Set LOGNAME, USER and CVS_USER in the environment, in case they
     are already set to something else.  */
  {
char *env;
5512#ifdef AUTH_SERVER_SUPPORT
char *cvs_user;
5514#endif

env = xmalloc (sizeof "LOGNAME=" + strlen (username));
(void) sprintf (env, "LOGNAME=%s", username);
(void) putenv (env);

env = xmalloc (sizeof "USER=" + strlen (username));
(void) sprintf (env, "USER=%s", username);
(void) putenv (env);

5524#ifdef AUTH_SERVER_SUPPORT
      cvs_user = NULL((void*)0) != CVS_Username ? CVS_Username : "";
      env = xmalloc (sizeof "CVS_USER=" + strlen (cvs_user));
      (void) sprintf (env, "CVS_USER=%s", cvs_user);
      (void) putenv (env);
5529#endif
  }
5531#endif /* HAVE_PUTENV */
5532}
5533#endif

5535#ifdef AUTH_SERVER_SUPPORT

5537
5538/* 
* 0 means no entry found for this user.
* 1 means entry found and password matches (or found password is empty)
* 2 means entry found, but password does not match.
*
* If 1, host_user_ptr will be set to point at the system
* username (i.e., the "real" identity, which may or may not be the
* CVS username) of this user; caller may free this.  Global
* CVS_Username will point at an allocated copy of cvs username (i.e.,
* the username argument below).
* kff todo: FIXME: last sentence is not true, it applies to caller.
*/
5550static int
5551check_repository_password (username, password, repository, host_user_ptr)
   char *username, *password, *repository, **host_user_ptr;
5553{
  int retval = 0;
  FILE *fp;
  char *filename;
  char *linebuf = NULL((void*)0);
  size_t linebuf_len;
  int found_it = 0;
  int namelen;

  /* We don't use current_parsed_root->directory because it hasn't been set yet
   * -- our `repository' argument came from the authentication
   * protocol, not the regular CVS protocol.
   */

  filename = xmalloc (strlen (repository)
	+ 1
	+ strlen (CVSROOTADM"CVSROOT")
	+ 1
	+ strlen (CVSROOTADM_PASSWD"passwd")
	+ 1);

  (void) sprintf (filename, "%s/%s/%s", repository,
                  CVSROOTADM"CVSROOT", CVSROOTADM_PASSWD"passwd");

  fp = CVS_FOPENfopen (filename, "r");
  if (fp == NULL((void*)0))
  {
if (!existence_error (errno)(((*__errno())) == 2))
   error (0, errno(*__errno()), "cannot open %s", filename);
return 0;
  }

  /* Look for a relevant line -- one with this user's name. */
  namelen = strlen (username);
  while (get_line (&linebuf, &linebuf_len, fp) >= 0)
  {
if ((strncmp (linebuf, username, namelen) == 0)
   && (linebuf[namelen] == ':'))
      {
   found_it = 1;
   break;
      }
  }
  if (ferror (fp)(!__isthreaded ? (((fp)->_flags & 0x0040) != 0) : (ferror
)(fp)))
error (0, errno(*__errno()), "cannot read %s", filename);
  if (fclose (fp) < 0)
error (0, errno(*__errno()), "cannot close %s", filename);

  /* If found_it, then linebuf contains the information we need. */
  if (found_it)
  {
char *found_password, *host_user_tmp;
      char *non_cvsuser_portion;

      /* We need to make sure lines such as 
       *
       *    "username::sysuser\n"
       *    "username:\n"
       *    "username:  \n"
       *
       * all result in a found_password of NULL, but we also need to
       * make sure that
       *
       *    "username:   :sysuser\n"
       *    "username: <whatever>:sysuser\n"
       *
       * continues to result in an impossible password.  That way,
       * an admin would be on safe ground by going in and tacking a
       * space onto the front of a password to disable the account
       * (a technique some people use to close accounts
       * temporarily).
       */

      /* Make `non_cvsuser_portion' contain everything after the CVS
         username, but null out any final newline. */
non_cvsuser_portion = linebuf + namelen;
      strtok (non_cvsuser_portion, "\n");

      /* If there's a colon now, we just want to inch past it. */
      if (strchr (non_cvsuser_portion, ':') == non_cvsuser_portion)
          non_cvsuser_portion++;

      /* Okay, after this conditional chain, found_password and
         host_user_tmp will have useful values: */

      if ((non_cvsuser_portion == NULL((void*)0))
          || (strlen (non_cvsuser_portion) == 0)
          || ((strspn (non_cvsuser_portion, " \t"))
              == strlen (non_cvsuser_portion)))
      {
          found_password = NULL((void*)0);
          host_user_tmp = NULL((void*)0);
      }
      else if (strncmp (non_cvsuser_portion, ":", 1) == 0)
      {
          found_password = NULL((void*)0);
          host_user_tmp = non_cvsuser_portion + 1;
          if (strlen (host_user_tmp) == 0)
              host_user_tmp = NULL((void*)0);
      }
      else
      {
          found_password = strtok (non_cvsuser_portion, ":");
          host_user_tmp = strtok (NULL((void*)0), ":");
      }

