|
version 1.1.1.3, 2016/11/01 09:54:32
|
version 1.1.1.4, 2021/03/17 00:32:36
|
|
Line 1
|
Line 1
|
| #!/usr/bin/perl | #!/usr/bin/env perl |
| # Name: /usr/local/bin/rrsync (should also have a symlink in /usr/bin) |
# Name: /usr/local/bin/rrsync (should also have a symlink in /usr/bin) |
| # Purpose: Restricts rsync to subdirectory declared in .ssh/authorized_keys |
# Purpose: Restricts rsync to subdirectory declared in .ssh/authorized_keys |
| # Author: Joe Smith <js-cgi@inwap.com> 30-Sep-2004 |
# Author: Joe Smith <js-cgi@inwap.com> 30-Sep-2004 |
| # Modified by: Wayne Davison <wayned@samba.org> | # Modified by: Wayne Davison <wayne@opencoder.net> |
| use strict; |
use strict; |
| |
|
| use Socket; |
use Socket; |
|
Line 62 die "$0 reading from write-only server not allowed\n"
|
Line 62 die "$0 reading from write-only server not allowed\n"
|
| # To disable a short-named option, add its letter to this string: |
# To disable a short-named option, add its letter to this string: |
| our $short_disabled = 's'; |
our $short_disabled = 's'; |
| |
|
| our $short_no_arg = 'ACDEHIJKLORSWXbcdgklmnoprstuvxyz'; # DO NOT REMOVE ANY | our $short_no_arg = 'ACDEHIJKLORSUWXbcdgklmnopqrstuvxyz'; # DO NOT REMOVE ANY |
| our $short_with_num = 'B'; # DO NOT REMOVE ANY | our $short_with_num = '@B'; # DO NOT REMOVE ANY |
| |
|
| # To disable a long-named option, change its value to a -1. The values mean: |
# To disable a long-named option, change its value to a -1. The values mean: |
| # 0 = the option has no arg; 1 = the arg doesn't need any checking; 2 = only |
# 0 = the option has no arg; 1 = the arg doesn't need any checking; 2 = only |
|
Line 73 our %long_opt = (
|
Line 73 our %long_opt = (
|
| 'backup-dir' => 2, |
'backup-dir' => 2, |
| 'block-size' => 1, |
'block-size' => 1, |
| 'bwlimit' => 1, |
'bwlimit' => 1, |
| |
'checksum-choice' => 1, |
| 'checksum-seed' => 1, |
'checksum-seed' => 1, |
| 'compare-dest' => 2, |
'compare-dest' => 2, |
| |
'compress-choice' => 1, |
| 'compress-level' => 1, |
'compress-level' => 1, |
| 'copy-dest' => 2, |
'copy-dest' => 2, |
| 'copy-unsafe-links' => 0, |
'copy-unsafe-links' => 0, |
|
Line 107 our %long_opt = (
|
Line 109 our %long_opt = (
|
| 'link-dest' => 2, |
'link-dest' => 2, |
| 'links' => 0, |
'links' => 0, |
| 'list-only' => 0, |
'list-only' => 0, |
| 'log-file' => 3, | 'log-file' => $only eq 'r' ? -1 : 3, |
| 'log-format' => 1, |
'log-format' => 1, |
| |
'max-alloc' => 1, |
| 'max-delete' => 1, |
'max-delete' => 1, |
| 'max-size' => 1, |
'max-size' => 1, |
| 'min-size' => 1, |
'min-size' => 1, |
|
Line 119 our %long_opt = (
|
Line 122 our %long_opt = (
|
| 'no-relative' => 0, |
'no-relative' => 0, |
| 'no-specials' => 0, |
'no-specials' => 0, |
| 'numeric-ids' => 0, |
'numeric-ids' => 0, |
| |
'old-compress' => 0, |
| 'one-file-system' => 0, |
'one-file-system' => 0, |
| 'only-write-batch' => 1, |
'only-write-batch' => 1, |
| |
'open-noatime' => 0, |
| 'owner' => 0, |
'owner' => 0, |
| 'partial' => 0, |
'partial' => 0, |
| 'partial-dir' => 2, |
'partial-dir' => 2, |
|
Line 130 our %long_opt = (
|
Line 135 our %long_opt = (
|
| 'remove-sent-files' => $only eq 'r' ? -1 : 0, |
'remove-sent-files' => $only eq 'r' ? -1 : 0, |
| 'remove-source-files' => $only eq 'r' ? -1 : 0, |
'remove-source-files' => $only eq 'r' ? -1 : 0, |
| 'safe-links' => 0, |
'safe-links' => 0, |
| 'sender' => 0, | 'sender' => $only eq 'w' ? -1 : 0, |
| 'server' => 0, |
'server' => 0, |
| 'size-only' => 0, |
'size-only' => 0, |
| 'skip-compress' => 1, |
'skip-compress' => 1, |
|
Line 143 our %long_opt = (
|
Line 148 our %long_opt = (
|
| 'times' => 0, |
'times' => 0, |
| 'use-qsort' => 0, |
'use-qsort' => 0, |
| 'usermap' => 1, |
'usermap' => 1, |
| |
'write-devices' => -1, |
| ); |
); |
| |
|
| ### END of options data produced by the cull_options script. ### |
### END of options data produced by the cull_options script. ### |
|
Line 207 while ($command =~ /((?:[^\s\\]+|\\.[^\s\\]*)+)/g) {
|
Line 213 while ($command =~ /((?:[^\s\\]+|\\.[^\s\\]*)+)/g) {
|
| s{//+}{/}g; |
s{//+}{/}g; |
| s{^/}{}; |
s{^/}{}; |
| s{^$}{.}; |
s{^$}{.}; |
| die "$0: do not use .. in any path!\n" if m{(^|/)\\?\.\\?\.(\\?/|$)}; |
|
| } |
} |
| push(@args, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE)); |
push(@args, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE)); |
| } |
} |
| } |
} |
| die "$0: invalid rsync-command syntax or options\n" if $in_options; |
die "$0: invalid rsync-command syntax or options\n" if $in_options; |
| |
|
| |
if ($subdir ne '/') { |
| |
die "$0: do not use .. in any path!\n" if grep m{(^|/)\.\.(/|$)}, @args; |
| |
} |
| |
|
| @args = ( '.' ) if !@args; |
@args = ( '.' ) if !@args; |
| |
|
| if ($write_log) { |
if ($write_log) { |
|
Line 227 if ($write_log) {
|
Line 236 if ($write_log) {
|
| } |
} |
| |
|
| # Note: This assumes that the rsync protocol will not be maliciously hijacked. |
# Note: This assumes that the rsync protocol will not be maliciously hijacked. |
| exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!"; | exec(RSYNC, @opts, '--', @args) or die "exec(rsync @opts -- @args) failed: $? $!"; |
| |
|
| sub check_arg |
sub check_arg |
| { |
{ |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rrsync CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / rsync / support