From 47e616b933c51731a7e95e3b507e2fe56d8eb351 Mon Sep 17 00:00:00 2001
From: bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109>
Date: Wed, 27 Aug 2003 20:29:30 +0000
Subject: Fixed problems with --restrict-XXX switches

git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/branches/r0-12@408 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
---
 rdiff-backup/CHANGELOG                |  3 +++
 rdiff-backup/rdiff_backup/Main.py     | 19 +++++++++++++++----
 rdiff-backup/rdiff_backup/Security.py | 29 ++++++++++++++++++-----------
 3 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/rdiff-backup/CHANGELOG b/rdiff-backup/CHANGELOG
index 11f3035..771d788 100644
--- a/rdiff-backup/CHANGELOG
+++ b/rdiff-backup/CHANGELOG
@@ -12,6 +12,9 @@ If there is data missing from the destination dir (for instance if a
 user mistakenly deletes it), only warn when restoring, instead of
 exiting with error.
 
+Fixed problems with --restrict options that would cause proper
+sessions to fail.  Thanks to Randall Nortman for error report.
+
 
 New in v0.12.3 (2003/08/08)
 ---------------------------
diff --git a/rdiff-backup/rdiff_backup/Main.py b/rdiff-backup/rdiff_backup/Main.py
index da1e596..a9a5954 100644
--- a/rdiff-backup/rdiff_backup/Main.py
+++ b/rdiff-backup/rdiff_backup/Main.py
@@ -419,7 +419,8 @@ def restore_set_select(mirror_rp, target):
 def restore_start_log(rpin, target, time):
 	"""Open restore log file, log initial message"""
 	try: Log.open_logfile(datadir.append("restore.log"))
-	except LoggerError, e: Log("Warning, " + str(e), 2)
+	except (LoggerError, Security.Violation), e:
+		Log("Warning - Unable to open " + str(e), 2)
 
 	# Log following message at file verbosity 3, but term verbosity 4
 	log_message = ("Starting restore of %s to %s as it was as of %s." %
@@ -475,11 +476,15 @@ def restore_get_root(rpin):
 	global datadir
 	if rpin.isincfile(): relpath = rpin.getincbase().path
 	else: relpath = rpin.path
-	pathcomps = os.path.join(rpin.conn.os.getcwd(), relpath).split("/")
-	assert len(pathcomps) >= 2 # path should be relative to /
+	if rpin.conn is not Globals.local_connection:
+		# For security checking consistency, don't get absolute path
+		pathcomps = relpath.split('/')
+	else: pathcomps = os.path.join(os.getcwd(), relpath).split("/")
+	if not pathcomps[0]: min_len_pathcomps = 2 # treat abs paths differently
+	else: min_len_pathcomps = 1
 
 	i = len(pathcomps)
-	while i >= 2:
+	while i >= min_len_pathcomps:
 		parent_dir = rpath.RPath(rpin.conn, "/".join(pathcomps[:i]))
 		if (parent_dir.isdir() and
 			"rdiff-backup-data" in parent_dir.listdir()): break
@@ -613,6 +618,12 @@ The rdiff-backup data directory
 exists, but we cannot find a valid current_mirror marker.  You can
 avoid this message by removing this directory; however any data in it
 will be lost.
+
+Probably this error was caused because the first rdiff-backup session
+into a new directory failed.  If this is the case it is safe to delete
+the rdiff_backup_data directory because there is no important
+information in it.
+
 """ % (Globals.rbdir.path,))
 	elif len(curmir_incs) == 1: return 0
 	else:
diff --git a/rdiff-backup/rdiff_backup/Security.py b/rdiff-backup/rdiff_backup/Security.py
index 83ddcf2..9254a0c 100644
--- a/rdiff-backup/rdiff_backup/Security.py
+++ b/rdiff-backup/rdiff_backup/Security.py
@@ -116,7 +116,9 @@ def set_allowed_requests(sec_level):
 						"Log.log_to_file",
 						"SetConnections.add_redirected_conn",
 						"RedirectedRun",
-						"sys.stdout.write"]
+						"sys.stdout.write",
+						"robust.install_signal_handlers",
+						"Hardlink.initialize_dictionaries"]
 	if sec_level == "minimal": pass
 	elif sec_level == "read-only" or sec_level == "update-only":
 		allowed_requests.extend(
@@ -125,23 +127,28 @@ def set_allowed_requests(sec_level):
 			 "os.getuid",
 			 "os.listdir",
 			 "Time.setcurtime_local",
-			 "robust.Resume.ResumeCheck",
-			 "backup.SourceStruct.split_initial_dsiter",
-			 "backup.SourceStruct.get_diffs_and_finalize",
 			 "rpath.gzip_open_local_read",
 			 "rpath.open_local_read"])
+		if sec_level == "read-only":
+			allowed_requests.extend(
+				["restore.MirrorStruct.set_mirror_and_rest_times",
+				 "restore.MirrorStruct.initialize_rf_cache",
+				 "restore.MirrorStruct.get_diffs",
+				 "backup.SourceStruct.set_source_select",
+				 "backup.SourceStruct.get_source_select",
+				 "backup.SourceStruct.get_diffs"])
 		if sec_level == "update-only":
 			allowed_requests.extend(
-				["Log.open_logfile_local", "Log.close_logfile_local",
-				 "Log.close_logfile_allconn", "Log.log_to_file",
-				 "log.Log.log_to_file",
+				["log.Log.open_logfile_local", "log.Log.close_logfile_local",
+				 "log.ErrorLog.open", "log.ErrorLog.isopen",
+				 "log.ErrorLog.close",
 				 "robust.SaveState.init_filenames",
 				 "robust.SaveState.touch_last_file",
-				 "backup.DestinationStruct.get_sigs",
-				 "backup.DestinationStruct.patch_w_datadir_writes",
-				 "backup.DestinationStruct.patch_and_finalize",
-				 "backup.DestinationStruct.patch_increment_and_finalize",
+				 "backup.DestinationStruct.set_rorp_cache",
+				 "backup.DestinationStruct.get_sigs",				 
+				 "backup.DestinationStruct.patch_and_increment",
 				 "Main.backup_touch_curmirror_local",
+				 "Main.backup_remove_curmirror_local",
 				 "Globals.ITRB.increment_stat",
 				 "statistics.record_error",
 				 "log.ErrorLog.write_if_open"])
-- 
cgit v1.2.1