From owner-svn-ports-head@FreeBSD.ORG  Sat Feb  1 17:18:15 2014
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 382E2AF6;
 Sat,  1 Feb 2014 17:18:15 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 17B171E5A;
 Sat,  1 Feb 2014 17:18:15 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s11HIEpd073531;
 Sat, 1 Feb 2014 17:18:14 GMT (envelope-from pawel@svn.freebsd.org)
Received: (from pawel@localhost)
 by svn.freebsd.org (8.14.7/8.14.7/Submit) id s11HIEkE073528;
 Sat, 1 Feb 2014 17:18:14 GMT (envelope-from pawel@svn.freebsd.org)
Message-Id: <201402011718.s11HIEkE073528@svn.freebsd.org>
From: Pawel Pekala <pawel@FreeBSD.org>
Date: Sat, 1 Feb 2014 17:18:14 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r342195 - in head/shells/rssh: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Feb 2014 17:18:15 -0000

Author: pawel
Date: Sat Feb  1 17:18:14 2014
New Revision: 342195
URL: http://svnweb.freebsd.org/changeset/ports/342195
QAT: https://qat.redports.org/buildarchive/r342195/

Log:
  - Add rsync3 support
  - Add LICENSE
  
  PR:		ports/180573
  Submitted by:	maintainer

Added:
  head/shells/rssh/files/optional-patch-util.c   (contents, props changed)
Modified:
  head/shells/rssh/Makefile
  head/shells/rssh/pkg-descr

Modified: head/shells/rssh/Makefile
==============================================================================
--- head/shells/rssh/Makefile	Sat Feb  1 17:17:52 2014	(r342194)
+++ head/shells/rssh/Makefile	Sat Feb  1 17:18:14 2014	(r342195)
@@ -7,16 +7,22 @@ CATEGORIES=	shells security
 MASTER_SITES=	SF
 
 MAINTAINER=	jharris@widomaker.com
-COMMENT=	Restricted Secure SHell only for sftp or/and scp
+COMMENT=	Restricted Secure SHell only for sftp/scp/rdist/rsync/CVS
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/LICENSE
 
 GNU_CONFIGURE=	yes
 
 USE_CSTD=	gnu89
-OPTIONS_DEFINE=	RDIST
+OPTIONS_DEFINE=	RDIST RSYNC3
 RDIST_DESC=	rdist support
 RDIST_RUN_DEPENDS=	rdist6:${PORTSDIR}/net/rdist6
 RDIST_CONFIGURE_ON=	--with-rdist=${LOCALBASE}/bin/rdist6
 
+RSYNC3_DESC=		rsync3 support (Debian patch)
+RSYNC3_EXTRA_PATCHES=	${FILESDIR}/optional-patch-util.c
+
 post-patch:
 	@${REINPLACE_CMD} -E -e 's,(\$$\(DESTDIR\)\$$\(sysconfdir\)/\$$\$$f),\1.dist,g' \
 		-e 's,u\+s ,u+s $$\(DESTDIR\),g' \

Added: head/shells/rssh/files/optional-patch-util.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/shells/rssh/files/optional-patch-util.c	Sat Feb  1 17:18:14 2014	(r342195)
@@ -0,0 +1,103 @@
+--- util.c.orig	2012-11-27 12:14:49.000000000 +1100
++++ util.c	2013-01-09 17:52:54.000000000 +1100
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif /* HAVE_LIBGEN_H */
++#include <regex.h>
+ 
+ /* LOCAL INCLUDES */
+ #include "pathnames.h"
+@@ -198,6 +199,73 @@
+ 
+ 
+ /*
++ * rsync_e_okay() - take the command line passed to rssh and look for an -e
++ *		    option.  If one is found, make sure --server is provided
++ *		    and the option contains only the protocol information.
++ *		    Also check for and reject any --rsh option.	 Returns FALSE
++ *		    if the command line should not be allowed, TRUE if it is
++ *		    okay.
++ */
++static int rsync_e_okay( char **vec )
++{
++	regex_t	re;
++	int	server = FALSE;
++	int	e_found = FALSE;
++
++	/*
++	 * rsync will send -e, followed by either just "." (meaning no special
++	 * protocol) or "N.N" (meaning a pre-release protocol version),
++	 * followed by some number of alphabetic flags indicating various
++	 * supported options.  There may be other options between - and the e,
++	 * but -e will always be the last option in the string.	 A typical
++	 * option passed by the client is "-ltpre.iL".
++	 *
++	 * Note that if --server is given, this should never be parsed as a
++	 * shell, but we'll tightly verify it anyway, just in case.
++	 *
++	 * This regex matches the acceptable flags containing -e, so if it
++	 * does not match, the command line should be rejected.
++	 */
++	static const char pattern[]
++	    = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$";
++
++	/*
++	 * Only recognize --server if it's the first option.  rsync itself
++	 * always passes it that way, and if it's not the first argument, it
++	 * could be hidden from the server as an argument to some other
++	 * option.
++	 */
++	if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){
++		server = TRUE;
++	}
++
++	/* Check the remaining options for -e or --rsh. */
++	if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
++		return FALSE;
++	}
++	while (vec && *vec){
++		if ( strcmp(*vec, "--") == 0 ) break;
++		if ( strcmp(*vec, "--rsh") == 0
++		     || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){
++			regfree(&re);
++			return FALSE;
++		}
++		if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){
++			e_found = TRUE;
++			if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){
++				regfree(&re);
++				return FALSE;
++			}
++		}
++		vec++;
++	}
++	regfree(&re);
++	if ( e_found && !server ) return FALSE;
++	return TRUE;
++}
++
++
++/*
+  * check_command_line() - take the command line passed to rssh, and verify
+  *			  that the specified command is one the user is
+  *			  allowed to run and validate the arguments.  Return the
+@@ -230,14 +298,10 @@
+ 
+ 	if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ 		/* filter -e option */
+-		if ( opt_filter(cl, 'e') ) return NULL;
+-		while (cl && *cl){
+-			if ( strstr(*cl, "--rsh" ) ){
+-				fprintf(stderr, "\ninsecure --rsh= not allowed.");
+-				log_msg("insecure --rsh option in rsync command line!");
+-				return NULL;
+-			}
+-			cl++;
++		if ( !rsync_e_okay(cl) ){
++			fprintf(stderr, "\ninsecure -e or --rsh option not allowed.");
++			log_msg("insecure -e or --rsh option in rsync command line!");
++			return NULL;
+ 		}
+ 		return PATH_RSYNC;
+ 	}

Modified: head/shells/rssh/pkg-descr
==============================================================================
--- head/shells/rssh/pkg-descr	Sat Feb  1 17:17:52 2014	(r342194)
+++ head/shells/rssh/pkg-descr	Sat Feb  1 17:18:14 2014	(r342195)
@@ -1,6 +1,6 @@
-rssh is a Restricted Secure SHell that allow only the use of sftp
-or scp.  It could be use when you need an account (and a valid
-shell) in order to execute sftp or scp but when you don't want to
-give the possibility to log in to this user.
+rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp.
+It now also includes support for rdist, rsync, and CVS. For example, if you
+have a server which you only want to allow users to copy files off of via scp,
+without providing shell access, you can use rssh to do that.
 
 WWW: http://www.pizzashack.org/rssh/index.shtml