      /* Of course, maybe there was no system user portion... */
if (host_user_tmp == NULL((void*)0))
          host_user_tmp = username;

      /* Verify blank passwords directly, otherwise use crypt_checkpass(). */
      if ((found_password == NULL((void*)0))
          || (crypt_checkpass (password, found_password) == 0))
      {
          /* Give host_user_ptr permanent storage. */
          *host_user_ptr = xstrdup (host_user_tmp);
   retval = 1;
      }
else
      {
          *host_user_ptr = NULL((void*)0);
   retval         = 2;
      }
  }
  else     /* Didn't find this user, so deny access. */
  {
*host_user_ptr = NULL((void*)0);
retval = 0;
  }

  free (filename);
  if (linebuf)
      free (linebuf);

  return retval;
5688}


5691/* Return a hosting username if password matches, else NULL. */
5692static char *
5693check_password (username, password, repository)
  char *username, *password, *repository;
5695{
  int rc;
  char *host_user = NULL((void*)0);

  /* First we see if this user has a password in the CVS-specific
     password file.  If so, that's enough to authenticate with.  If
     not, we'll check /etc/passwd. */

  rc = check_repository_password (username, password, repository,
		    &host_user);

  if (rc == 2)
return NULL((void*)0);

  /* else */

  if (rc == 1)
  {
      /* host_user already set by reference, so just return. */
      goto handle_return;
  }
  else if (rc == 0 && system_auth)
  {
/* No cvs password found, so try /etc/passwd. */

const char *found_passwd = NULL((void*)0);
struct passwd *pw;
5722#ifdef HAVE_GETSPNAM
struct spwd *spw;

spw = getspnam (username);
if (spw != NULL((void*)0))
{
   found_passwd = spw->sp_pwdp;
}
5730#endif

if (found_passwd == NULL((void*)0) && (pw = getpwnam (username)) != NULL((void*)0))
{
   found_passwd = pw->pw_passwd;
}

if (found_passwd == NULL((void*)0))
{
   printf ("E Fatal error, aborting.\n\
5740error 0 %s: no such user\n", username);

   /* I'm doing this manually rather than via error_exit ()
      because I'm not sure whether we want to call server_cleanup.
      Needs more investigation....  */

5746#ifdef SYSTEM_CLEANUP
   /* Hook for OS-specific behavior, for example socket subsystems on
      NT and OS2 or dealing with windows and arguments on Mac.  */
   SYSTEM_CLEANUP ();
5750#endif

   exit (EXIT_FAILURE1);
}

if (*found_passwd)
      {
   /* user exists and has a password */
   host_user = ((! crypt_checkpass (password, found_passwd))
                       ? xstrdup (username) : NULL((void*)0));
          goto handle_return;
      }
else if (password && *password)
      {
   /* user exists and has no system password, but we got
      one as parameter */
   host_user = xstrdup (username);
          goto handle_return;
      }
else
      {
   /* user exists but has no password at all */
   host_user = NULL((void*)0);
          goto handle_return;
      }
  }
  else if (rc == 0)
  {
/* Note that the message _does_ distinguish between the case in
  which we check for a system password and the case in which
  we do not.  It is a real pain to track down why it isn't
  letting you in if it won't say why, and I am not convinced
  that the potential information disclosure to an attacker
  outweighs this.  */
printf ("error 0 no such user %s in CVSROOT/passwd\n", username);

/* I'm doing this manually rather than via error_exit ()
  because I'm not sure whether we want to call server_cleanup.
  Needs more investigation....  */

5790#ifdef SYSTEM_CLEANUP
/* Hook for OS-specific behavior, for example socket subsystems on
  NT and OS2 or dealing with windows and arguments on Mac.  */
SYSTEM_CLEANUP ();
5794#endif
exit (EXIT_FAILURE1);
  }
  else
  {
/* Something strange happened.  We don't know what it was, but
  we certainly won't grant authorization. */
host_user = NULL((void*)0);
      goto handle_return;
  }

5805handle_return:
  if (host_user)
  {
      /* Set CVS_Username here, in allocated space. 
         It might or might not be the same as host_user. */
      CVS_Username = xmalloc (strlen (username) + 1);
      strcpy (CVS_Username, username);
  }

  return host_user;
5815}

5817#endif /* AUTH_SERVER_SUPPORT */

5819#if defined (AUTH_SERVER_SUPPORT) || defined (HAVE_GSSAPI)

5821/* Read username and password from client (i.e., stdin).
 If correct, then switch to run as that user and send an ACK to the
 client via stdout, else send NACK and die. */
5824void
5825pserver_authenticate_connection ()
5826{
  char *tmp = NULL((void*)0);
  size_t tmp_allocated = 0;
5829#ifdef AUTH_SERVER_SUPPORT
  char *repository = NULL((void*)0);
  size_t repository_allocated = 0;
  char *username = NULL((void*)0);
  size_t username_allocated = 0;
  char *password = NULL((void*)0);
  size_t password_allocated = 0;

  char *host_user;
  char *descrambled_password;
5839#endif /* AUTH_SERVER_SUPPORT */
  int verify_and_exit = 0;

  /* The Authentication Protocol.  Client sends:
   *
   *   BEGIN AUTH REQUEST\n
   *   <REPOSITORY>\n
   *   <USERNAME>\n
   *   <PASSWORD>\n
   *   END AUTH REQUEST\n
   *
   * Server uses above information to authenticate, then sends
   *
   *   I LOVE YOU\n
   *
   * if it grants access, else
   *
   *   I HATE YOU\n
   *
   * if it denies access (and it exits if denying).
   *
   * When the client is "cvs login", the user does not desire actual
   * repository access, but would like to confirm the password with
   * the server.  In this case, the start and stop strings are
   *
   *   BEGIN VERIFICATION REQUEST\n
   *
   *            and
   *
   *   END VERIFICATION REQUEST\n
   *
   * On a verification request, the server's responses are the same
   * (with the obvious semantics), but it exits immediately after
   * sending the response in both cases.
   *
   * Why is the repository sent?  Well, note that the actual
   * client/server protocol can't start up until authentication is
   * successful.  But in order to perform authentication, the server
   * needs to look up the password in the special CVS passwd file,
   * before trying /etc/passwd.  So the client transmits the
   * repository as part of the "authentication protocol".  The
   * repository will be redundantly retransmitted later, but that's no
   * big deal.
   */

5884#ifdef SO_KEEPALIVE
  /* Set SO_KEEPALIVE on the socket, so that we don't hang forever
     if the client dies while we are waiting for input.  */
  {
int on = 1;

if (setsockopt (STDIN_FILENO0, SOL_SOCKET, SO_KEEPALIVE,
	   (char *) &on, sizeof on) < 0)
{
5893#ifdef HAVE_SYSLOG_H1
   syslog (LOG_DAEMON(3<<3) | LOG_ERR3, "error setting KEEPALIVE: %m");
5895#endif
}
  }
5898#endif

  /* Make sure the protocol starts off on the right foot... */
  if (getline_safe (&tmp, &tmp_allocated, stdin(&__sF[0]), PATH_MAX1024) < 0)
/* FIXME: what?  We could try writing error/eof, but chances
  are the network connection is dead bidirectionally.  log it
  somewhere?  */
;

  if (strcmp (tmp, "BEGIN VERIFICATION REQUEST\n") == 0)
verify_and_exit = 1;
  else if (strcmp (tmp, "BEGIN AUTH REQUEST\n") == 0)
;
  else if (strcmp (tmp, "BEGIN GSSAPI REQUEST\n") == 0)
  {
5913#ifdef HAVE_GSSAPI
free (tmp);
gserver_authenticate_connection ();
return;
5917#else
error (1, 0, "GSSAPI authentication not supported by this server");
5919#endif
  }
  else
error (1, 0, "bad auth protocol start: %s", tmp);

5924#ifndef AUTH_SERVER_SUPPORT

  error (1, 0, "Password authentication not supported by this server");

5928#else /* AUTH_SERVER_SUPPORT */

  /* Get the three important pieces of information in order. */
  /* See above comment about error handling.  */
  getline_safe (&repository, &repository_allocated, stdin(&__sF[0]), PATH_MAX1024);
  getline_safe (&username, &username_allocated, stdin(&__sF[0]), PATH_MAX1024);
  getline_safe (&password, &password_allocated, stdin(&__sF[0]), PATH_MAX1024);

  /* Make them pure. */ 
  strip_trailing_newlines (repository);
  strip_trailing_newlines (username);
  strip_trailing_newlines (password);

  /* ... and make sure the protocol ends on the right foot. */
  /* See above comment about error handling.  */
  getline_safe (&tmp, &tmp_allocated, stdin(&__sF[0]), PATH_MAX1024);
  if (strcmp (tmp,
verify_and_exit ?
"END VERIFICATION REQUEST\n" : "END AUTH REQUEST\n")
!= 0)
  {
error (1, 0, "bad auth protocol end: %s", tmp);
  }
  if (!root_allow_ok (repository))
  {
printf ("error 0 %s: no such repository\n", repository);
5954#ifdef HAVE_SYSLOG_H1
syslog (LOG_DAEMON(3<<3) | LOG_NOTICE5, "login refused for %s", repository);
5956#endif
goto i_hate_you;
  }

  /* OK, now parse the config file, so we can use it to control how
     to check passwords.  If there was an error parsing the config
     file, parse_config already printed an error.  We keep going.
     Why?  Because if we didn't, then there would be no way to check
     in a new CVSROOT/config file to fix the broken one!  */
  parse_config (repository);

  /* We need the real cleartext before we hash it. */
  descrambled_password = descramble (password);
  host_user = check_password (username, descrambled_password, repository);
  memset (descrambled_password, 0, strlen (descrambled_password));
  free (descrambled_password);
  if (host_user == NULL((void*)0))
  {
5974#ifdef HAVE_SYSLOG_H1
syslog (LOG_DAEMON(3<<3) | LOG_NOTICE5, "login failure (for %s)", repository);
5976#ifdef LOG_AUTHPRIV(10<<3)
      syslog (LOG_AUTHPRIV(10<<3) | LOG_NOTICE5, "login failure by %s / %s (for %s)",
      	username, descrambled_password, repository);
5979#endif
5980#endif
  i_hate_you:
printf ("I HATE YOU\n");
fflush (stdout(&__sF[1]));

