diff options
author | Christian Hesse | 2015-06-30 11:44:28 +0200 |
---|---|---|
committer | Christian Hesse | 2015-06-30 11:44:28 +0200 |
commit | 12aafec21d5121eb43159d696998f166e725fbbf (patch) | |
tree | 309e0a9fa986b891a28bf7b3f803440d6bb58822 | |
download | aur-rssh.tar.gz |
initial import of rssh 2.3.4-5
-rw-r--r-- | .SRCINFO | 34 | ||||
-rw-r--r-- | 0001-fail-logging.patch | 30 | ||||
-rw-r--r-- | 0002-info-to-debug.patch | 108 | ||||
-rw-r--r-- | 0003-man-page-spelling.patch | 26 | ||||
-rw-r--r-- | 0004-mkchroot.patch | 190 | ||||
-rw-r--r-- | 0005-mkchroot-arch.patch | 29 | ||||
-rw-r--r-- | 0006-mkchroot-symlink.patch | 12 | ||||
-rw-r--r-- | 0007-destdir.patch | 24 | ||||
-rw-r--r-- | 0008-rsync-protocol.patch | 130 | ||||
-rw-r--r-- | PKGBUILD | 76 |
10 files changed, 659 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..421f95c96a49 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,34 @@ +pkgbase = rssh + pkgdesc = Restricted secure shell allowing only scp, sftp, cvs, rsync or rdist + pkgver = 2.3.4 + pkgrel = 5 + url = http://www.pizzashack.org/rssh/ + arch = i686 + arch = x86_64 + arch = armv6h + license = custom:rssh + depends = openssh + backup = etc/rssh.conf + source = http://downloads.sourceforge.net/sourceforge/rssh/rssh-2.3.4.tar.gz + source = http://downloads.sourceforge.net/sourceforge/rssh/rssh-2.3.4.tar.gz.sig + source = 0001-fail-logging.patch + source = 0002-info-to-debug.patch + source = 0003-man-page-spelling.patch + source = 0004-mkchroot.patch + source = 0005-mkchroot-arch.patch + source = 0006-mkchroot-symlink.patch + source = 0007-destdir.patch + source = 0008-rsync-protocol.patch + sha256sums = f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 + sha256sums = SKIP + sha256sums = d30f2f4fdb1b57f94773f5b0968a4da3356b14a040efe69ec1e976c615035c65 + sha256sums = 86f6ecf34f62415b0d6204d4cbebc47322dc2ec71732d06aa27758e35d688fcd + sha256sums = 455b3bbccddf1493999d00c2cd46e62930ef4fd8211e0b7d3a89d8010d6a5431 + sha256sums = f7fd8723d2aa94e64e037c13c2f263a52104af680ab52bfcaea73dfa836457c2 + sha256sums = ac8894c4087a063ae8267d2fdfcde69c2fe6b67a8ff5917e4518b8f73f08ba3f + sha256sums = bce98728cb9b55c92182d4901c5f9adf49376a07c5603514b0004e3d1c85e9c7 + sha256sums = 7fa03644f81dc37d77cc7e2cad994f17f91b2b8a49b1a74e41030a4ac764385e + sha256sums = 0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91 + +pkgname = rssh + diff --git a/0001-fail-logging.patch b/0001-fail-logging.patch new file mode 100644 index 000000000000..7a2c44d3b0b9 --- /dev/null +++ b/0001-fail-logging.patch @@ -0,0 +1,30 @@ +From: Russ Allbery <rra@debian.org> +Subject: [PATCH] Fix allocation of buffer for fail log message + +The failure log message when the user isn't permitted to run the +command they're attempting includes a summary of the commands the +user is allowed to run. The allocation for that string was not +reserving space for the nul byte at the end of the string, causing +a one-byte overwrite past the end of the string. + +Signed-off-by: Russ Allbery <rra@debian.org> + +--- + util.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/util.c b/util.c +index e576755..49f8be1 100644 +--- a/util.c ++++ b/util.c +@@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) + /* create msg indicating what is allowed */ + if ( !size ) cmd = "This user is locked out."; + else { +- size += 18; ++ size += 18 + 1; + if ( !(cmd = (char *)malloc(size)) ){ + log_msg("fatal error: out of mem allocating log msg"); + exit(1); +-- +tg: (05d6ee0..) fixes/fail-logging (depends on: upstream) diff --git a/0002-info-to-debug.patch b/0002-info-to-debug.patch new file mode 100644 index 000000000000..0b6b03180bae --- /dev/null +++ b/0002-info-to-debug.patch @@ -0,0 +1,108 @@ +From: Russ Allbery <rra@stanford.edu> +Subject: [PATCH] Lower priority of syslog messages to debug + +Lower priority of all of the routine syslog messages from info to debug +to cut down on log noise. + +Signed-off-by: Russ Allbery <rra@stanford.edu> + +--- + rsshconf.c | 20 ++++++++++---------- + 