[Midnightbsd-cvs] mports [16608] trunk/shells/rssh: rssh 2.3.4
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Aug 26 20:50:42 EDT 2014
Revision: 16608
http://svnweb.midnightbsd.org/mports/?rev=16608
Author: laffer1
Date: 2014-08-26 20:50:41 -0400 (Tue, 26 Aug 2014)
Log Message:
-----------
rssh 2.3.4
Modified Paths:
--------------
trunk/shells/rssh/Makefile
trunk/shells/rssh/distinfo
trunk/shells/rssh/pkg-descr
trunk/shells/rssh/pkg-plist
Added Paths:
-----------
trunk/shells/rssh/files/optional-patch-util.c
trunk/shells/rssh/files/patch-rsshconf.c
Modified: trunk/shells/rssh/Makefile
===================================================================
--- trunk/shells/rssh/Makefile 2014-08-27 00:46:07 UTC (rev 16607)
+++ trunk/shells/rssh/Makefile 2014-08-27 00:50:41 UTC (rev 16608)
@@ -1,7 +1,7 @@
# $MidnightBSD$
PORTNAME= rssh
-PORTVERSION= 2.3.2
+PORTVERSION= 2.3.4
CATEGORIES= shells security
MASTER_SITES= SF
@@ -8,25 +8,18 @@
MAINTAINER= ports at MidnightBSD.org
COMMENT= Restricted Secure SHell only for sftp or/and scp
-LICENSE= other
-# slightly modified bsd license
+LICENSE= bsd2
+LICENSE_FILE= ${WRKSRC}/LICENSE
GNU_CONFIGURE= yes
-OPTIONS= RDIST "rdist support" off
+USE_CSTD= gnu89
+OPTIONS_DEFINE= RDIST RSYNC3
+RDIST_DESC= rdist support
+RDIST_RUN_DEPENDS= rdist6:${PORTSDIR}/net/rdist6
+RDIST_CONFIGURE_ON= --with-rdist=${LOCALBASE}/bin/rdist6
-.include <bsd.port.pre.mk>
+RSYNC3_DESC= rsync3 support (Debian patch)
+RSYNC3_EXTRA_PATCHES= ${FILESDIR}/optional-patch-util.c
-.if defined(WITH_RDIST)
-RUN_DEPENDS+= ${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6
-CONFIGURE_ARGS+=--with-rdist=${LOCALBASE}/bin/rdist6
-.endif
-
-post-patch:
- @${REINPLACE_CMD} -E -e 's,(\$$\(DESTDIR\)\$$\(sysconfdir\)/\$$\$$f),\1.dist,g' \
- ${WRKSRC}/Makefile.in
-
-post-install:
- ${MV} ${PREFIX}/etc/rssh.conf.dist.dist ${PREFIX}/etc/rssh.conf.dist
-
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Modified: trunk/shells/rssh/distinfo
===================================================================
--- trunk/shells/rssh/distinfo 2014-08-27 00:46:07 UTC (rev 16607)
+++ trunk/shells/rssh/distinfo 2014-08-27 00:50:41 UTC (rev 16608)
@@ -1,3 +1,2 @@
-SHA256 (rssh-2.3.2.tar.gz) = 8569a07dd96c8f70d0310186b37bbb2e8e591807ac1d1bd0990c02bfd467ba57
-RMD160 (rssh-2.3.2.tar.gz) = bcdf7d111042bbf296d624943e3350d5273676ed
-SIZE (rssh-2.3.2.tar.gz) = 113959
+SHA256 (rssh-2.3.4.tar.gz) = f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9
+SIZE (rssh-2.3.4.tar.gz) = 113315
Added: trunk/shells/rssh/files/optional-patch-util.c
===================================================================
--- trunk/shells/rssh/files/optional-patch-util.c (rev 0)
+++ trunk/shells/rssh/files/optional-patch-util.c 2014-08-27 00:50:41 UTC (rev 16608)
@@ -0,0 +1,103 @@
+--- util.c.orig 2012-11-27 12:14:49.000000000 +1100
++++ util.c 2013-01-09 17:52:54.000000000 +1100
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif /* HAVE_LIBGEN_H */
++#include <regex.h>
+
+ /* LOCAL INCLUDES */
+ #include "pathnames.h"
+@@ -198,6 +199,73 @@
+
+
+ /*
++ * rsync_e_okay() - take the command line passed to rssh and look for an -e
++ * option. If one is found, make sure --server is provided
++ * and the option contains only the protocol information.
