summaryrefslogtreecommitdiff
path: root/support
diff options
context:
space:
mode:
authorWayne Davison <wayned@samba.org>2005-06-17 05:14:15 +0000
committerWayne Davison <wayned@samba.org>2005-06-17 05:14:15 +0000
commit1524815ed3ca019c007a93f6e90ab95a445833de (patch)
tree8372665148295cf80ba4dfc5e2ecf7d760f2fe62 /support
parent985af7035eff604bf739d0bbf14bd1b601c9a16e (diff)
downloadrsync-1524815ed3ca019c007a93f6e90ab95a445833de.tar.gz
rsync-1524815ed3ca019c007a93f6e90ab95a445833de.tar.bz2
rsync-1524815ed3ca019c007a93f6e90ab95a445833de.zip
- Make sure that the command contained the '.' arg at the end of the
options. - Fixed the expanding of wildcards for a restriction of '/'.
Diffstat (limited to 'support')
-rw-r--r--support/rrsync37
1 files changed, 16 insertions, 21 deletions
diff --git a/support/rrsync b/support/rrsync
index b3a02544..41fd267d 100644
--- a/support/rrsync
+++ b/support/rrsync
@@ -19,7 +19,7 @@ our $ro = (@ARGV && $ARGV[0] eq '-ro') ? shift : ''; # -ro = Read-Only
our $subdir = shift;
die "$0: No subdirectory specified\n$Usage" unless defined $subdir;
$subdir = abs_path($subdir);
-die "$0: Restricted subdirectory does not exist!\n" if $subdir ne '/' && !-d $subdir;
+die "$0: Restricted directory does not exist!\n" if $subdir ne '/' && !-d $subdir;
# The client uses "rsync -av -e ssh src/ server:dir/", and sshd on the server
# executes this program when .ssh/authorized_keys has 'command="..."'.
@@ -101,6 +101,10 @@ if ($short_disabled ne '') {
$short_with_num =~ s/[$short_disabled]//go;
}
+my $write_log = -f LOGFILE && open(LOG, '>>', LOGFILE);
+
+chdir($subdir) or die "$0: Unable to chdir to restricted dir: $!\n";
+
my(@opts, @args);
my $in_options = 1;
my $last_opt = '';
@@ -148,36 +152,27 @@ foreach (split(/(?<!\\)\s+/, $command)) {
}
die "$0: option $opt has been disabled on this server.\n" if $disabled;
- die "$0: invalid rsync-command syntax or options\n";
+ last;
}
} else {
- push(@args, $_);
- }
-}
-
-my $write_log = -f LOGFILE && open(LOG, '>>', LOGFILE);
-
-chdir($subdir) or die "$0: Unable to chdir to $subdir: $!\n";
-
-# Validate args to ensure they don't try to leave our restricted dir.
-if ($subdir ne '/') {
- my @new;
- foreach (@args) {
- s#//+#/#g;
- s#^/##;
- s#^$#.#;
- die "Do not use .. in any path!\n" if m#(^|/)\\?\.\\?\.(\\?/|$)#;
- push(@new, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE));
+ if ($subdir ne '/') {
+ # Validate args to ensure they don't try to leave our restricted dir.
+ s#//+#/#g;
+ s#^/##;
+ s#^$#.#;
+ die "Do not use .. in any path!\n" if m#(^|/)\\?\.\\?\.(\\?/|$)#;
+ }
+ push(@args, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE));
}
- @args = @new;
}
+die "$0: invalid rsync-command syntax or options\n" if $in_options;
@args = ( '.' ) if !@args;
if ($write_log) {
my ($mm,$hh) = (localtime)[1,2];
my $host = $ENV{SSH_CONNECTION} || 'unknown';
- $host =~ s/ .*//; # Keep only the client's IP addr
+ $host =~ s/ .*//; # Keep only the client's IP addr
$host =~ s/^::ffff://;
$host = gethostbyaddr(inet_aton($host),AF_INET) || $host;
printf LOG "%02d:%02d %-13s [%s]\n", $hh, $mm, $host, "@opts @args";