/* Don't worry about server_cleanup, server_active isn't set
  yet.  */
error_exit ();
  }

  /* Don't go any farther if we're just responding to "cvs login". */
  if (verify_and_exit)
  {
printf ("I LOVE YOU\n");
fflush (stdout(&__sF[1]));

5996#ifdef SYSTEM_CLEANUP
/* Hook for OS-specific behavior, for example socket subsystems on
  NT and OS2 or dealing with windows and arguments on Mac.  */
SYSTEM_CLEANUP ();
6000#endif

exit (0);
  }

  /* Set Pserver_Repos so that we can check later that the same
     repository is sent in later client/server protocol. */
  Pserver_Repos = xmalloc (strlen (repository) + 1);
  strcpy (Pserver_Repos, repository);

  /* Switch to run as this user. */
  switch_to_user (host_user);
  free (host_user);
  free (tmp);
  free (repository);
  free (username);
  free (password);

  printf ("I LOVE YOU\n");
  fflush (stdout(&__sF[1]));
6020#endif /* AUTH_SERVER_SUPPORT */
6021}

6023#endif /* AUTH_SERVER_SUPPORT || HAVE_GSSAPI */


6026#ifdef HAVE_KERBEROS
6027void
6028kserver_authenticate_connection ()
6029{
  int status;
  char instance[INST_SZ];
  struct sockaddr_in peer;
  struct sockaddr_in laddr;
  int len;
  KTEXT_ST ticket;
  AUTH_DAT auth;
  char version[KRB_SENDAUTH_VLEN];
  char user[ANAME_SZ];

  strcpy (instance, "*");
  len = sizeof peer;
  if (getpeername (STDIN_FILENO0, (struct sockaddr *) &peer, &len) < 0
|| getsockname (STDIN_FILENO0, (struct sockaddr *) &laddr,
	&len) < 0)
  {
printf ("E Fatal error, aborting.\n\
6047error %s getpeername or getsockname failed\n", strerror (errno(*__errno())));
6048#ifdef SYSTEM_CLEANUP
/* Hook for OS-specific behavior, for example socket subsystems on
  NT and OS2 or dealing with windows and arguments on Mac.  */
SYSTEM_CLEANUP ();
6052#endif
exit (EXIT_FAILURE1);
  }

6056#ifdef SO_KEEPALIVE
  /* Set SO_KEEPALIVE on the socket, so that we don't hang forever
     if the client dies while we are waiting for input.  */
  {
int on = 1;

if (setsockopt (STDIN_FILENO0, SOL_SOCKET, SO_KEEPALIVE,
	   (char *) &on, sizeof on) < 0)
{
6065#ifdef HAVE_SYSLOG_H1
   syslog (LOG_DAEMON(3<<3) | LOG_ERR3, "error setting KEEPALIVE: %m");
6067#endif
}
  }
6070#endif

  status = krb_recvauth (KOPT_DO_MUTUAL, STDIN_FILENO0, &ticket, "rcmd",
	   instance, &peer, &laddr, &auth, "", sched,
	   version);
  if (status != KSUCCESS)
  {
printf ("E Fatal error, aborting.\n\
6078error 0 kerberos: %s\n", krb_get_err_text(status));
6079#ifdef SYSTEM_CLEANUP
/* Hook for OS-specific behavior, for example socket subsystems on
  NT and OS2 or dealing with windows and arguments on Mac.  */
SYSTEM_CLEANUP ();
6083#endif
exit (EXIT_FAILURE1);
  }

  memcpy (kblock, auth.session, sizeof (C_Block));

  /* Get the local name.  */
  status = krb_kntoln (&auth, user);
  if (status != KSUCCESS)
  {
printf ("E Fatal error, aborting.\n\
6094error 0 kerberos: can't get local name: %s\n", krb_get_err_text(status));
6095#ifdef SYSTEM_CLEANUP
/* Hook for OS-specific behavior, for example socket subsystems on
  NT and OS2 or dealing with windows and arguments on Mac.  */
SYSTEM_CLEANUP ();
6099#endif
exit (EXIT_FAILURE1);
  }

  /* Switch to run as this user. */
  switch_to_user (user);
6105}
6106#endif /* HAVE_KERBEROS */

6108#ifdef HAVE_GSSAPI

6110#ifndef MAXHOSTNAMELEN256
6111#define MAXHOSTNAMELEN256 (256)
6112#endif

6114/* Authenticate a GSSAPI connection.  This is called from
 pserver_authenticate_connection, and it handles success and failure
 the same way.  */

6118static void
6119gserver_authenticate_connection ()
6120{
  char hostname[MAXHOSTNAMELEN256];
  struct hostent *hp;
  gss_buffer_desc tok_in, tok_out;
  char buf[1024];
  OM_uint32 stat_min, ret;
  gss_name_t server_name, client_name;
  gss_cred_id_t server_creds;
  int nbytes;
  gss_OID mechid;

  gethostname (hostname, sizeof hostname);
  hp = gethostbyname (hostname);
  if (hp == NULL((void*)0))
error (1, 0, "can't get canonical hostname");

  sprintf (buf, "cvs@%s", hp->h_name);
  tok_in.value = buf;
  tok_in.length = strlen (buf);

  if (gss_import_name (&stat_min, &tok_in, GSS_C_NT_HOSTBASED_SERVICE,
	 &server_name) != GSS_S_COMPLETE)
error (1, 0, "could not import GSSAPI service name %s", buf);