++ * Also check for and reject any --rsh option. Returns FALSE
++ * if the command line should not be allowed, TRUE if it is
++ * okay.
++ */
++static int rsync_e_okay( char **vec )
++{
++ regex_t re;
++ int server = FALSE;
++ int e_found = FALSE;
++
++ /*
++ * rsync will send -e, followed by either just "." (meaning no special
++ * protocol) or "N.N" (meaning a pre-release protocol version),
++ * followed by some number of alphabetic flags indicating various
++ * supported options. There may be other options between - and the e,
++ * but -e will always be the last option in the string. A typical
++ * option passed by the client is "-ltpre.iL".
++ *
++ * Note that if --server is given, this should never be parsed as a
++ * shell, but we'll tightly verify it anyway, just in case.
++ *
++ * This regex matches the acceptable flags containing -e, so if it
++ * does not match, the command line should be rejected.
++ */
++ static const char pattern[]
++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$";
++
++ /*
++ * Only recognize --server if it's the first option. rsync itself
++ * always passes it that way, and if it's not the first argument, it
++ * could be hidden from the server as an argument to some other
++ * option.
++ */
++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){
++ server = TRUE;
++ }
++
++ /* Check the remaining options for -e or --rsh. */
++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
++ return FALSE;
++ }
++ while (vec && *vec){
++ if ( strcmp(*vec, "--") == 0 ) break;
++ if ( strcmp(*vec, "--rsh") == 0
++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){
++ e_found = TRUE;
++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ }
++ vec++;
++ }
++ regfree(&re);
++ if ( e_found && !server ) return FALSE;
++ return TRUE;
++}
++
++
++/*
+ * check_command_line() - take the command line passed to rssh, and verify
+ * that the specified command is one the user is
+ * allowed to run and validate the arguments. Return the
+@@ -230,14 +298,10 @@
+
+ if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ /* filter -e option */
+- if ( opt_filter(cl, 'e') ) return NULL;
+- while (cl && *cl){
+- if ( strstr(*cl, "--rsh" ) ){
+- fprintf(stderr, "\ninsecure --rsh= not allowed.");
+- log_msg("insecure --rsh option in rsync command line!");
+- return NULL;
+- }
+- cl++;
++ if ( !rsync_e_okay(cl) ){
++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed.");
++ log_msg("insecure -e or --rsh option in rsync command line!");
++ return NULL;
+ }
+ return PATH_RSYNC;
+ }
Added: trunk/shells/rssh/files/patch-rsshconf.c
===================================================================
--- trunk/shells/rssh/files/patch-rsshconf.c (rev 0)
+++ trunk/shells/rssh/files/patch-rsshconf.c 2014-08-27 00:50:41 UTC (rev 16608)
@@ -0,0 +1,368 @@
+--- ./rsshconf.c.orig 2012-11-27 01:33:27.000000000 +0100
++++ ./rsshconf.c 2013-12-27 09:57:15.000000000 +0100
+@@ -78,7 +78,7 @@
+ NULL
+ };
+
+-int log=0;
++int rsshlog=0;
+
+ /* flag to tell config parser to stop processing config file */
+ static bool got_user_config = FALSE;
+@@ -132,11 +132,11 @@
+ int status = TRUE; /* were all the cfg lines good? */
+ char line[CFG_LINE_LEN + 1]; /* buffer to hold region */
+
+- log = do_log;
++ rsshlog = do_log;
+ memset(line, 0, CFG_LINE_LEN + 1);
+ cfg_file = fopen(filename, "r");
+ if (!cfg_file) {
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_WARNING);
+ log_msg("config file (%s) missing, using defaults",
