/[smeserver]/rpms/rssh/sme8/rssh-2.3.2-rsync-protocol.patch
ViewVC logotype

Contents of /rpms/rssh/sme8/rssh-2.3.2-rsync-protocol.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Thu Nov 18 19:08:21 2010 UTC (14 years ago) by slords
Branch: MAIN
CVS Tags: rssh-2_3_2-1_3_el5_sme
Fix rssh to work with rsync 3.0

1 As of rsync 3, rsync reused the -e option to pass protocol information
2 from the client to the server. We therefore cannot reject all -e
3 options to rsync, only ones not sent with --server or containing
4 something other than protocol information as an argument.
5
6 Based on work by Robert Hardy.
7
8 Debian Bug#471803
9
10 --- rssh.orig/util.c
11 +++ rssh/util.c
12 @@ -56,6 +56,7 @@
13 #ifdef HAVE_LIBGEN_H
14 #include <libgen.h>
15 #endif /* HAVE_LIBGEN_H */
16 +#include <regex.h>
17
18 /* LOCAL INCLUDES */
19 #include "pathnames.h"
20 @@ -183,6 +184,33 @@
21 }
22
23 /*
24 + * check_rsync_e() - take the command line passed to rssh and look for a -e
25 + * option. If one is found, make sure --server is provided
26 + * and the option contains only the protocol information.
27 + * Returns 1 if the command line is safe; 0 otherwise.
28 + */
29 +static int check_rsync_e( char *cl )
30 +{
31 + int status;
32 + regex_t re;
33 +
34 + /*
35 + * This is more complicated than it looks because we don't want to
36 + * trigger on the e in --server, but we do want to catch the common
37 + * case of -ltpre.iL (which contains -e.).
38 + */
39 + static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]";
40 +
41 + if ( strstr(cl, "--server") == NULL ) return 0;
42 + if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
43 + return 0;
44 + }
45 + status = regexec(&re, cl, 0, NULL, 0);
46 + regfree(&re);
47 + return (status == 0) ? 0 : 1;
48 +}
49 +
50 +/*
51 * check_command_line() - take the command line passed to rssh, and verify
52 * that the specified command is one the user is
53 * allowed to run. Return the path of the command
54 @@ -226,9 +254,9 @@
55
56 if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
57 /* filter -e option */
58 - if ( opt_exist(cl, 'e') ){
59 + if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){
60 fprintf(stderr, "\ninsecure -e option not allowed.");
61 - log_msg("insecure -e option in rdist command line!");
62 + log_msg("insecure -e option in rsync command line!");
63 return NULL;
64 }
65

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed