Sun Feb 10 01:12:35 PST 2013

4 files changed, 0 insertions, 349 deletions

diff --git a/extra/rssh/PKGBUILD b/extra/rssh/PKGBUILD
deleted file mode 100644
index 477c6fcdf..000000000
--- a/extra/rssh/PKGBUILD
+++ /dev/null
@@ -1,43 +0,0 @@
-# $Id: PKGBUILD 164390 2012-08-01 04:02:33Z bisson $
-# Contributor: Judd Vinet <jvinet@zeroflux.org>
-# Maintainer: Gaetan Bisson <bisson@archlinux.org>
-
-pkgname=rssh
-pkgver=2.3.3
-pkgrel=4
-pkgdesc='Restricted shell for use with OpenSSH, allowing only scp and/or sftp'
-url='http://www.pizzashack.org/rssh/'
-license=('custom:rssh')
-arch=('i686' 'x86_64')
-backup=('etc/rssh.conf')
-depends=('openssh')
-source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-${pkgver}.tar.gz"
-        'env-breach.patch'
-        'destdir.patch'
-        'rsync.patch')
-sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a'
-          '434712f82f24c60834a10142ca5c49b8a57555a7'
-          '85bd1694decae5872cbeeafd578b147eb13313c6'
-          '86564eab4493f4b4502a022e5938babb31450a00')
-
-build() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-
-	patch -p1 -i ../env-breach.patch # FS#30950
-	patch -p1 -i ../rsync.patch # FS#21783
-	patch -p1 -i ../destdir.patch
-
-	./configure \
-		--prefix=/usr \
-		--libexecdir=/usr/lib/rssh \
-		--mandir=/usr/share/man \
-		--sysconfdir=/etc \
-
-	make
-}
-
-package() {
-	cd "${srcdir}/${pkgname}-${pkgver}"
-	make DESTDIR="${pkgdir}" install
-	install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/rssh/LICENSE
-}
diff --git a/extra/rssh/destdir.patch b/extra/rssh/destdir.patch
deleted file mode 100644
index 90fa03e6d..000000000
--- a/extra/rssh/destdir.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -aur old//Makefile.am new//Makefile.am
---- old//Makefile.am	2006-12-21 23:22:37.000000000 +0100
-+++ new//Makefile.am	2010-11-25 18:15:29.253376150 +0100
-@@ -16,7 +16,7 @@
- 	$(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
- 
- install-exec-hook:
--	chmod u+s $(libexecdir)/rssh_chroot_helper
-+	chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
- 
- rpm:	dist
- 	rpmbuild -ta --sign $(base).tar.gz
-diff -aur old//Makefile.in new//Makefile.in
---- old//Makefile.in	2010-08-01 15:59:54.000000000 +0200
-+++ new//Makefile.in	2010-11-25 18:15:29.253376150 +0100
-@@ -830,7 +830,7 @@
- 	$(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
- 
- install-exec-hook:
--	chmod u+s $(libexecdir)/rssh_chroot_helper
-+	chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
- 
- rpm:	dist
- 	rpmbuild -ta --sign $(base).tar.gz
diff --git a/extra/rssh/env-breach.patch b/extra/rssh/env-breach.patch
deleted file mode 100644
index e9193c7bd..000000000
--- a/extra/rssh/env-breach.patch
+++ /dev/null
@@ -1,228 +0,0 @@
---- rssh-2.3.3/main.c.in	2010-08-01 15:43:30.000000000 -0400
-+++ rssh-2.3.3/main.c.in	2012-05-11 16:44:39.000000000 -0400
-@@ -184,7 +184,7 @@
- 	 * determine if the command in cmdline is acceptable to run, and store
- 	 * name of program to exec in cmd
- 	 */
--	if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL;
-+	if ( !(*cmd = get_command(cmdline, opts)) ) return NULL;
- 
- 	/* if we need to do chroot processing, do it */
- 	if ( opts->shell_flags & RSSH_USE_CHROOT ){
-@@ -252,7 +252,9 @@
- 	}
- 
- 	/* return vector of pointers to command line arguments */
--	return build_arg_vector(cmdline, 0);
-+	argvec = build_arg_vector(cmdline, 0);
-+	if (check_command_line(argvec, opts)) return argvec;
-+	else return NULL;
- }
- 
- void vers_info( void )
---- rssh-2.3.3/util.c	2010-08-01 09:07:00.000000000 -0400
-+++ rssh-2.3.3/util.c	2012-05-11 16:43:10.000000000 -0400
-@@ -106,7 +106,7 @@
- 	/* print error message to user and log attempt */
- 	fprintf(stderr, "\nThis account is restricted by rssh.\n"
- 		"%s\n\nIf you believe this is in error, please contact "
--	        "your system administrator.\n\n", cmd);
-+		"your system administrator.\n\n", cmd);
- 	if ( argc < 3 )
- 		log_msg("user %s attempted to log in with a shell",
- 			username);
-@@ -132,31 +132,35 @@
-  */