+ filename);
+@@ -174,7 +174,7 @@
+ *newline = '\0';
+ else {
+ /* there is no newline - log the error and find the EOL */
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("line %d: line too long", lineno);
+ }
+@@ -241,12 +241,12 @@
+ return TRUE;
+ default:
+ /* the keyword is unknown */
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("line %d: syntax error parsing config file",
+ lineno);
+ }
+- if ( keywrd[0] && log )
++ if ( keywrd[0] && rsshlog )
+ log_msg("unknown keyword: %s", keywrd);
+ return FALSE;
+ }
+@@ -330,7 +330,7 @@
+ /* initialize strings and pointers */
+ memset(buf, 0, buflen);
+ if ( !(copy = strdup(str)) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("OOM error in get_token() (fatal)");
+ }
+@@ -433,11 +433,11 @@
+ const int lineno )
+ {
+ if ( !eat_comment(line) ){
+- if (log) log_msg("line %d: syntax error parsing config file",
++ if (rsshlog) log_msg("line %d: syntax error parsing config file",
+ lineno);
+ return FALSE;
+ }
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("allowing scp to all users");
+ }
+@@ -460,11 +460,11 @@
+ int pos;
+
+ if ( !(pos = eat_comment(line)) ){
+- if (log) log_msg("line %d: syntax error parsing config file",
++ if (rsshlog) log_msg("line %d: syntax error parsing config file",
+ lineno);
+ return FALSE;
+ }
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("allowing sftp to all users");
+ }
+@@ -488,11 +488,11 @@
+ int pos;
+
+ if ( !(pos = eat_comment(line)) ){
+- if (log) log_msg("line %d: syntax error parsing config file",
++ if (rsshlog) log_msg("line %d: syntax error parsing config file",
+ lineno);
+ return FALSE;
+ }
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("allowing cvs to all users");
+ }
+@@ -516,12 +516,12 @@
+ int pos;
+
+ if ( !(pos = eat_comment(line)) ){
+- if (log) log_msg("line %d: syntax error parsing config file",
++ if (rsshlog) log_msg("line %d: syntax error parsing config file",
+ lineno);
+ return FALSE;
+ }
+ log_set_priority(LOG_INFO);
+- if (log){
++ if (rsshlog){
+ log_msg("allowing rdist to all users");
+ opts->shell_flags |= RSSH_ALLOW_RDIST;
+ }
+@@ -544,11 +544,11 @@
+ int pos;
+
+ if ( !(pos = eat_comment(line)) ){
+- if (log) log_msg("line %d: syntax error parsing config file",
++ if (rsshlog) log_msg("line %d: syntax error parsing config file",
+ lineno);
+ return FALSE;
+ }
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("allowing rsync to all users");
+ }
+@@ -573,7 +573,7 @@
+ */
+
+ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){
+- if (log) log_msg("fatal error: can't allocate space for chroot path");
++ if (rsshlog) log_msg("fatal error: can't allocate space for chroot path");
+ exit(1);
+ }
+ /* get_asgn_param() eats trailing comments, so we won't */
+@@ -584,7 +584,7 @@
+
+ /* get rid of any old value for chroot path, assign new one */
+ if ( opts->chroot_path ) free(opts->chroot_path);
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("chrooting all users to %s", temp);
+ }
+@@ -605,7 +605,7 @@
+ int pos;
+
+ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("fatal error: can't allocate space for log facility");
+ }
+@@ -778,17 +778,17 @@
+
+ free(temp);
+ if ( !eat_comment(line + pos) ){
+- if (log) log_msg("line %d: syntax error parsing config file",
++ if (rsshlog) log_msg("line %d: syntax error parsing config file",
+ lineno);
+ return FALSE;
+ }
+ if ( facname ){
+ log_set_priority(LOG_INFO);
+- if (log) log_msg("setting log facility to %s", facname);
