diff options
-rwxr-xr-x | files/rrsync/rrsync | 76 |
1 files changed, 45 insertions, 31 deletions
diff --git a/files/rrsync/rrsync b/files/rrsync/rrsync index b084200..7c7c659 100755 --- a/files/rrsync/rrsync +++ b/files/rrsync/rrsync @@ -16,10 +16,10 @@ use constant LOGFILE => 'rrsync.log'; my $Usage = <<EOM; Use 'command="$0 [-ro] SUBDIR"' - in front of lines in $ENV{HOME}/.ssh/authorized_keys + in front of lines in $ENV{HOME}/.ssh/authorized_keys EOM -our $ro = (@ARGV && $ARGV[0] eq '-ro') ? shift : ''; # -ro = Read-Only +our $ro = (@ARGV && $ARGV[0] eq '-ro') ? shift : ''; # -ro = Read-Only our $subdir = shift; die "$0: No subdirectory specified\n$Usage" unless defined $subdir; $subdir = abs_path($subdir); @@ -37,8 +37,9 @@ die "$0: Restricted directory does not exist!\n" if $subdir ne '/' && !-d $subdi # SSH_CONNECTION=client_addr client_port server_port my $command = $ENV{SSH_ORIGINAL_COMMAND}; -die "$0: Not invoked via sshd\n$Usage" unless defined $command; +die "$0: Not invoked via sshd\n$Usage" unless defined $command; die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//; +die "$0: --server option is not first\n" unless $command =~ /^--server\s/; our $am_sender = $command =~ /^--server\s+--sender\s/; # Restrictive on purpose! die "$0 -ro: sending to read-only server not allowed\n" if $ro && !$am_sender; @@ -48,9 +49,9 @@ die "$0 -ro: sending to read-only server not allowed\n" if $ro && !$am_sender; # and only in the option format that the stock rsync produces. # To disable a short-named option, add its letter to this string: -our $short_disabled = ''; +our $short_disabled = 's'; -our $short_no_arg = 'ACDEHIKLORSWXbcdgiklmnoprstuvxz'; # DO NOT REMOVE ANY +our $short_no_arg = 'ACDEHIKLORSWXbcdgklmnoprstuvxz'; # DO NOT REMOVE ANY our $short_with_num = 'B'; # DO NOT REMOVE ANY # To disable a long-named option, change its value to a -1. The values mean: @@ -65,23 +66,30 @@ our %long_opt = ( 'compress-level' => 1, 'copy-dest' => 2, 'copy-unsafe-links' => 0, - 'daemon' => 0, + 'daemon' => -1, 'delay-updates' => 0, 'delete' => 0, 'delete-after' => 0, 'delete-before' => 0, + 'delete-delay' => 0, 'delete-during' => 0, 'delete-excluded' => 0, + 'delete-missing-args' => 0, 'existing' => 0, + 'fake-super' => 0, 'files-from' => 3, 'force' => 0, 'from0' => 0, 'fuzzy' => 0, + 'groupmap' => 1, + 'iconv' => 1, 'ignore-errors' => 0, 'ignore-existing' => 0, + 'ignore-missing-args' => 0, 'inplace' => 0, 'link-dest' => 2, 'list-only' => 0, + 'log-file' => 3, 'log-format' => 1, 'max-delete' => 1, 'max-size' => 1, @@ -101,11 +109,15 @@ our %long_opt = ( 'sender' => 0, 'server' => 0, 'size-only' => 0, + 'skip-compress' => 1, 'specials' => 0, + 'stats' => 0, 'suffix' => 1, 'super' => 0, 'temp-dir' => 2, 'timeout' => 1, + 'use-qsort' => 0, + 'usermap' => 1, ); ### END of options data produced by the cull_options script. ### @@ -135,29 +147,30 @@ while ($command =~ /((?:[^\s\\]+|\\.[^\s\\]*)+)/g) { if ($_ eq '.') { $in_options = 0; } else { - next if /^-($short_no_arg|e\d*\.\d*)+$/o || /^-$short_with_num\d+$/o; + die "$0: invalid option: '-'\n" if $_ eq '-'; + next if /^-$short_no_arg*(e\d*\.\w*)?$/o || /^-$short_with_num\d+$/o; my($opt,$arg) = /^--([^=]+)(?:=(.*))?$/; my $disabled; if (defined $opt) { - my $ct = $long_opt{$opt}; - last unless defined $ct; - next if $ct == 0; - if ($ct > 0) { - if (!defined $arg) { - $check_type = $ct; - $last_opt = $opt; - next; - } - $arg = check_arg($opt, $arg, $ct); - $opts[-1] =~ s/=.*/=$arg/; - next; - } - $disabled = 1; - $opt = "--$opt"; + my $ct = $long_opt{$opt}; + last unless defined $ct; + next if $ct == 0; + if ($ct > 0) { + if (!defined $arg) { + $check_type = $ct; + $last_opt = $opt; + next; + } + $arg = check_arg($opt, $arg, $ct); + $opts[-1] =~ s/=.*/=$arg/; + next; + } + $disabled = 1; + $opt = "--$opt"; } elsif ($short_disabled ne '') { - $disabled = /^-$short_no_arg*([$short_disabled])/o; - $opt = "-$1"; + $disabled = /^-$short_no_arg*([$short_disabled])/o; + $opt = "-$1"; } last unless $disabled; # Generate generic failure @@ -166,10 +179,10 @@ while ($command =~ /((?:[^\s\\]+|\\.[^\s\\]*)+)/g) { } else { if ($subdir ne '/') { # Validate args to ensure they don't try to leave our restricted dir. - s#//+#/#g; - s#^/##; - s#^$#.#; - die "Do not use .. in any path!\n" if m#(^|/)\\?\.\\?\.(\\?/|$)#; + s{//+}{/}g; + s{^/}{}; + s{^$}{.}; + die "$0: do not use .. in any path!\n" if m{(^|/)\\?\.\\?\.(\\?/|$)}; } push(@args, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE)); } @@ -196,10 +209,11 @@ sub check_arg my($opt, $arg, $type) = @_; $arg =~ s/\\(.)/$1/g; if ($subdir ne '/' && ($type == 3 || ($type == 2 && !$am_sender))) { - $arg =~ s#//#/#g; + $arg =~ s{//}{/}g; die "Do not use .. in --$opt; anchor the path at the root of your restricted dir.\n" - if $arg =~ m#(^|/)\.\.(/|$)#; - $arg =~ s#^/#$subdir/#; + if $arg =~ m{(^|/)\.\.(/|$)}; + $arg =~ s{^/}{$subdir/}; } $arg; } + |