1 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/rsshconf.c b/rsshconf.c +index 3dcb2cf..a69f556 100644 +--- a/rsshconf.c ++++ b/rsshconf.c +@@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing scp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SCP; +@@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing sftp to all users"); + } + opts->shell_flags |= RSSH_ALLOW_SFTP; +@@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing cvs to all users"); + } + opts->shell_flags |= RSSH_ALLOW_CVS; +@@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts, + lineno); + return FALSE; + } +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + if (log){ + log_msg("allowing rdist to all users"); + opts->shell_flags |= RSSH_ALLOW_RDIST; +@@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("allowing rsync to all users"); + } + opts->shell_flags |= RSSH_ALLOW_RSYNC; +@@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts, + /* get rid of any old value for chroot path, assign new one */ + if ( opts->chroot_path ) free(opts->chroot_path); + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("chrooting all users to %s", temp); + } + /* we must not free temp, since opts points to it */ +@@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts, + return FALSE; + } + if ( facname ){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + if (log) log_msg("setting log facility to %s", facname); + log_set_facility(fac); + return TRUE; +@@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts, + return FALSE; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("setting umask to %#o", mask); + } + opts->rssh_umask = mask; +@@ -889,7 +889,7 @@ int process_user( ShellOptions_t *opts, + */ + if ( (strcmp(user, username)) ) return TRUE; + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("line %d: configuring user %s", lineno, user); + } + if ( !(len = eat_colon(temp + pos)) ){ +@@ -970,7 +970,7 @@ cleanup: + tmpmask = 077; + } + if (log){ +- log_set_priority(LOG_INFO); ++ log_set_priority(LOG_DEBUG); + log_msg("setting %s's umask to %#o", user, tmpmask); + } + opts->rssh_umask = tmpmask; +-- +tg: (05d6ee0..) fixes/info-to-debug (depends on: upstream) diff --git a/0003-man-page-spelling.patch b/0003-man-page-spelling.patch new file mode 100644 index 000000000000..9cebe1fc8a91 --- /dev/null +++ b/0003-man-page-spelling.patch @@ -0,0 +1,26 @@ +From: Russ Allbery <rra@debian.org> +Subject: [PATCH] Fix spelling errors in manual pages + +Fix spelling errors such as seperate for separate. + +Signed-off-by: Russ Allbery <rra@debian.org> + +--- + rssh.1 | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/rssh.1 b/rssh.1 +index caa2636..8a6898e 100644 +--- a/rssh.1 ++++ b/rssh.1 +@@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you + are trying to provide. This prevents them from running standard system + commands. + .P +-Then, make sure the user's files inside the jail are on a seperate filesystem ++Then, make sure the user's files inside the jail are on a separate filesystem + from your system's executables. If possible in your environment, make sure + you mount this filesystem using the + .IR noexec " and " nosuid +-- +tg: (05d6ee0..) fixes/man-page-spelling (depends on: upstream) diff --git a/0004-mkchroot.patch b/0004-mkchroot.patch new file mode 100644 index 000000000000..d83cd25dcdd5 --- /dev/null +++ b/0004-mkchroot.patch @@ -0,0 +1,190 @@ +From: Russ Allbery <rra@stanford.edu> +Subject: [PATCH] Fixes and improvements to mkchroot.sh + +Debian wants libnss_compat* in addition to libnss_files* for UID lookups +to work properly, and doesn't have a libnss1_files*. With multiarch, +these libraries have also been moved into a subdirectory of /lib. + +Create the /dev/null device in the chroot, needed by sftp-server. Create +the /dev/log device in the chroot, for one less step. + +Update the code to copy over libraries to be able to parse the new output +from ldd. + +Update file paths for Debian. + +Add better error handling. + +Warn that /etc/passwd is being copied into the chroot jail and that the +user may wish to edit out some users and remove any sensitive +information. (Debian Bug#366655) + +Thanks to proctor mcduff for his contributions. + +Signed-off-by: Russ Allbery <rra@stanford.edu> + +--- + mkchroot.sh | 105 +++++++++++++++++++++++++++++++++++++++++++++------------- + 1 files changed, 81 insertions(+), 24 deletions(-) + +diff --git a/mkchroot.sh b/mkchroot.sh +index 9e17d5d..25f3a7d 100755 +--- a/mkchroot.sh ++++ b/mkchroot.sh +@@ -1,13 +1,13 @@ +-#!/bin/sh ++#!/bin/bash + + ##################################################################### + ##################################################################### + ## + ## mkchroot.sh - set up a chroot jail. + ## +-## This script is written to work for Red Hat 8/9 systems, but may work on +-## other systems. Or, it may not... In fact, it may not work at all. Use at +-## your own risk. :) ++## This script is written to work for Red Hat 8/9 systems and adapted to work ++## on Debian systems, but may work on other systems. Or, it may not... In ++## fact, it may not work at all. Use at your own risk. :) + ## + + fail() { +@@ -96,9 +96,9 @@ fi + # copy SSH files + + scp_path="/usr/bin/scp" +-sftp_server_path="/usr/libexec/openssh/sftp-server" ++sftp_server_path="/usr/lib/openssh/sftp-server" + rssh_path="/usr/bin/rssh" +-chroot_helper_path="/usr/libexec/rssh_chroot_helper" ++chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" + + for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do + +@@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \ + # + # identify and copy libraries needed in the jail + # ++# Sample ldd output: ++# ++# linux-gate.so.1 => (0xffffe000) ++# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000) ++# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000) ++# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000) ++# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000) ++# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000) ++# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000) ++# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000) ++# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000) ++# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000) ++# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000) ++# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000) ++# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000) ++# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000) ++# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000) ++# /lib/ld-linux.so.2 (0xb7f13000) ++# ++# either the first or the third column may contain a path ++# + +-for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do ++for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \ ++ /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_comat* \ ++ /lib/*/libnss_files*; do ++ if [ ! -f "$prog" ] ; then ++ continue ++ fi + echo "Copying libraries for $prog." +- libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` ++ libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'` + for lib in $libs; do +- mkdir -p "$jail_dir$(dirname $lib)" ++ mkdir -p "$jail_dir$(dirname $lib)" || \ ++ fail "Error creating $(dirname $lib). Exiting" 6 + echo -e "\t$lib" +- cp "$lib" "$jail_dir$lib" ++ cp "$lib" "$jail_dir$lib" || \ ++ fail "Error copying $lib. Exiting" 6 + done + done + ++# On Debian with multiarch, the libnss files are in /lib/<triplet>, where ++# <triplet> is the relevant architecture triplet. Just copy everything ++# that's installed, since we're not sure which ones we'll need. + echo "copying name service resolution libraries..." +-tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/' ++if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then ++ tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ ++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' ++else ++ tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \ ++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' ++fi + + ##################################################################### + # +@@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se + # + + echo "Setting up /etc in the chroot jail" +-mkdir -p "$jail_dir/etc" +-cp /etc/nsswitch.conf "$jail_dir/etc/" +-cp /etc/passwd "$jail_dir/etc/" +-cp /etc/ld.* "$jail_dir/etc/" +- +-echo -e "Chroot jail configuration completed." +-echo -e "\nNOTE: if you are not using the passwd file for authentication," +-echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" +- ++mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7 ++cp /etc/nsswitch.conf "$jail_dir/etc/" || \ ++ fail "Error copying /etc/nsswitch.conf. Exiting" 7 ++cp /etc/passwd "$jail_dir/etc/" || \ ++ fail "Error copying /etc/passwd. Exiting" 7 ++cp -r /etc/ld.* "$jail_dir/etc/" || \ ++ fail "Error copying /etc/ld.*. Exiting" 7 ++echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish" ++echo -e "to edit out unnecessary users and remove any sensitive information" ++echo -e "from it." + + ##################################################################### + # +-# set up /dev/log ++# set up /dev + # + + mkdir -p "$jail_dir/dev" ++if [ `whoami` = "root" ]; then ++ cp -a /dev/log "$jail_dir/dev" || \ ++ fail "Error creating /dev/log. Exiting" 8 ++ cp -a /dev/null "$jail_dir/dev" || \ ++ fail "Error creating /dev/null. Exiting" 8 ++ cp -a /dev/zero "$jail_dir/dev" || \ ++ fail "Error creating /dev/zero. Exiting" 8 ++else ++ echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c" ++ echo -e "You are not root.\n" ++fi ++ ++echo -e "Chroot jail configuration completed.\n" ++ ++echo -e "NOTE: if you are not using the passwd file for authentication," ++echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n" ++ ++echo -e "NOTE: if you are using any programs other than scp and sftp, you will" ++echo -e "need to copy the server binaries and any libraries they depend on" ++echo -e "into the chroot manually. Use ldd on the binary to find the needed" ++echo -e "libraries.\n" + + echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd" + echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases," + echo -e "you will need to start syslog as:\n" +-echo -e " /sbin/syslogd -a $jail_dir/dev/log\n" ++echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n" + + echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c" + echo -e "if it\ndoesn't, you're on your own. Sorry!\n" +- +- +-- +tg: (05d6ee0..) fixes/mkchroot (depends on: upstream) diff --git a/0005-mkchroot-arch.patch b/0005-mkchroot-arch.patch new file mode 100644 index 000000000000..b039ed15d274 --- /dev/null +++ b/0005-mkchroot-arch.patch @@ -0,0 +1,29 @@ +--- a/mkchroot.sh 2012-08-06 08:00:53.806524961 +0200 ++++ b/mkchroot.sh 2012-08-03 11:00:39.000000000 +0200 +@@ -96,7 +96,7 @@ fi + # copy SSH files + + scp_path="/usr/bin/scp" +-sftp_server_path="/usr/lib/openssh/sftp-server" ++sftp_server_path="/usr/lib/ssh/sftp-server" + rssh_path="/usr/bin/rssh" + chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper" + +@@ -159,7 +159,7 @@ for prog in $scp_path $sftp_server_path + mkdir -p "$jail_dir$(dirname $lib)" || \ + fail "Error creating $(dirname $lib). Exiting" 6 + echo -e "\t$lib" +- cp "$lib" "$jail_dir$lib" || \ ++ cp -f "$lib" "$jail_dir$lib" || \ + fail "Error copying $lib. Exiting" 6 + done + done +@@ -168,7 +168,7 @@ done + # <triplet> is the relevant architecture triplet. Just copy everything + # that's installed, since we're not sure which ones we'll need. + echo "copying name service resolution libraries..." +-if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then ++if [ -n "$(find /lib/ -maxdepth 1 -name 'libnss*' -print -quit)" ] ; then + tar -cf - /lib/libnss_compat* /lib/libnss*_files* \ + | tar -C "$jail_dir" -xvf - | sed 's/^/\t/' + else diff --git a/0006-mkchroot-symlink.patch b/0006-mkchroot-symlink.patch new file mode 100644 index 000000000000..280cac2676d3 --- /dev/null +++ b/0006-mkchroot-symlink.patch @@ -0,0 +1,12 @@ +--- a/mkchroot.sh 2014-10-07 15:41:21.168017698 +0200 ++++ b/mkchroot.sh 2014-10-07 15:47:19.483758137 +0200 +@@ -111,6 +111,9 @@ for jail_path in `dirname "$jail_dir$scp + + done + ++ln -fst "${jail_dir}" "usr/lib" || \ ++ fail "Error creating /lib symlink. Exiting." 5 ++ + cp "$scp_path" "$jail_dir$scp_path" || \ + fail "Error copying $scp_path. Exiting." 5 + cp "$sftp_server_path" "$jail_dir$sftp_server_path" || \ diff --git a/0007-destdir.patch b/0007-destdir.patch new file mode 100644 index 000000000000..90fa03e6d9ed --- /dev/null +++ b/0007-destdir.patch @@ -0,0 +1,24 @@ +diff -aur old//Makefile.am new//Makefile.am +--- old//Makefile.am 2006-12-21 23:22:37.000000000 +0100 ++++ new//Makefile.am 2010-11-25 18:15:29.253376150 +0100 +@@ -16,7 +16,7 @@ + $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + + install-exec-hook: +- chmod u+s $(libexecdir)/rssh_chroot_helper ++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper + + rpm: dist + rpmbuild -ta --sign $(base).tar.gz +diff -aur old//Makefile.in new//Makefile.in +--- old//Makefile.in 2010-08-01 15:59:54.000000000 +0200 ++++ new//Makefile.in 2010-11-25 18:15:29.253376150 +0100 +@@ -830,7 +830,7 @@ + $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + + install-exec-hook: +- chmod u+s $(libexecdir)/rssh_chroot_helper ++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper + + rpm: dist + rpmbuild -ta --sign $(base).tar.gz diff --git a/0008-rsync-protocol.patch b/0008-rsync-protocol.patch new file mode 100644 index 000000000000..e1694ee0adc3 --- /dev/null +++ b/0008-rsync-protocol.patch @@ -0,0 +1,130 @@ +From: Russ Allbery <rra@stanford.edu> +Subject: [PATCH] Handle the rsync v3 -e option for protocol information + +As of rsync 3, rsync reused the -e option to pass protocol information +from the client to the server. We therefore cannot reject all -e +options to rsync, only ones not sent with --server or containing +something other than protocol information as an argument. + +Also scan the rsync command line for any --rsh option and reject it as +well. This replaces and improves the upstream strategy for rejecting +that command-line option, taking advantage of the parsing added to +check the -e option. + +Based on work by Robert Hardy. + +Debian Bug#471803 + +Signed-off-by: Russ Allbery <rra@stanford.edu> + +--- + util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 72 insertions(+), 8 deletions(-) + +diff --git a/util.c b/util.c +index f98d2bc..a257b06 100644 +--- a/util.c ++++ b/util.c +@@ -56,6 +56,7 @@ + #ifdef HAVE_LIBGEN_H + #include <libgen.h> + #endif /* HAVE_LIBGEN_H */ ++#include <regex.h> + + /* LOCAL INCLUDES */ + #include "pathnames.h" +@@ -198,6 +199,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) + + + /* ++ * rsync_e_okay() - take the command line passed to rssh and look for an -e ++ * option. If one is found, make sure --server is provided ++ * and the option contains only the protocol information. ++ * Also check for and reject any --rsh option. Returns FALSE ++ * if the command line should not be allowed, TRUE if it is ++ * okay. ++ */ ++static int rsync_e_okay( char **vec ) ++{ ++ regex_t re; ++ int server = FALSE; ++ int e_found = FALSE; ++ ++ /* ++ * rsync will send -e, followed by either just "." (meaning no special ++ * protocol) or "N.N" (meaning a pre-release protocol version), ++ * followed by some number of alphabetic flags indicating various ++ * supported options. There may be other options between - and the e, ++ * but -e will always be the last option in the string. A typical ++ * option passed by the client is "-ltpre.iL". ++ * ++ * Note that if --server is given, this should never be parsed as a ++ * shell, but we'll tightly verify it anyway, just in case. ++ * ++ * This regex matches the acceptable flags containing -e, so if it ++ * does not match, the command line should be rejected. ++ */ ++ static const char pattern[] ++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; ++ ++ /* ++ * Only recognize --server if it's the first option. rsync itself ++ * always