++ if (rsshlog) log_msg("setting log facility to %s", facname);
+ log_set_facility(fac);
+ return TRUE;
+ }
+- if (log){
++ if (rsshlog){
+ log_msg("line %d: unknown log facility specified", lineno);
+ log_set_facility(LOG_USER);
+ }
+@@ -804,7 +804,7 @@
+ int mask; /* umask */
+
+ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("fatal error: can't allocate space in process_umask()");
+ }
+@@ -818,7 +818,7 @@
+
+ /* convert the umask to a number */
+ if ( !validate_umask(temp, &mask) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_WARNING);
+ log_msg("line %d: invalid umask specified, using default 077",
+ lineno);
+@@ -827,7 +827,7 @@
+ free(temp);
+ return FALSE;
+ }
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("setting umask to %#o", mask);
+ }
+@@ -857,7 +857,7 @@
+
+ /* make space for user options */
+ if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){
+- if (log) log_msg("fatal error: can't allocate space for user options");
++ if (rsshlog) log_msg("fatal error: can't allocate space for user options");
+ exit(1);
+ }
+
+@@ -870,7 +870,7 @@
+
+ /* now process individual config bits of temp */
+ if ( !(pos = get_token(temp, user, CFG_LINE_LEN + 1, TRUE, TRUE )) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("syntax error parsing config file, line %d",
+ lineno);
+@@ -887,12 +887,12 @@
+ * user lines we don't care about...
+ */
+ if ( (strcmp(user, username)) ) return TRUE;
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("line %d: configuring user %s", lineno, user);
+ }
+ if ( !(len = eat_colon(temp + pos)) ){
+- if (log) log_msg("syntax error parsing config file: line %d ",
++ if (rsshlog) log_msg("syntax error parsing config file: line %d ",
+ lineno);
+ return FALSE;
+ }
+@@ -901,7 +901,7 @@
+ /* do the umask, but validate it last, since it's non-fatal */
+ if ( !(len = get_token(temp + pos, mask, CFG_LINE_LEN + 1,
+ TRUE, FALSE)) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("syntax error parsing user umask, line %d", lineno);
+ }
+@@ -911,14 +911,14 @@
+
+ /* do the access bits */
+ if ( !(len = eat_colon(temp + pos)) ){
+- if (log) log_msg("syntax error parsing config file: line %d ",
++ if (rsshlog) log_msg("syntax error parsing config file: line %d ",
+ lineno);
+ return FALSE;
+ }
+ pos += len;
+ if ( !(len = get_token(temp + pos, axs, CFG_LINE_LEN + 1,
+ TRUE, FALSE)) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("syntax error parsing user access, line %d", lineno);
+ }
+@@ -926,7 +926,7 @@
+ }
+ if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs,
+ &allow_rdist, &allow_rsync) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("syntax error parsing access bits, line %d", lineno);
+ }
+@@ -938,7 +938,7 @@
+ if ( !(len = eat_colon(temp + pos)) ) goto cleanup;
+ pos += len;
+ if ( !(path = (char *)malloc(CFG_LINE_LEN + 1)) ){
+- if (log) log_msg("fatal error: can't allocate space for chroot path");
++ if (rsshlog) log_msg("fatal error: can't allocate space for chroot path");
+ exit(1);
+ }
+ if ( !(len = get_token(temp + pos, path, CFG_LINE_LEN + 1,
+@@ -952,7 +952,7 @@
+ /* make sure nothing is left */
+ while ( *(temp + pos) != '\0' && isspace(*(temp + pos)) ) pos++;
+ if ( *(temp + pos) != '\0' ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("syntax error parsing user config: line %d", lineno);
+ }
+@@ -961,14 +961,14 @@
+
+ /* now finally validate the umask */
+ if ( !validate_umask(mask, &tmpmask) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_WARNING);
