Fri Aug 3 00:01:47 UTC 2012

author: root <root@rshg054.dnsready.net> 2012-08-03 00:01:47 +0000
committer: root <root@rshg054.dnsready.net> 2012-08-03 00:01:47 +0000
commit: 92bafb5f0efc526b1f83cd5fb9460443c4b13dca (patch)
tree: a762a2b1551bff9d77cf7a44a75f915fb074c1a2 /extra/rssh
parent: f003ac1c96d76f4e3a2b93f988e1effce6771052 (diff)
3 files changed, 250 insertions, 22 deletions
diff --git a/extra/rssh/PKGBUILD b/extra/rssh/PKGBUILD
index c1d9e08f7..477c6fcdf 100644
--- a/extra/rssh/PKGBUILD
+++ b/extra/rssh/PKGBUILD
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD 149042 2012-02-05 15:15:17Z bisson $
+# $Id: PKGBUILD 164390 2012-08-01 04:02:33Z bisson $
 # Contributor: Judd Vinet <jvinet@zeroflux.org>
 # Maintainer: Gaetan Bisson <bisson@archlinux.org>
 
 pkgname=rssh
 pkgver=2.3.3
-pkgrel=3
+pkgrel=4
 pkgdesc='Restricted shell for use with OpenSSH, allowing only scp and/or sftp'
 url='http://www.pizzashack.org/rssh/'
 license=('custom:rssh')
@@ -12,17 +12,20 @@ arch=('i686' 'x86_64')
 backup=('etc/rssh.conf')
 depends=('openssh')
 source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-${pkgver}.tar.gz"
+        'env-breach.patch'
         'destdir.patch'
         'rsync.patch')
 sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a'
+          '434712f82f24c60834a10142ca5c49b8a57555a7'
           '85bd1694decae5872cbeeafd578b147eb13313c6'
-          '41f32f8a77b3a2b924ede6044ab67846e06b5d20')
+          '86564eab4493f4b4502a022e5938babb31450a00')
 
 build() {
 	cd "${srcdir}/${pkgname}-${pkgver}"
 
+	patch -p1 -i ../env-breach.patch # FS#30950
+	patch -p1 -i ../rsync.patch # FS#21783
 	patch -p1 -i ../destdir.patch
-	patch -p1 -i ../rsync.patch # FS#21783, debian patch
 
