You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
229 lines
6.9 KiB
229 lines
6.9 KiB
--- rssh-2.3.3/main.c.in 2010-08-01 15:43:30.000000000 -0400
|
|
+++ rssh-2.3.3/main.c.in 2012-05-11 16:44:39.000000000 -0400
|
|
@@ -184,7 +184,7 @@
|
|
* determine if the command in cmdline is acceptable to run, and store
|
|
* name of program to exec in cmd
|
|
*/
|
|
- if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL;
|
|
+ if ( !(*cmd = get_command(cmdline, opts)) ) return NULL;
|
|
|
|
/* if we need to do chroot processing, do it */
|
|
if ( opts->shell_flags & RSSH_USE_CHROOT ){
|
|
@@ -252,7 +252,9 @@
|
|
}
|
|
|
|
/* return vector of pointers to command line arguments */
|
|
- return build_arg_vector(cmdline, 0);
|
|
+ argvec = build_arg_vector(cmdline, 0);
|
|
+ if (check_command_line(argvec, opts)) return argvec;
|
|
+ else return NULL;
|
|
}
|
|
|
|
void vers_info( void )
|
|
--- rssh-2.3.3/util.c 2010-08-01 09:07:00.000000000 -0400
|
|
+++ rssh-2.3.3/util.c 2012-05-11 16:43:10.000000000 -0400
|
|
@@ -106,7 +106,7 @@
|
|
/* print error message to user and log attempt */
|
|
fprintf(stderr, "\nThis account is restricted by rssh.\n"
|
|
"%s\n\nIf you believe this is in error, please contact "
|
|
- "your system administrator.\n\n", cmd);
|
|
+ "your system administrator.\n\n", cmd);
|
|
if ( argc < 3 )
|
|
log_msg("user %s attempted to log in with a shell",
|
|
username);
|
|
@@ -132,31 +132,35 @@
|
|
*/
|
|
bool opt_exist(char *cl, char opt)
|
|
{
|
|
- int i = 0;
|
|
+ int i = 1;
|
|
int len;
|
|
- char *token;
|
|
- bool optstring = FALSE;
|
|
-
|
|
|
|
len = strlen(cl);
|
|
|
|
/* process command line character by character */
|
|
- while ( i < (len - 2) ){
|
|
- if ( cl[i] == ' ' || cl[i] == '\t' ){
|
|
- if ( cl[i+1] == '-' ){
|
|
- optstring = TRUE;
|
|
- i+=2;
|
|
- }
|
|
- }
|
|
- if ( cl[i] == opt && optstring ) return TRUE;
|
|
- if ( cl[i] == ' ' || cl[i] == '\t' || cl[i] == '-' )
|
|
- optstring = FALSE;
|
|
+ if (!(cl[0] == '-')) return FALSE;
|
|
+ while ( i < (len) ){
|
|
+ if ( cl[i] == opt ) return TRUE;
|
|
i++;
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
+bool opt_filter(char **vec, const char opt)
|
|
+{
|
|
+ while (vec && *vec){
|
|
+ if (opt_exist(*vec, opt)){
|
|
+ fprintf(stderr, "\nillegal insecure %c option", opt);
|
|
+ log_msg("insecure %c option in scp command line!", opt);
|
|
+ return TRUE;
|
|
+ }
|
|
+ vec++;
|
|
+ }
|
|
+ return FALSE;
|
|
+}
|
|
+
|
|
+
|
|
bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag )
|
|
{
|
|
int cl_len; /* length of command line */
|
|
@@ -186,69 +190,78 @@
|
|
return FALSE;
|
|
}
|
|
|
|
+
|
|
/*
|
|
* check_command_line() - take the command line passed to rssh, and verify
|
|
- * that the specified command is one the user is
|
|
- * allowed to run. Return the path of the command
|
|
- * which will be run if it is ok, or return NULL if it
|
|
- * is not.
|
|
+ * that the specified command is one the user is
|
|
+ * allowed to run and validate the arguments. Return the
|
|
+ * path of the command which will be run if it is ok, or
|
|
+ * return NULL if it is not.