  /* Acquire the server credential to verify the client's
     authentication.  */
  if (gss_acquire_cred (&stat_min, server_name, 0, GSS_C_NULL_OID_SET,
	  GSS_C_ACCEPT, &server_creds,
	  NULL((void*)0), NULL((void*)0)) != GSS_S_COMPLETE)
error (1, 0, "could not acquire GSSAPI server credentials");

  gss_release_name (&stat_min, &server_name);

  /* The client will send us a two byte length followed by that many
     bytes.  */
  if (fread (buf, 1, 2, stdin(&__sF[0])) != 2)
error (1, errno(*__errno()), "read of length failed");

  nbytes = ((buf[0] & 0xff) << 8) | (buf[1] & 0xff);
  assert (nbytes <= sizeof buf)((nbytes <= sizeof buf) ? (void)0 : __assert2("/usr/src/gnu/usr.bin/cvs/src/server.c"
, 6159, __func__, "nbytes <= sizeof buf"));

  if (fread (buf, 1, nbytes, stdin(&__sF[0])) != nbytes)
error (1, errno(*__errno()), "read of data failed");

  gcontext = GSS_C_NO_CONTEXT;
  tok_in.length = nbytes;
  tok_in.value = buf;

  if (gss_accept_sec_context (&stat_min,
                              &gcontext,	/* context_handle */
                              server_creds,	/* verifier_cred_handle */
                              &tok_in,	/* input_token */
                              NULL((void*)0),		/* channel bindings */
                              &client_name,	/* src_name */
                              &mechid,	/* mech_type */
                              &tok_out,	/* output_token */
                              &ret,
                              NULL((void*)0),	 	/* ignore time_rec */
                              NULL((void*)0))		/* ignore del_cred_handle */
!= GSS_S_COMPLETE)
  {
error (1, 0, "could not verify credentials");
  }

  /* FIXME: Use Kerberos v5 specific code to authenticate to a user.
     We could instead use an authentication to access mapping.  */
  {
krb5_context kc;
krb5_principal p;
gss_buffer_desc desc;

krb5_init_context (&kc);
if (gss_display_name (&stat_min, client_name, &desc,
	      &mechid) != GSS_S_COMPLETE
   || krb5_parse_name (kc, ((gss_buffer_t) &desc)->value, &p) != 0
   || krb5_aname_to_localname (kc, p, sizeof buf, buf) != 0
   || krb5_kuserok (kc, p, buf) != TRUE)
{
   error (1, 0, "access denied");
}
krb5_free_principal (kc, p);
krb5_free_context (kc);
  }

  if (tok_out.length != 0)
  {
char cbuf[2];

cbuf[0] = (tok_out.length >> 8) & 0xff;
cbuf[1] = tok_out.length & 0xff;
if (fwrite (cbuf, 1, 2, stdout(&__sF[1])) != 2
   || (fwrite (tok_out.value, 1, tok_out.length, stdout(&__sF[1]))
!= tok_out.length))
   error (1, errno(*__errno()), "fwrite failed");
  }

  switch_to_user (buf);

  printf ("I LOVE YOU\n");
  fflush (stdout(&__sF[1]));
6220}

6222#endif /* HAVE_GSSAPI */

6224#endif /* SERVER_SUPPORT */

6226#if defined (CLIENT_SUPPORT1) || defined (SERVER_SUPPORT1)

6228/* This global variable is non-zero if the user requests encryption on
 the command line.  */
6230int cvsencrypt;

6232/* This global variable is non-zero if the users requests stream
 authentication on the command line.  */
6234int cvsauthenticate;

6236#ifdef HAVE_GSSAPI

6238/* An buffer interface using GSSAPI.  This is built on top of a
 packetizing buffer.  */

6241/* This structure is the closure field of the GSSAPI translation
 routines.  */

6244struct cvs_gssapi_wrap_data
6245{
  /* The GSSAPI context.  */
  gss_ctx_id_t gcontext;
6248};

6250static int cvs_gssapi_wrap_input PROTO((void *, const char *, char *, int))(void *, const char *, char *, int);
6251static int cvs_gssapi_wrap_output PROTO((void *, const char *, char *, int,(void *, const char *, char *, int, int *)
			 int *))(void *, const char *, char *, int, int *);

6254/* Create a GSSAPI wrapping buffer.  We use a packetizing buffer with
 GSSAPI wrapping routines.  */

6257struct buffer *
6258cvs_gssapi_wrap_buffer_initialize (buf, input, gcontext, memory)
   struct buffer *buf;
   int input;
   gss_ctx_id_t gcontext;
   void (*memory) PROTO((struct buffer *))(struct buffer *);
6263{
  struct cvs_gssapi_wrap_data *gd;

  gd = (struct cvs_gssapi_wrap_data *) xmalloc (sizeof *gd);
  gd->gcontext = gcontext;

  return (packetizing_buffer_initialize
   (buf,
    input ? cvs_gssapi_wrap_input : NULL((void*)0),
    input ? NULL((void*)0) : cvs_gssapi_wrap_output,
    gd,
    memory));
6275}