 	./configure \
 		--prefix=/usr \
diff --git a/extra/rssh/env-breach.patch b/extra/rssh/env-breach.patch
new file mode 100644
index 000000000..e9193c7bd
--- /dev/null
+++ b/extra/rssh/env-breach.patch
@@ -0,0 +1,228 @@
+--- rssh-2.3.3/main.c.in	2010-08-01 15:43:30.000000000 -0400
++++ rssh-2.3.3/main.c.in	2012-05-11 16:44:39.000000000 -0400
+@@ -184,7 +184,7 @@
+ 	 * determine if the command in cmdline is acceptable to run, and store
+ 	 * name of program to exec in cmd
+ 	 */
+-	if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL;
++	if ( !(*cmd = get_command(cmdline, opts)) ) return NULL;
+ 
+ 	/* if we need to do chroot processing, do it */
+ 	if ( opts->shell_flags & RSSH_USE_CHROOT ){
+@@ -252,7 +252,9 @@
+ 	}
+ 
+ 	/* return vector of pointers to command line arguments */
+-	return build_arg_vector(cmdline, 0);
++	argvec = build_arg_vector(cmdline, 0);
++	if (check_command_line(argvec, opts)) return argvec;
++	else return NULL;
+ }
+ 
+ void vers_info( void )
+--- rssh-2.3.3/util.c	2010-08-01 09:07:00.000000000 -0400
++++ rssh-2.3.3/util.c	2012-05-11 16:43:10.000000000 -0400
+@@ -106,7 +106,7 @@
+ 	/* print error message to user and log attempt */
+ 	fprintf(stderr, "\nThis account is restricted by rssh.\n"
+ 		"%s\n\nIf you believe this is in error, please contact "
+-	        "your system administrator.\n\n", cmd);
++		"your system administrator.\n\n", cmd);
+ 	if ( argc < 3 )
+ 		log_msg("user %s attempted to log in with a shell",
+ 			username);
+@@ -132,31 +132,35 @@
+  */
+ bool opt_exist(char *cl, char opt)
+ {
+-	int	i = 0;
++	int	i = 1;
+ 	int	len;
+-	char	*token;
+-	bool	optstring = FALSE;
+-
+ 
+ 	len = strlen(cl);
+ 
+ 	/* process command line character by character */
+-	while ( i < (len - 2) ){
+-		if ( cl[i] == ' ' || cl[i] == '\t' ){
+-			if ( cl[i+1] == '-' ){ 
+-				optstring = TRUE;
+-				i+=2;
+-			}
+-		}
+-		if ( cl[i] == opt && optstring ) return TRUE;
+-		if ( cl[i] == ' ' || cl[i] == '\t' || cl[i] == '-' ) 
+-			optstring = FALSE;
++	if (!(cl[0] == '-')) return FALSE;
++	while ( i < (len) ){
++		if ( cl[i] == opt ) return TRUE;
+ 		i++;
+ 	}
+ 	return FALSE;
+ }
+ 
+ 
++bool opt_filter(char **vec, const char opt)
++{
++	while (vec && *vec){
++		if (opt_exist(*vec, opt)){
++			fprintf(stderr, "\nillegal insecure %c option", opt);
++			log_msg("insecure %c option in scp command line!", opt);
++			return TRUE;
++		}
++		vec++;
++	}
++	return FALSE;
++}
++
++
+ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag )
+ {
+ 	int	cl_len;		/* length of command line */
+@@ -186,69 +190,78 @@
+ 	return FALSE;
+ }
+ 
++
+ /*
+  * check_command_line() - take the command line passed to rssh, and verify
+- * 			  that the specified command is one the user is
+- * 			  allowed to run.  Return the path of the command
+- * 			  which will be run if it is ok, or return NULL if it
+- * 			  is not.
++ *			  that the specified command is one the user is
++ *			  allowed to run and validate the arguments.  Return the
++ *			  path of the command which will be run if it is ok, or
++ *			  return NULL if it is not.
+  */
+-char *check_command_line( char *cl, ShellOptions_t *opts )
++char *check_command_line( char **cl, ShellOptions_t *opts )
+ {
+ 
+-	if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
++	if ( check_command(*cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
+ 		return PATH_SFTP_SERVER;
+ 
+-	if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
++	if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
+ 		/* filter -S option */
+-		if ( opt_exist(cl, 'S') ){
+-			fprintf(stderr, "\ninsecure -S option not allowed.");
+-			log_msg("insecure -S option in scp command line!");
+-			return NULL;
+-		}
++		if ( opt_filter(cl, 'S') ) return NULL;
+ 		return PATH_SCP;
+ 	}
+ 
+-	if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
+-		if ( opt_exist(cl, 'e') ){
+-			fprintf(stderr, "\ninsecure -e option not allowed.");
+-			log_msg("insecure -e option in cvs command line!");
+-			return NULL;
+-		}
++	if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
++		if ( opt_filter(cl, 'e') ) return NULL;
+ 		return PATH_CVS;
+ 	}
+ 
+-	if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
++	if ( check_command(*cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
+ 		/* filter -P option */
+-		if ( opt_exist(cl, 'P') ){
+-			fprintf(stderr, "\ninsecure -P option not allowed.");
+-			log_msg("insecure -P option in rdist command line!");
+-			return NULL;
+-		}
++		if ( opt_filter(cl, 'P') ) return NULL;
+ 		return PATH_RDIST;
+ 	}
+ 
+-	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
++	if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ 		/* filter -e option */
+-		if ( opt_exist(cl, 'e') ){
+-			fprintf(stderr, "\ninsecure -e option not allowed.");
+-			log_msg("insecure -e option in rdist command line!");
+-			return NULL;
+-		}
+-		
+-		if ( strstr(cl, "--rsh=" ) ){
+-			fprintf(stderr, "\ninsecure --rsh= not allowed.");
+-			log_msg("insecure --rsh option in rsync command line!");
+-			return NULL;
++		if ( opt_filter(cl, 'e') ) return NULL;
++		while (cl && *cl){
++			if ( strstr(*cl, "--rsh=" ) ){
++				fprintf(stderr, "\ninsecure --rsh= not allowed.");
++				log_msg("insecure --rsh option in rsync command line!");
++				return NULL;
++			}
+ 		}
+-
+ 		return PATH_RSYNC;
+ 	}
++	/* No match, return NULL */
++	return NULL;
++}
++
++
++/*
++ * get_command() - take the command line passed to rssh, and verify
++ *		   that the specified command is one the user is allowed to run.
++ *		   Return the path of the command which will be run if it is ok,
++ *		   or return NULL if it is not.
++ */
++char *get_command( char *cl, ShellOptions_t *opts )
++{
+ 
++	if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
++		return PATH_SFTP_SERVER;
++	if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) )
++		return PATH_SCP;
++	if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) )
++		return PATH_CVS;
++	if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) )
++		return PATH_RDIST;
++	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) )
++		return PATH_RSYNC;
+ 	return NULL;
+ }
+ 
+ 
++
+ /*
+  * extract_root() - takes a root directory and the full path to some other
+  *                  directory, and returns a pointer to a string which
+@@ -264,7 +277,7 @@
+ 	len = strlen(root);
+ 	/* get rid of a trailing / from the root path */
+ 	if ( root[len - 1] == '/' ){
+-	       	root[len - 1] = '\0';
++		root[len - 1] = '\0';
+ 		len--;
+ 	}
+ 	if ( (strncmp(root, path, len)) ) return NULL;
+@@ -309,7 +322,7 @@
+  *                     same name, and returns FALSE if the bits are not valid
+  */
+ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
+-	       	     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
++		     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
+ {
+ 	int	i;
+ 
+--- rssh-2.3.3/util.h	2006-12-21 17:22:38.000000000 -0500
++++ rssh-2.3.3/util.h	2012-05-11 16:21:12.000000000 -0400
+@@ -33,7 +33,8 @@
+ #include "rsshconf.h"
+ 
+ void fail( int flags, int argc, char **argv );
+-char *check_command_line( char *cl, ShellOptions_t *opts );
++char *check_command_line( char **cl, ShellOptions_t *opts );
++char *get_command( char *cl, ShellOptions_t *opts);
+ char *extract_root( char *root, char *path );
+ int  validate_umask( const char *temp, int *mask );
+ int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
diff --git a/extra/rssh/rsync.patch b/extra/rssh/rsync.patch
index cafd6c54b..7d0a51195 100644
--- a/extra/rssh/rsync.patch
+++ b/extra/rssh/rsync.patch
@@ -1,6 +1,6 @@
-diff -aur old//util.c new//util.c
---- old//util.c	2010-08-01 15:07:00.000000000 +0200
-+++ new//util.c	2010-11-25 18:16:24.086709600 +0100
+diff -Naur old/util.c new/util.c
+--- old/util.c	2012-08-01 13:48:47.803620731 +1000
++++ new/util.c	2012-08-01 13:55:13.622614598 +1000
 @@ -56,6 +56,7 @@
  #ifdef HAVE_LIBGEN_H
  #include <libgen.h>
@@ -9,8 +9,8 @@ diff -aur old//util.c new//util.c
  
