Date: Sat, 1 Feb 2014 17:18:14 +0000 (UTC) From: Pawel Pekala <pawel@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r342195 - in head/shells/rssh: . files Message-ID: <201402011718.s11HIEkE073528@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pawel Date: Sat Feb 1 17:18:14 2014 New Revision: 342195 URL: http://svnweb.freebsd.org/changeset/ports/342195 QAT: https://qat.redports.org/buildarchive/r342195/ Log: - Add rsync3 support - Add LICENSE PR: ports/180573 Submitted by: maintainer Added: head/shells/rssh/files/optional-patch-util.c (contents, props changed) Modified: head/shells/rssh/Makefile head/shells/rssh/pkg-descr Modified: head/shells/rssh/Makefile ============================================================================== --- head/shells/rssh/Makefile Sat Feb 1 17:17:52 2014 (r342194) +++ head/shells/rssh/Makefile Sat Feb 1 17:18:14 2014 (r342195) @@ -7,16 +7,22 @@ CATEGORIES= shells security MASTER_SITES= SF MAINTAINER= jharris@widomaker.com -COMMENT= Restricted Secure SHell only for sftp or/and scp +COMMENT= Restricted Secure SHell only for sftp/scp/rdist/rsync/CVS + +LICENSE= BSD2CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENSE GNU_CONFIGURE= yes USE_CSTD= gnu89 -OPTIONS_DEFINE= RDIST +OPTIONS_DEFINE= RDIST RSYNC3 RDIST_DESC= rdist support RDIST_RUN_DEPENDS= rdist6:${PORTSDIR}/net/rdist6 RDIST_CONFIGURE_ON= --with-rdist=${LOCALBASE}/bin/rdist6 +RSYNC3_DESC= rsync3 support (Debian patch) +RSYNC3_EXTRA_PATCHES= ${FILESDIR}/optional-patch-util.c + post-patch: @${REINPLACE_CMD} -E -e 's,(\$$\(DESTDIR\)\$$\(sysconfdir\)/\$$\$$f),\1.dist,g' \ -e 's,u\+s ,u+s $$\(DESTDIR\),g' \ Added: head/shells/rssh/files/optional-patch-util.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/shells/rssh/files/optional-patch-util.c Sat Feb 1 17:18:14 2014 (r342195) @@ -0,0 +1,103 @@ +--- util.c.orig 2012-11-27 12:14:49.000000000 +1100 ++++ util.c 2013-01-09 17:52:54.000000000 +1100 +@@ -56,6 +56,7 @@ + #ifdef HAVE_LIBGEN_H + #include <libgen.h> + #endif /* HAVE_LIBGEN_H */ ++#include <regex.h> + + /* LOCAL INCLUDES */ + #include "pathnames.h" +@@ -198,6 +199,73 @@ + + + /* ++ * rsync_e_okay() - take the command line passed to rssh and look for an -e ++ * option. If one is found, make sure --server is provided ++ * and the option contains only the protocol information. ++ * Also check for and reject any --rsh option. Returns FALSE ++ * if the command line should not be allowed, TRUE if it is ++ * okay. ++ */ ++static int rsync_e_okay( char **vec ) ++{ ++ regex_t re; ++ int server = FALSE; ++ int e_found = FALSE; ++ ++ /* ++ * rsync will send -e, followed by either just "." (meaning no special ++ * protocol) or "N.N" (meaning a pre-release protocol version), ++ * followed by some number of alphabetic flags indicating various ++ * supported options. There may be other options between - and the e, ++ * but -e will always be the last option in the string. A typical ++ * option passed by the client is "-ltpre.iL". ++ * ++ * Note that if --server is given, this should never be parsed as a ++ * shell, but we'll tightly verify it anyway, just in case. ++ * ++ * This regex matches the acceptable flags containing -e, so if it ++ * does not match, the command line should be rejected. ++ */ ++ static const char pattern[] ++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; ++ ++ /* ++ * Only recognize --server if it's the first option. rsync itself ++ * always passes it that way, and if it's not the first argument, it ++ * could be hidden from the server as an argument to some other ++ * option. ++ */ ++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ ++ server = TRUE; ++ } ++ ++ /* Check the remaining options for -e or --rsh. */ ++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ ++ return FALSE; ++ } ++ while (vec && *vec){ ++ if ( strcmp(*vec, "--") == 0 ) break; ++ if ( strcmp(*vec, "--rsh") == 0 ++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ ++ e_found = TRUE; ++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ } ++ vec++; ++ } ++ regfree(&re); ++ if ( e_found && !server ) return FALSE; ++ return TRUE; ++} ++ ++ ++/* + * check_command_line() - take the command line passed to rssh, and verify + * that the specified command is one the user is + * allowed to run and validate the arguments. Return the +@@ -230,14 +298,10 @@ + + if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ +- if ( opt_filter(cl, 'e') ) return NULL; +- while (cl && *cl){ +- if ( strstr(*cl, "--rsh" ) ){ +- fprintf(stderr, "\ninsecure --rsh= not allowed."); +- log_msg("insecure --rsh option in rsync command line!"); +- return NULL; +- } +- cl++; ++ if ( !rsync_e_okay(cl) ){ ++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); ++ log_msg("insecure -e or --rsh option in rsync command line!"); ++ return NULL; + } + return PATH_RSYNC; + } Modified: head/shells/rssh/pkg-descr ============================================================================== --- head/shells/rssh/pkg-descr Sat Feb 1 17:17:52 2014 (r342194) +++ head/shells/rssh/pkg-descr Sat Feb 1 17:18:14 2014 (r342195) @@ -1,6 +1,6 @@ -rssh is a Restricted Secure SHell that allow only the use of sftp -or scp. It could be use when you need an account (and a valid -shell) in order to execute sftp or scp but when you don't want to -give the possibility to log in to this user. +rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. +It now also includes support for rdist, rsync, and CVS. For example, if you +have a server which you only want to allow users to copy files off of via scp, +without providing shell access, you can use rssh to do that. WWW: http://www.pizzashack.org/rssh/index.shtml
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402011718.s11HIEkE073528>