passes it that way, and if it's not the first argument, it ++ * could be hidden from the server as an argument to some other ++ * option. ++ */ ++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){ ++ server = TRUE; ++ } ++ ++ /* Check the remaining options for -e or --rsh. */ ++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ ++ return FALSE; ++ } ++ while (vec && *vec){ ++ if ( strcmp(*vec, "--") == 0 ) break; ++ if ( strcmp(*vec, "--rsh") == 0 ++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ ++ e_found = TRUE; ++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ ++ regfree(&re); ++ return FALSE; ++ } ++ } ++ vec++; ++ } ++ regfree(&re); ++ if ( e_found && !server ) return FALSE; ++ return TRUE; ++} ++ ++ ++/* + * check_command_line() - take the command line passed to rssh, and verify + * that the specified command is one the user is + * allowed to run and validate the arguments. Return the +@@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) + + if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ +- if ( opt_filter(cl, 'e') ) return NULL; +- while (cl && *cl){ +- if ( strstr(*cl, "--rsh" ) ){ +- fprintf(stderr, "\ninsecure --rsh= not allowed."); +- log_msg("insecure --rsh option in rsync command line!"); +- return NULL; +- } +- cl++; ++ if ( !rsync_e_okay(cl) ){ ++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed."); ++ log_msg("insecure -e or --rsh option in rsync command line!"); ++ return NULL; + } + return PATH_RSYNC; + } +-- +tg: (f8b36e2..) fixes/rsync-protocol (depends on: upstream) diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..8962cac7fd7b --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,76 @@ +# Maintainer: Christian Hesse <mail@eworm.de> +# Contributor: Judd Vinet <jvinet@zeroflux.org> +# Contributor: Gaetan Bisson <bisson@archlinux.org> + +pkgname=rssh +pkgver=2.3.4 +pkgrel=5 +pkgdesc='Restricted secure shell allowing only scp, sftp, cvs, rsync or rdist' +url='http://www.pizzashack.org/rssh/' +license=('custom:rssh') +arch=('i686' 'x86_64' 'armv6h') +backup=('etc/rssh.conf') +depends=('openssh') +validpgpkeys=('3A6FE9A6B62D6B47DC496B6D7637654281CFE75D') +source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-${pkgver}.tar.gz"{,.sig} + '0001-fail-logging.patch' + '0002-info-to-debug.patch' + '0003-man-page-spelling.patch' + '0004-mkchroot.patch' + '0005-mkchroot-arch.patch' + '0006-mkchroot-symlink.patch' + '0007-destdir.patch' + '0008-rsync-protocol.patch') +sha256sums=('f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9' + 'SKIP' + 'd30f2f4fdb1b57f94773f5b0968a4da3356b14a040efe69ec1e976c615035c65' + '86f6ecf34f62415b0d6204d4cbebc47322dc2ec71732d06aa27758e35d688fcd' + '455b3bbccddf1493999d00c2cd46e62930ef4fd8211e0b7d3a89d8010d6a5431' + 'f7fd8723d2aa94e64e037c13c2f263a52104af680ab52bfcaea73dfa836457c2' + 'ac8894c4087a063ae8267d2fdfcde69c2fe6b67a8ff5917e4518b8f73f08ba3f' + 'bce98728cb9b55c92182d4901c5f9adf49376a07c5603514b0004e3d1c85e9c7' + '7fa03644f81dc37d77cc7e2cad994f17f91b2b8a49b1a74e41030a4ac764385e' + '0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91') + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + + # from debian package (2.3.3-4) + # http://ftp.de.debian.org/debian/pool/main/r/rssh/rssh_2.3.3-4.debian.tar.gz + + patch -Np1 < ${srcdir}/0001-fail-logging.patch + patch -Np1 < ${srcdir}/0002-info-to-debug.patch + patch -Np1 < ${srcdir}/0003-man-page-spelling.patch + patch -Np1 < ${srcdir}/0004-mkchroot.patch + + patch -Np1 < ${srcdir}/0005-mkchroot-arch.patch + patch -Np1 < ${srcdir}/0006-mkchroot-symlink.patch + + patch -Np1 < ${srcdir}/0007-destdir.patch + + patch -Np1 < ${srcdir}/0008-rsync-protocol.patch +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/rssh \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + + make DESTDIR="${pkgdir}" install + mv ${pkgdir}/etc/rssh.conf.default ${pkgdir}/etc/rssh.conf + + install -D -m0644 LICENSE "${pkgdir}"/usr/share/licenses/rssh/LICENSE + + install -D -m0755 mkchroot.sh "${pkgdir}"/usr/bin/mkchroot +} + |