- bool opt_exist(char *cl, char opt)
- {
--	int	i = 0;
-+	int	i = 1;
- 	int	len;
--	char	*token;
--	bool	optstring = FALSE;
--
- 
- 	len = strlen(cl);
- 
- 	/* process command line character by character */
--	while ( i < (len - 2) ){
--		if ( cl[i] == ' ' || cl[i] == '\t' ){
--			if ( cl[i+1] == '-' ){ 
--				optstring = TRUE;
--				i+=2;
--			}
--		}
--		if ( cl[i] == opt && optstring ) return TRUE;
--		if ( cl[i] == ' ' || cl[i] == '\t' || cl[i] == '-' ) 
--			optstring = FALSE;
-+	if (!(cl[0] == '-')) return FALSE;
-+	while ( i < (len) ){
-+		if ( cl[i] == opt ) return TRUE;
- 		i++;
- 	}
- 	return FALSE;
- }
- 
- 
-+bool opt_filter(char **vec, const char opt)
-+{
-+	while (vec && *vec){
-+		if (opt_exist(*vec, opt)){
-+			fprintf(stderr, "\nillegal insecure %c option", opt);
-+			log_msg("insecure %c option in scp command line!", opt);
-+			return TRUE;
-+		}
-+		vec++;
-+	}
-+	return FALSE;
-+}
-+
-+
- bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag )
- {
- 	int	cl_len;		/* length of command line */
-@@ -186,69 +190,78 @@
- 	return FALSE;
- }
- 
-+
- /*
-  * check_command_line() - take the command line passed to rssh, and verify
-- * 			  that the specified command is one the user is
-- * 			  allowed to run.  Return the path of the command
-- * 			  which will be run if it is ok, or return NULL if it
-- * 			  is not.
-+ *			  that the specified command is one the user is
-+ *			  allowed to run and validate the arguments.  Return the
-+ *			  path of the command which will be run if it is ok, or
-+ *			  return NULL if it is not.
-  */
--char *check_command_line( char *cl, ShellOptions_t *opts )
-+char *check_command_line( char **cl, ShellOptions_t *opts )
- {
- 
--	if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
-+	if ( check_command(*cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
- 		return PATH_SFTP_SERVER;
- 
--	if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
-+	if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){
- 		/* filter -S option */
--		if ( opt_exist(cl, 'S') ){
--			fprintf(stderr, "\ninsecure -S option not allowed.");
--			log_msg("insecure -S option in scp command line!");
--			return NULL;
--		}
-+		if ( opt_filter(cl, 'S') ) return NULL;
- 		return PATH_SCP;
- 	}
- 
--	if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
--		if ( opt_exist(cl, 'e') ){
--			fprintf(stderr, "\ninsecure -e option not allowed.");
--			log_msg("insecure -e option in cvs command line!");
--			return NULL;
--		}
-+	if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
-+		if ( opt_filter(cl, 'e') ) return NULL;
- 		return PATH_CVS;
- 	}
- 
--	if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
-+	if ( check_command(*cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){
- 		/* filter -P option */
--		if ( opt_exist(cl, 'P') ){
--			fprintf(stderr, "\ninsecure -P option not allowed.");
--			log_msg("insecure -P option in rdist command line!");
--			return NULL;
--		}
-+		if ( opt_filter(cl, 'P') ) return NULL;
- 		return PATH_RDIST;
- 	}
- 
--	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
-+	if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
- 		/* filter -e option */
--		if ( opt_exist(cl, 'e') ){
--			fprintf(stderr, "\ninsecure -e option not allowed.");
--			log_msg("insecure -e option in rdist command line!");
--			return NULL;
--		}
--		
--		if ( strstr(cl, "--rsh=" ) ){
--			fprintf(stderr, "\ninsecure --rsh= not allowed.");
--			log_msg("insecure --rsh option in rsync command line!");
--			return NULL;
-+		if ( opt_filter(cl, 'e') ) return NULL;
-+		while (cl && *cl){
-+			if ( strstr(*cl, "--rsh=" ) ){
-+				fprintf(stderr, "\ninsecure --rsh= not allowed.");
-+				log_msg("insecure --rsh option in rsync command line!");
-+				return NULL;
-+			}
- 		}
--
- 		return PATH_RSYNC;
- 	}
-+	/* No match, return NULL */
-+	return NULL;
-+}
-+
-+
-+/*
-+ * get_command() - take the command line passed to rssh, and verify
-+ *		   that the specified command is one the user is allowed to run.
