From 62b94cab6043f6c55d8069c9af6c6423246e0375 Mon Sep 17 00:00:00 2001
From: bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109>
Date: Sat, 26 Mar 2005 01:02:13 +0000
Subject: Added Dean Gaudet's fix to "--restrict /" option

git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/trunk@561 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
---
 rdiff-backup/CHANGELOG                |  4 +++-
 rdiff-backup/rdiff_backup/Security.py |  1 +
 rdiff-backup/testing/securitytest.py  | 10 ++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/rdiff-backup/CHANGELOG b/rdiff-backup/CHANGELOG
index d8ccd56..7235191 100644
--- a/rdiff-backup/CHANGELOG
+++ b/rdiff-backup/CHANGELOG
@@ -24,7 +24,9 @@ Fixed user/group restoring error noticed by Fran Firman.
 Checked in Robert Shaw's --chars-to-quote patch
 
 Treated hard link permission problem on Mac OS X by applying
-suggestion by David Vasilevsky.
+suggestion by David Vasilevsky
+
+Dean Gaudet's patch fixes "--restrict /" option.
 
 
 New in v0.13.4 (2004/01/31)
diff --git a/rdiff-backup/rdiff_backup/Security.py b/rdiff-backup/rdiff_backup/Security.py
index 4715f7e..57e3d2f 100644
--- a/rdiff-backup/rdiff_backup/Security.py
+++ b/rdiff-backup/rdiff_backup/Security.py
@@ -196,6 +196,7 @@ def vet_rpath(rpath):
 	"""Require rpath not to step outside retricted directory"""
 	if Globals.restrict_path and rpath.conn is Globals.local_connection:
 		normalized, restrict = rpath.normalize().path, Globals.restrict_path
+		if restrict == "/": return
 		components = normalized.split("/")
 		# 3 cases for restricted dir /usr/foo:  /var, /usr/foobar, /usr/foo/..
 		if (not normalized.startswith(restrict) or
diff --git a/rdiff-backup/testing/securitytest.py b/rdiff-backup/testing/securitytest.py
index e816b97..f8796ff 100644
--- a/rdiff-backup/testing/securitytest.py
+++ b/rdiff-backup/testing/securitytest.py
@@ -56,6 +56,16 @@ class SecurityTest(unittest.TestCase):
 			
 		SetConnections.CloseConnections()
 
+	def test_vet_rpath_root(self):
+		"""Test vetting when restricted to root"""
+		remote_cmd = "../rdiff-backup --server --restrict-update-only /"
+		conn = SetConnections.init_connection(remote_cmd)
+		for rp in [RPath(Globals.local_connection, "blahblah"),
+				   RPath(conn, "foo/bar")]:
+			conn.Globals.set("TEST_var", rp)
+			assert conn.Globals.get("TEST_var").path == rp.path
+		SetConnections.CloseConnections()
+
 	def secure_rdiff_backup(self, in_dir, out_dir, in_local, restrict_args,
 							extra_args = "", success = 1, current_time = None):
 		"""Run rdiff-backup locally, with given restrict settings"""
-- 
cgit v1.2.1