diff options
| author | Wayne Davison <wayned@samba.org> | 2005-06-17 05:14:15 +0000 |
|---|---|---|
| committer | Wayne Davison <wayned@samba.org> | 2005-06-17 05:14:15 +0000 |
| commit | 1524815ed3ca019c007a93f6e90ab95a445833de (patch) | |
| tree | 8372665148295cf80ba4dfc5e2ecf7d760f2fe62 /support/rrsync | |
| parent | 985af7035eff604bf739d0bbf14bd1b601c9a16e (diff) | |
| download | rsync-1524815ed3ca019c007a93f6e90ab95a445833de.tar.gz | |
- Make sure that the command contained the '.' arg at the end of the
options.
- Fixed the expanding of wildcards for a restriction of '/'.
Diffstat (limited to 'support/rrsync')
| -rw-r--r-- | support/rrsync | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/support/rrsync b/support/rrsync index b3a02544..41fd267d 100644 --- a/support/rrsync +++ b/support/rrsync @@ -19,7 +19,7 @@ our $ro = (@ARGV && $ARGV[0] eq '-ro') ? shift : ''; # -ro = Read-Only our $subdir = shift; die "$0: No subdirectory specified\n$Usage" unless defined $subdir; $subdir = abs_path($subdir); -die "$0: Restricted subdirectory does not exist!\n" if $subdir ne '/' && !-d $subdir; +die "$0: Restricted directory does not exist!\n" if $subdir ne '/' && !-d $subdir; # The client uses "rsync -av -e ssh src/ server:dir/", and sshd on the server # executes this program when .ssh/authorized_keys has 'command="..."'. @@ -101,6 +101,10 @@ if ($short_disabled ne '') { $short_with_num =~ s/[$short_disabled]//go; } +my $write_log = -f LOGFILE && open(LOG, '>>', LOGFILE); + +chdir($subdir) or die "$0: Unable to chdir to restricted dir: $!\n"; + my(@opts, @args); my $in_options = 1; my $last_opt = ''; @@ -148,36 +152,27 @@ foreach (split(/(?<!\\)\s+/, $command)) { } die "$0: option $opt has been disabled on this server.\n" if $disabled; - die "$0: invalid rsync-command syntax or options\n"; + last; } } else { - push(@args, $_); - } -} - -my $write_log = -f LOGFILE && open(LOG, '>>', LOGFILE); - -chdir($subdir) or die "$0: Unable to chdir to $subdir: $!\n"; - -# Validate args to ensure they don't try to leave our restricted dir. -if ($subdir ne '/') { - my @new; - foreach (@args) { - s#//+#/#g; - s#^/##; - s#^$#.#; - die "Do not use .. in any path!\n" if m#(^|/)\\?\.\\?\.(\\?/|$)#; - push(@new, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE)); + if ($subdir ne '/') { + # Validate args to ensure they don't try to leave our restricted dir. + s#//+#/#g; + s#^/##; + s#^$#.#; + die "Do not use .. in any path!\n" if m#(^|/)\\?\.\\?\.(\\?/|$)#; + } + push(@args, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE)); } - @args = @new; } +die "$0: invalid rsync-command syntax or options\n" if $in_options; @args = ( '.' ) if !@args; if ($write_log) { my ($mm,$hh) = (localtime)[1,2]; my $host = $ENV{SSH_CONNECTION} || 'unknown'; - $host =~ s/ .*//; # Keep only the client's IP addr + $host =~ s/ .*//; # Keep only the client's IP addr $host =~ s/^::ffff://; $host = gethostbyaddr(inet_aton($host),AF_INET) || $host; printf LOG "%02d:%02d %-13s [%s]\n", $hh, $mm, $host, "@opts @args"; |