6277/* Unwrap data using GSSAPI.  */

6279static int
6280cvs_gssapi_wrap_input (fnclosure, input, output, size)
   void *fnclosure;
   const char *input;
   char *output;
   int size;
6285{
  struct cvs_gssapi_wrap_data *gd =
(struct cvs_gssapi_wrap_data *) fnclosure;
  gss_buffer_desc inbuf, outbuf;
  OM_uint32 stat_min;
  int conf;

  inbuf.value = (void *) input;
  inbuf.length = size;

  if (gss_unwrap (&stat_min, gd->gcontext, &inbuf, &outbuf, &conf, NULL((void*)0))
!= GSS_S_COMPLETE)
  {
error (1, 0, "gss_unwrap failed");
  }

  if (outbuf.length > size)
abort ();

  memcpy (output, outbuf.value, outbuf.length);

  /* The real packet size is stored in the data, so we don't need to
     remember outbuf.length.  */

  gss_release_buffer (&stat_min, &outbuf);

  return 0;
6312}

6314/* Wrap data using GSSAPI.  */

6316static int
6317cvs_gssapi_wrap_output (fnclosure, input, output, size, translated)
   void *fnclosure;
   const char *input;
   char *output;
   int size;
   int *translated;
6323{
  struct cvs_gssapi_wrap_data *gd =
(struct cvs_gssapi_wrap_data *) fnclosure;
  gss_buffer_desc inbuf, outbuf;
  OM_uint32 stat_min;
  int conf_req, conf;

  inbuf.value = (void *) input;
  inbuf.length = size;

6333#ifdef ENCRYPTION
  conf_req = cvs_gssapi_encrypt;
6335#else
  conf_req = 0;
6337#endif

  if (gss_wrap (&stat_min, gd->gcontext, conf_req, GSS_C_QOP_DEFAULT,
  &inbuf, &conf, &outbuf) != GSS_S_COMPLETE)
error (1, 0, "gss_wrap failed");

  /* The packetizing buffer only permits us to add 100 bytes.
     FIXME: I don't know what, if anything, is guaranteed by GSSAPI.
     This may need to be increased for a different GSSAPI
     implementation, or we may need a different algorithm.  */
  if (outbuf.length > size + 100)
abort ();

  memcpy (output, outbuf.value, outbuf.length);

  *translated = outbuf.length;

  gss_release_buffer (&stat_min, &outbuf);

  return 0;
6357}

6359#endif /* HAVE_GSSAPI */

6361#ifdef ENCRYPTION

6363#ifdef HAVE_KERBEROS

6365/* An encryption interface using Kerberos.  This is built on top of a
 packetizing buffer.  */

6368/* This structure is the closure field of the Kerberos translation
 routines.  */

6371struct krb_encrypt_data
6372{
  /* The Kerberos key schedule.  */
  Key_schedule sched;
  /* The Kerberos DES block.  */
  C_Block block;
6377};

6379static int krb_encrypt_input PROTO((void *, const char *, char *, int))(void *, const char *, char *, int);
6380static int krb_encrypt_output PROTO((void *, const char *, char *, int,(void *, const char *, char *, int, int *)
		     int *))(void *, const char *, char *, int, int *);

6383/* Create a Kerberos encryption buffer.  We use a packetizing buffer
 with Kerberos encryption translation routines.  */

6386struct buffer *
6387krb_encrypt_buffer_initialize (buf, input, sched, block, memory)
   struct buffer *buf;
   int input;
   Key_schedule sched;
   C_Block block;
   void (*memory) PROTO((struct buffer *))(struct buffer *);
6393{
  struct krb_encrypt_data *kd;

  kd = (struct krb_encrypt_data *) xmalloc (sizeof *kd);
  memcpy (kd->sched, sched, sizeof (Key_schedule));
  memcpy (kd->block, block, sizeof (C_Block));

  return packetizing_buffer_initialize (buf,
			  input ? krb_encrypt_input : NULL((void*)0),
			  input ? NULL((void*)0) : krb_encrypt_output,
			  kd,
			  memory);
6405}

6407/* Decrypt Kerberos data.  */

6409static int
6410krb_encrypt_input (fnclosure, input, output, size)
   void *fnclosure;
   const char *input;
   char *output;
   int size;
6415{
  struct krb_encrypt_data *kd = (struct krb_encrypt_data *) fnclosure;
  int tcount;

  DES_cbc_encrypt ((C_Block *) input, (C_Block *) output,
     size, &kd->sched, &kd->block, 0);

