Attachment 590381 Details for Bug 820414 – rssh-v2.3.4 patch from Derek Martin

[patch] rssh-v2.3.4 patch from Derek Martin

rssh.2.3.4.patch (text/plain), 7.31 KB, created by Jan Lieskovsky on 2012-06-08 09:05:10 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jan Lieskovsky

Created: 2012-06-08 09:05:10 UTC

Size: 7.31 KB

patch

obsolete

>diff -ru rssh-2.3.3.orig/main.c.in rssh-2.3.3/main.c.in
>--- rssh-2.3.3.orig/main.c.in	2010-08-01 15:43:30.000000000 -0400
>+++ rssh-2.3.3/main.c.in	2012-05-11 16:44:39.000000000 -0400
>@@ -184,7 +184,7 @@
> 	 * determine if the command in cmdline is acceptable to run, and store
> 	 * name of program to exec in cmd
> 	 */
>-	if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL;
>+	if ( !(*cmd = get_command(cmdline, opts)) ) return NULL;
> 
> 	/* if we need to do chroot processing, do it */
> 	if ( opts->shell_flags & RSSH_USE_CHROOT ){
>@@ -252,7 +252,9 @@
> 	}
> 
> 	/* return vector of pointers to command line arguments */
>-	return build_arg_vector(cmdline, 0);
>+	argvec = build_arg_vector(cmdline, 0);
>+	if (check_command_line(argvec, opts)) return argvec;
>+	else return NULL;
> }
> 
> void vers_info( void )
>diff -ru rssh-2.3.3.orig/util.c rssh-2.3.3/util.c
>--- rssh-2.3.3.orig/util.c	2010-08-01 09:07:00.000000000 -0400
>+++ rssh-2.3.3/util.c	2012-05-11 16:43:10.000000000 -0400
>@@ -106,7 +106,7 @@
> 	/* print error message to user and log attempt */
> 	fprintf(stderr, "\nThis account is restricted by rssh.\n"
> 		"%s\n\nIf you believe this is in error, please contact "
>-	        "your system administrator.\n\n", cmd);
>+		"your system administrator.\n\n", cmd);
> 	if ( argc < 3 )
> 		log_msg("user %s attempted to log in with a shell",
> 			username);
>@@ -132,31 +132,35 @@
>  */
> bool opt_exist(char *cl, char opt)
> {
>-	int	i = 0;
>+	int	i = 1;
> 	int	len;
>-	char	*token;
>-	bool	optstring = FALSE;
>-
> 
> 	len = strlen(cl);
> 
> 	/* process command line character by character */
>-	while ( i < (len - 2) ){
>-		if ( cl[i] == ' ' || cl[i] == '\t' ){
>-			if ( cl[i+1] == '-' ){ 
>-				optstring = TRUE;
>-				i+=2;
>-			}
>-		}
>-		if ( cl[i] == opt && optstring ) return TRUE;
>-		if ( cl[i] == ' ' || cl[i] == '\t' || cl[i] == '-' ) 
>-			optstring = FALSE;
>+	if (!(cl[0] == '-')) return FALSE;
>+	while ( i < (len) ){
>+		if ( cl[i] == opt ) return TRUE;
> 		i++;
> 	}
> 	return FALSE;
> }
> 
> 
>+bool opt_filter(char **vec, const char opt)
>+{
>+	while (vec && *vec){
>+		if (opt_exist(*vec, opt)){
>+			fprintf(stderr, "\nillegal insecure %c option", opt);
>+			log_msg("insecure %c option in scp command line!", opt);
>+			return TRUE;
>+		}
>+		vec++;
>+	}
>+	return FALSE;
>+}
>+
>+
> bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag )
> {
> 	int	cl_len;		/* length of command line */
>@@ -186,69 +190,78 @@
> 	return FALSE;
> }
> 
>+
> /*
>  * check_command_line() - take the command line passed to rssh, and verify
>- * 			  that the specified command is one the user is
>- * 			  allowed to run.  Return the path of the command
>- * 			  which will be run if it is ok, or return NULL if it
>- * 			  is not.
>+ *			  that the specified command is one the user is
>+ *			  allowed to run and validate the arguments.  Return the
>+ *			  path of the command which will be run if it is ok, or
>+ *			  return NULL if it is not.
>  */
>-char *check_command_line( char *cl, ShellOptions_t *opts )
>+char *check_command_line( char **cl, ShellOptions_t *opts )
> {
> 
>-	if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
>+	if ( check_command(*cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
> 		return PATH_SFTP_SERVER;
> 
>-	if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
>+	if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
> 		/* filter -S option */
>-		if ( opt_exist(cl, 'S') ){
>-			fprintf(stderr, "\ninsecure -S option not allowed.");
>-			log_msg("insecure -S option in scp command line!");
>-			return NULL;
>-		}
>+		if ( opt_filter(cl, 'S') ) return NULL;
> 		return PATH_SCP;
> 	}
> 
>-	if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
>-		if ( opt_exist(cl, 'e') ){
>-			fprintf(stderr, "\ninsecure -e option not allowed.");
>-			log_msg("insecure -e option in cvs command line!");
>-			return NULL;
>-		}
>+	if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
>+		if ( opt_filter(cl, 'e') ) return NULL;
> 		return PATH_CVS;
> 	}
> 
>-	if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
>+	if ( check_command(*cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
> 		/* filter -P option */
>-		if ( opt_exist(cl, 'P') ){
>-			fprintf(stderr, "\ninsecure -P option not allowed.");
>-			log_msg("insecure -P option in rdist command line!");
>-			return NULL;
>-		}
>+		if ( opt_filter(cl, 'P') ) return NULL;
> 		return PATH_RDIST;
> 	}
> 
>-	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
>+	if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
> 		/* filter -e option */
>-		if ( opt_exist(cl, 'e') ){
>-			fprintf(stderr, "\ninsecure -e option not allowed.");
>-			log_msg("insecure -e option in rdist command line!");
>-			return NULL;
>-		}
>-		
>-		if ( strstr(cl, "--rsh=" ) ){
>-			fprintf(stderr, "\ninsecure --rsh= not allowed.");
>-			log_msg("insecure --rsh option in rsync command line!");
>-			return NULL;
>+		if ( opt_filter(cl, 'e') ) return NULL;
>+		while (cl && *cl){
>+			if ( strstr(*cl, "--rsh=" ) ){
>+				fprintf(stderr, "\ninsecure --rsh= not allowed.");
>+				log_msg("insecure --rsh option in rsync command line!");
>+				return NULL;
>+			}
> 		}
>-
> 		return PATH_RSYNC;
> 	}
>+	/* No match, return NULL */
>+	return NULL;
>+}
>+
>+
>+/*
>+ * get_command() - take the command line passed to rssh, and verify
>+ *		   that the specified command is one the user is allowed to run.
>+ *		   Return the path of the command which will be run if it is ok,
>+ *		   or return NULL if it is not.
>+ */
>+char *get_command( char *cl, ShellOptions_t *opts )
>+{
> 
>+	if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
>+		return PATH_SFTP_SERVER;
>+	if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) )
>+		return PATH_SCP;
>+	if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) )
>+		return PATH_CVS;
>+	if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) )
>+		return PATH_RDIST;
>+	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) )
>+		return PATH_RSYNC;
> 	return NULL;
> }
> 
> 
>+
> /*
>  * extract_root() - takes a root directory and the full path to some other
>  *                  directory, and returns a pointer to a string which
>@@ -264,7 +277,7 @@
> 	len = strlen(root);
> 	/* get rid of a trailing / from the root path */
> 	if ( root[len - 1] == '/' ){
>-	       	root[len - 1] = '\0';
>+		root[len - 1] = '\0';
> 		len--;
> 	}
> 	if ( (strncmp(root, path, len)) ) return NULL;
>@@ -309,7 +322,7 @@
>  *                     same name, and returns FALSE if the bits are not valid
>  */
> int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
>-	       	     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
>+		     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
> {
> 	int	i;
> 
>diff -ru rssh-2.3.3.orig/util.h rssh-2.3.3/util.h
>--- rssh-2.3.3.orig/util.h	2006-12-21 17:22:38.000000000 -0500
>+++ rssh-2.3.3/util.h	2012-05-11 16:21:12.000000000 -0400
>@@ -33,7 +33,8 @@
> #include "rsshconf.h"
> 
> void fail( int flags, int argc, char **argv );
>-char *check_command_line( char *cl, ShellOptions_t *opts );
>+char *check_command_line( char **cl, ShellOptions_t *opts );
>+char *get_command( char *cl, ShellOptions_t *opts);
> char *extract_root( char *root, char *path );
> int  validate_umask( const char *temp, int *mask );
> int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,

Actions: View | Diff

Attachments on bug 820414: 590381