-+ *		   Return the path of the command which will be run if it is ok,
-+ *		   or return NULL if it is not.
-+ */
-+char *get_command( char *cl, ShellOptions_t *opts )
-+{
- 
-+	if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) )
-+		return PATH_SFTP_SERVER;
-+	if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) )
-+		return PATH_SCP;
-+	if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) )
-+		return PATH_CVS;
-+	if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) )
-+		return PATH_RDIST;
-+	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) )
-+		return PATH_RSYNC;
- 	return NULL;
- }
- 
- 
-+
- /*
-  * extract_root() - takes a root directory and the full path to some other
-  *                  directory, and returns a pointer to a string which
-@@ -264,7 +277,7 @@
- 	len = strlen(root);
- 	/* get rid of a trailing / from the root path */
- 	if ( root[len - 1] == '/' ){
--	       	root[len - 1] = '\0';
-+		root[len - 1] = '\0';
- 		len--;
- 	}
- 	if ( (strncmp(root, path, len)) ) return NULL;
-@@ -309,7 +322,7 @@
-  *                     same name, and returns FALSE if the bits are not valid
-  */
- int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
--	       	     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
-+		     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
- {
- 	int	i;
- 
---- rssh-2.3.3/util.h	2006-12-21 17:22:38.000000000 -0500
-+++ rssh-2.3.3/util.h	2012-05-11 16:21:12.000000000 -0400
-@@ -33,7 +33,8 @@
- #include "rsshconf.h"
- 
- void fail( int flags, int argc, char **argv );
--char *check_command_line( char *cl, ShellOptions_t *opts );
-+char *check_command_line( char **cl, ShellOptions_t *opts );
-+char *get_command( char *cl, ShellOptions_t *opts);
- char *extract_root( char *root, char *path );
- int  validate_umask( const char *temp, int *mask );
- int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
diff --git a/extra/rssh/rsync.patch b/extra/rssh/rsync.patch
deleted file mode 100644
index 7d0a51195..000000000
--- a/extra/rssh/rsync.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-diff -Naur old/util.c new/util.c
---- old/util.c	2012-08-01 13:48:47.803620731 +1000
-+++ new/util.c	2012-08-01 13:55:13.622614598 +1000
-@@ -56,6 +56,7 @@
- #ifdef HAVE_LIBGEN_H
- #include <libgen.h>
- #endif /* HAVE_LIBGEN_H */
-+#include <regex.h>
- 
- /* LOCAL INCLUDES */
- #include "pathnames.h"
-@@ -192,6 +193,33 @@
- 
- 
- /*
-+ * check_rsync_e() - take the command line passed to rssh and look for a -e
-+ *                   option.  If one is found, make sure --server is provided
-+ *                   and the option contains only the protocol information.
-+ *                   Returns 1 if the command line is safe; 0 otherwise.
-+ */
-+static int check_rsync_e( char *cl )
-+{
-+	int	status;
-+	regex_t	re;
-+
-+	/*
-+	 * This is more complicated than it looks because we don't want to
-+	 * trigger on the e in --server, but we do want to catch the common
-+	 * case of -ltpre.iL (which contains -e.).
-+	 */
-+	static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]";
-+
-+	if ( strstr(cl, "--server") == NULL ) return 0;
-+	if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
-+		return 0;
-+	}
-+	status = regexec(&re, cl, 0, NULL, 0);
-+	regfree(&re);
-+	return (status == 0) ? 0 : 1;
-+}
-+
-+/*
-  * check_command_line() - take the command line passed to rssh, and verify
-  *			  that the specified command is one the user is
-  *			  allowed to run and validate the arguments.  Return the
-@@ -211,7 +239,7 @@
- 	}
- 
- 	if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){
--		if ( opt_filter(cl, 'e') ) return NULL;
-+		if ( opt_filter(cl, 'e') && !check_rsync_e(cl) ) return NULL;
- 		return PATH_CVS;
- 	}
-