  /* LOCAL INCLUDES */
  #include "pathnames.h"
-@@ -187,6 +188,33 @@
- }
+@@ -192,6 +193,33 @@
+ 
  
  /*
 + * check_rsync_e() - take the command line passed to rssh and look for a -e
@@ -41,17 +41,14 @@ diff -aur old//util.c new//util.c
 +
 +/*
   * check_command_line() - take the command line passed to rssh, and verify
-  * 			  that the specified command is one the user is
-  * 			  allowed to run.  Return the path of the command
-@@ -230,9 +258,9 @@
+  *			  that the specified command is one the user is
+  *			  allowed to run and validate the arguments.  Return the
+@@ -211,7 +239,7 @@
+ 	}
+ 
+ 	if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
+-		if ( opt_filter(cl, 'e') ) return NULL;
++		if ( opt_filter(cl, 'e') && !check_rsync_e(cl) ) return NULL;
+ 		return PATH_CVS;
+ 	}
  
- 	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
- 		/* filter -e option */
--		if ( opt_exist(cl, 'e') ){
-+		if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){
- 			fprintf(stderr, "\ninsecure -e option not allowed.");
--			log_msg("insecure -e option in rdist command line!");
-+			log_msg("insecure -e option in rsync command line!");
- 			return NULL;
- 		}
-
author	root <root@rshg054.dnsready.net>	2012-08-03 00:01:47 +0000
committer	root <root@rshg054.dnsready.net>	2012-08-03 00:01:47 +0000
commit	92bafb5f0efc526b1f83cd5fb9460443c4b13dca (patch)
tree	a762a2b1551bff9d77cf7a44a75f915fb074c1a2 /extra/rssh
parent	f003ac1c96d76f4e3a2b93f988e1effce6771052 (diff)