  /* SIZE is the size of the buffer, which is set by the encryption
     routine.  The packetizing buffer will arrange for the first two
     bytes in the decrypted buffer to be the real (unaligned)
     length.  As a safety check, make sure that the length in the
     buffer corresponds to SIZE.  Note that the length in the buffer
     is just the length of the data.  We must add 2 to account for
     the buffer count itself.  */
  tcount = ((output[0] & 0xff) << 8) + (output[1] & 0xff);
  if (((tcount + 2 + 7) & ~7) != size)
    error (1, 0, "Decryption failure");

  return 0;
6434}

6436/* Encrypt Kerberos data.  */

6438static int
6439krb_encrypt_output (fnclosure, input, output, size, translated)
   void *fnclosure;
   const char *input;
   char *output;
   int size;
   int *translated;
6445{
  struct krb_encrypt_data *kd = (struct krb_encrypt_data *) fnclosure;
  int aligned;

  /* For security against a known plaintext attack, we should
     initialize any padding bytes to random values.  Instead, we
     just pick up whatever is on the stack, which is at least better
     than using zero.  */

  /* Align SIZE to an 8 byte boundary.  Note that SIZE includes the
     two byte buffer count at the start of INPUT which was added by
     the packetizing buffer.  */
  aligned = (size + 7) & ~7;

  /* We use DES_cbc_encrypt rather than krb_mk_priv because the
     latter sticks a timestamp in the block, and krb_rd_priv expects
     that timestamp to be within five minutes of the current time.
     Given the way the CVS server buffers up data, that can easily
     fail over a long network connection.  We trust krb_recvauth to
     guard against a replay attack.  */

  DES_cbc_encrypt ((C_Block *) input, (C_Block *) output, aligned,
     &kd->sched, &kd->block, 1);

  *translated = aligned;

  return 0;
6472}

6474#endif /* HAVE_KERBEROS */
6475#endif /* ENCRYPTION */
6476#endif /* defined (CLIENT_SUPPORT) || defined (SERVER_SUPPORT) */

6478/* Output LEN bytes at STR.  If LEN is zero, then output up to (not including)
 the first '\0' byte.  */

6481void
6482cvs_output (str, len)
  const char *str;
  size_t len;
6485{
  if (len == 0)
len = strlen (str);
6488#ifdef SERVER_SUPPORT1
  if (error_use_protocol)
  {
buf_output (saved_output, str, len);
buf_copy_lines (buf_to_net, saved_output, 'M');
  }
  else if (server_active)
  {
buf_output (saved_output, str, len);
buf_copy_lines (protocol, saved_output, 'M');
buf_send_counted (protocol);
  }
  else
6501#endif
  {
size_t written;
size_t to_write = len;
const char *p = str;

/* For symmetry with cvs_outerr we would call fflush (stderr)
  here.  I guess the assumption is that stderr will be
  unbuffered, so we don't need to.  That sounds like a sound
  assumption from the manpage I looked at, but if there was
  something fishy about it, my guess is that calling fflush
  would not produce a significant performance problem.  */

while (to_write > 0)
{
   written = fwrite (p, 1, to_write, stdout(&__sF[1]));
   if (written == 0)
break;
   p += written;
   to_write -= written;
}
  }
6523}

6525/* Output LEN bytes at STR in binary mode.  If LEN is zero, then
 output zero bytes.  */

6528void
6529cvs_output_binary (str, len)
  char *str;
  size_t len;
6532{
6533#ifdef SERVER_SUPPORT1
  if (error_use_protocol || server_active)
  {
struct buffer *buf;
char size_text[40];

if (error_use_protocol)
   buf = buf_to_net;
else
   buf = protocol;

if (!supported_response ("Mbinary"))
{
   error (0, 0, "\
6547this client does not support writing binary files to stdout");
   return;
}

buf_output0 (buf, "Mbinary\012");
sprintf (size_text, "%lu\012", (unsigned long) len);
buf_output0 (buf, size_text);

/* Not sure what would be involved in using buf_append_data here
  without stepping on the toes of our caller (which is responsible
  for the memory allocation of STR).  */
buf_output (buf, str, len);

if (!error_use_protocol)
   buf_send_counted (protocol);
  }
  else
6564#endif
  {
size_t written;
size_t to_write = len;
const char *p = str;

/* For symmetry with cvs_outerr we would call fflush (stderr)
  here.  I guess the assumption is that stderr will be
  unbuffered, so we don't need to.  That sounds like a sound
  assumption from the manpage I looked at, but if there was
  something fishy about it, my guess is that calling fflush
  would not produce a significant performance problem.  */
6576#ifdef USE_SETMODE_STDOUT
int oldmode;

/* It is possible that this should be the same ifdef as
  USE_SETMODE_BINARY but at least for the moment we keep them
  separate.  Mostly this is just laziness and/or a question
  of what has been tested where.  Also there might be an
  issue of setmode vs. _setmode.  */
/* The Windows doc says to call setmode only right after startup.
  I assume that what they are talking about can also be helped
  by flushing the stream before changing the mode.  */
fflush (stdout(&__sF[1]));
oldmode = _setmode (_fileno (stdout(&__sF[1])), OPEN_BINARY(0));
if (oldmode < 0)
   error (0, errno(*__errno()), "failed to setmode on stdout");
6591#endif

while (to_write > 0)
{
   written = fwrite (p, 1, to_write, stdout(&__sF[1]));
   if (written == 0)
break;
   p += written;
   to_write -= written;
}
6601#ifdef USE_SETMODE_STDOUT
fflush (stdout(&__sF[1]));
if (_setmode (_fileno (stdout(&__sF[1])), oldmode) != OPEN_BINARY(0))
   error (0, errno(*__errno()), "failed to setmode on stdout");
6605#endif
  }
6607}