|
|
*/
|
|
-char *check_command_line( char *cl, ShellOptions_t *opts )
|
|
+char *check_command_line( char **cl, ShellOptions_t *opts )
|
|
{
|
|
|
|
- if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
|
|
+ if ( check_command(*cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
|
|
return PATH_SFTP_SERVER;
|
|
|
|
- if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
|
|
+ if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
|
|
/* filter -S option */
|
|
- if ( opt_exist(cl, 'S') ){
|
|
- fprintf(stderr, "\ninsecure -S option not allowed.");
|
|
- log_msg("insecure -S option in scp command line!");
|
|
- return NULL;
|
|
- }
|
|
+ if ( opt_filter(cl, 'S') ) return NULL;
|
|
return PATH_SCP;
|
|
}
|
|
|
|
- if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
|
|
- if ( opt_exist(cl, 'e') ){
|
|
- fprintf(stderr, "\ninsecure -e option not allowed.");
|
|
- log_msg("insecure -e option in cvs command line!");
|
|
- return NULL;
|
|
- }
|
|
+ if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
|
|
+ if ( opt_filter(cl, 'e') ) return NULL;
|
|
return PATH_CVS;
|
|
}
|
|
|
|
- if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
|
|
+ if ( check_command(*cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
|
|
/* filter -P option */
|
|
- if ( opt_exist(cl, 'P') ){
|
|
- fprintf(stderr, "\ninsecure -P option not allowed.");
|
|
- log_msg("insecure -P option in rdist command line!");
|
|
- return NULL;
|
|
- }
|
|
+ if ( opt_filter(cl, 'P') ) return NULL;
|
|
return PATH_RDIST;
|
|
}
|
|
|
|
- if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
|
|
+ if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
|
|
/* filter -e option */
|
|
- if ( opt_exist(cl, 'e') ){
|
|
- fprintf(stderr, "\ninsecure -e option not allowed.");
|
|
- log_msg("insecure -e option in rdist command line!");
|
|
- return NULL;
|
|
- }
|
|
-
|
|
- if ( strstr(cl, "--rsh=" ) ){
|
|
- fprintf(stderr, "\ninsecure --rsh= not allowed.");
|
|
- log_msg("insecure --rsh option in rsync command line!");
|
|
- return NULL;
|
|
+ if ( opt_filter(cl, 'e') ) return NULL;
|
|
+ while (cl && *cl){
|
|
+ if ( strstr(*cl, "--rsh=" ) ){
|
|
+ fprintf(stderr, "\ninsecure --rsh= not allowed.");
|
|
+ log_msg("insecure --rsh option in rsync command line!");
|
|
+ return NULL;
|
|
+ }
|
|
}
|
|
-
|
|
return PATH_RSYNC;
|
|
}
|
|
+ /* No match, return NULL */
|
|
+ return NULL;
|
|
+}
|
|
+
|
|
+
|
|
+/*
|
|
+ * get_command() - take the command line passed to rssh, and verify
|
|
+ * that the specified command is one the user is allowed to run.
|
|
+ * Return the path of the command which will be run if it is ok,
|
|
+ * or return NULL if it is not.
|
|
+ */
|
|
+char *get_command( char *cl, ShellOptions_t *opts )
|
|
+{
|
|
|
|
+ if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
|
|
+ return PATH_SFTP_SERVER;
|
|
+ if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) )
|
|
+ return PATH_SCP;
|
|
+ if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) )
|
|
+ return PATH_CVS;
|
|
+ if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) )
|
|
+ return PATH_RDIST;
|
|
+ if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) )
|
|
+ return PATH_RSYNC;
|
|
return NULL;
|
|
}
|
|
|
|
|
|
+
|
|
/*
|
|
* extract_root() - takes a root directory and the full path to some other
|
|
* directory, and returns a pointer to a string which
|
|
@@ -264,7 +277,7 @@
|
|
len = strlen(root);
|
|
/* get rid of a trailing / from the root path */
|
|
if ( root[len - 1] == '/' ){
|
|
- root[len - 1] = '\0';
|
|
+ root[len - 1] = '\0';
|
|
len--;
|
|
}
|
|
if ( (strncmp(root, path, len)) ) return NULL;
|
|
@@ -309,7 +322,7 @@
|
|
* same name, and returns FALSE if the bits are not valid
|
|
*/
|
|
int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
|
|
- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
|
|
+ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
|
|
{
|
|
int i;
|
|
|
|
--- rssh-2.3.3/util.h 2006-12-21 17:22:38.000000000 -0500
|
|
+++ rssh-2.3.3/util.h 2012-05-11 16:21:12.000000000 -0400
|
|
@@ -33,7 +33,8 @@
|
|
#include "rsshconf.h"
|
|
|
|
void fail( int flags, int argc, char **argv );
|
|
-char *check_command_line( char *cl, ShellOptions_t *opts );
|
|
+char *check_command_line( char **cl, ShellOptions_t *opts );
|
|
+char *get_command( char *cl, ShellOptions_t *opts);
|
|
char *extract_root( char *root, char *path );
|
|
int validate_umask( const char *temp, int *mask );
|
|
int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
|