6609/* Like CVS_OUTPUT but output is for stderr not stdout.  */

6611void
6612cvs_outerr (str, len)
  const char *str;
  size_t len;
6615{
  if (len == 0)
len = strlen (str);
6618#ifdef SERVER_SUPPORT1
  if (error_use_protocol)
  {
buf_output (saved_outerr, str, len);
buf_copy_lines (buf_to_net, saved_outerr, 'E');
  }
  else if (server_active)
  {
buf_output (saved_outerr, str, len);
buf_copy_lines (protocol, saved_outerr, 'E');
buf_send_counted (protocol);
  }
  else
6631#endif
  {
size_t written;
size_t to_write = len;
const char *p = str;

/* Make sure that output appears in order if stdout and stderr
  point to the same place.  For the server case this is taken
  care of by the fact that saved_outerr always holds less
  than a line.  */
fflush (stdout(&__sF[1]));

while (to_write > 0)
{
   written = fwrite (p, 1, to_write, stderr(&__sF[2]));
   if (written == 0)
break;
   p += written;
   to_write -= written;
}
  }
6652}

6654/* Flush stderr.  stderr is normally flushed automatically, of course,
 but this function is used to flush information from the server back
 to the client.  */

6658void
6659cvs_flusherr ()
6660{
6661#ifdef SERVER_SUPPORT1
  if (error_use_protocol)
  {
/* skip the actual stderr flush in this case since the parent process
* on the server should only be writing to stdout anyhow
*/
/* Flush what we can to the network, but don't block.  */
buf_flush (buf_to_net, 0);
  }
  else if (server_active)
  {
/* make sure stderr is flushed before we send the flush count on the
* protocol pipe
*/ 
fflush (stderr(&__sF[2]));
/* Send a special count to tell the parent to flush.  */
buf_send_special_count (protocol, -2);
  }
  else
6680#endif
fflush (stderr(&__sF[2]));
6682}

6684/* Make it possible for the user to see what has been written to
 stdout (it is up to the implementation to decide exactly how far it
 should go to ensure this).  */

6688void
6689cvs_flushout ()
6690{
6691#ifdef SERVER_SUPPORT1
  if (error_use_protocol)
  {
/* Flush what we can to the network, but don't block.  */
buf_flush (buf_to_net, 0);
  }
  else if (server_active)
  {
/* Just do nothing.  This is because the code which
  cvs_flushout replaces, setting stdout to line buffering in
  main.c, didn't get called in the server child process.  But
  in the future it is quite plausible that we'll want to make
  this case work analogously to cvs_flusherr.

  FIXME - DRP - I tried to implement this and triggered the following
  error: "Protocol error: uncounted data discarded".  I don't need
  this feature right now, so I'm not going to bother with it yet.
*/
buf_send_special_count (protocol, -1);
  }
  else
6712#endif
fflush (stdout(&__sF[1]));
6714}

6716/* Output TEXT, tagging it according to TAG.  There are lots more
 details about what TAG means in cvsclient.texi but for the simple
 case (e.g. non-client/server), TAG is just "newline" to output a
 newline (in which case TEXT must be NULL), and any other tag to
 output normal text.

 Note that there is no way to output either \0 or \n as part of TEXT.  */

6724void
6725cvs_output_tagged (tag, text)
  char *tag;
  char *text;
6728{
  if (text != NULL((void*)0) && strchr (text, '\n') != NULL((void*)0))
/* Uh oh.  The protocol has no way to cope with this.  For now
  we dump core, although that really isn't such a nice
  response given that this probably can be caused by newlines
  in filenames and other causes other than bugs in CVS.  Note
  that we don't want to turn this into "MT newline" because
  this case is a newline within a tagged item, not a newline
  as extraneous sugar for the user.  */
assert (0)((0) ? (void)0 : __assert2("/usr/src/gnu/usr.bin/cvs/src/server.c"
, 6737, __func__, "0"));

  /* Start and end tags don't take any text, per cvsclient.texi.  */
  if (tag[0] == '+' || tag[0] == '-')
assert (text == NULL)((text == ((void*)0)) ? (void)0 : __assert2("/usr/src/gnu/usr.bin/cvs/src/server.c"
, 6741, __func__, "text == NULL"));

6743#ifdef SERVER_SUPPORT1
  if (server_active && supported_response ("MT"))
  {
struct buffer *buf;

if (error_use_protocol)
   buf = buf_to_net;
else
   buf = protocol;

buf_output0 (buf, "MT ");
buf_output0 (buf, tag);
if (text != NULL((void*)0))
{
   buf_output (buf, " ", 1);
   buf_output0 (buf, text);
}
buf_output (buf, "\n", 1);

if (!error_use_protocol)
   buf_send_counted (protocol);
  }
  else
6766#endif
  {
if (strcmp (tag, "newline") == 0)
   cvs_output ("\n", 1);
else if (text != NULL((void*)0))
   cvs_output (text, 0);
  }
6773}