+ log_msg("line %d: invalid umask specified, using default",
+ lineno);
+ }
+ tmpmask = 077;
+ }
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_INFO);
+ log_msg("setting %s's umask to %#o", user, tmpmask);
+ }
+@@ -980,27 +980,27 @@
+ opts->shell_flags = 0;
+ /* now set the user-specific flags */
+ if ( allow_scp ){
+- if (log) log_msg("allowing scp to user %s", user);
++ if (rsshlog) log_msg("allowing scp to user %s", user);
+ opts->shell_flags |= RSSH_ALLOW_SCP;
+ }
+ if ( allow_sftp ){
+- if (log) log_msg("allowing sftp to user %s", user);
++ if (rsshlog) log_msg("allowing sftp to user %s", user);
+ opts->shell_flags |= RSSH_ALLOW_SFTP;
+ }
+ if ( allow_cvs ){
+- if (log) log_msg("allowing cvs to user %s", user);
++ if (rsshlog) log_msg("allowing cvs to user %s", user);
+ opts->shell_flags |= RSSH_ALLOW_CVS;
+ }
+ if ( allow_rdist ){
+- if (log) log_msg("allowing rdist to user %s", user);
++ if (rsshlog) log_msg("allowing rdist to user %s", user);
+ opts->shell_flags |= RSSH_ALLOW_RDIST;
+ }
+ if ( allow_rsync ){
+- if (log) log_msg("allowing rsync to user %s", user);
++ if (rsshlog) log_msg("allowing rsync to user %s", user);
+ opts->shell_flags |= RSSH_ALLOW_RSYNC;
+ }
+ if ( path ){
+- if (log) log_msg("chrooting %s to %s", user, path);
++ if (rsshlog) log_msg("chrooting %s to %s", user, path);
+ opts->shell_flags |= RSSH_USE_CHROOT;
+ }
+ opts->chroot_path = path;
+@@ -1019,7 +1019,7 @@
+
+ /* make sure '=' is next token, otherwise syntax error */
+ if ( (pos = eat_assignment(line)) <= 0 ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("error parsing config file at line %d: "
+ "assignment expected", lineno);
+@@ -1028,7 +1028,7 @@
+ }
+ /* get the string parameter of the assignment */
+ if ( !(len = get_token((line + pos), buf, buflen, FALSE, FALSE)) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("syntax error parsing config file, line %d",
+ lineno);
+@@ -1038,7 +1038,7 @@
+ pos += len;
+ /* check for ending comment */
+ if ( !eat_comment(line + pos) ){
+- if (log){
++ if (rsshlog){
+ log_set_priority(LOG_ERR);
+ log_msg("syntax error parsing config file at line %d",
+ lineno);
Modified: trunk/shells/rssh/pkg-descr
===================================================================
--- trunk/shells/rssh/pkg-descr 2014-08-27 00:46:07 UTC (rev 16607)
+++ trunk/shells/rssh/pkg-descr 2014-08-27 00:50:41 UTC (rev 16608)
@@ -1,6 +1,6 @@
-rssh is a Restricted Secure SHell that allow only the use of sftp
-or scp. It could be use when you need an account (and a valid
-shell) in order to execute sftp or scp but when you don't want to
-give the possibility to log in to this user.
+rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp.
+It now also includes support for rdist, rsync, and CVS. For example, if you
+have a server which you only want to allow users to copy files off of via scp,
+without providing shell access, you can use rssh to do that.
WWW: http://www.pizzashack.org/rssh/index.shtml
Modified: trunk/shells/rssh/pkg-plist
===================================================================
--- trunk/shells/rssh/pkg-plist 2014-08-27 00:46:07 UTC (rev 16607)
+++ trunk/shells/rssh/pkg-plist 2014-08-27 00:50:41 UTC (rev 16608)
@@ -3,5 +3,5 @@
@unexec echo "updating /etc/shells"; cp /etc/shells /etc/shells.bak; (grep -v %D/%F /etc/shells.bak) >/etc/shells; rm -f /etc/shells.bak
man/man1/rssh.1.gz
man/man5/rssh.conf.5.gz
-etc/rssh.conf.dist
+etc/rssh.conf.default.dist
libexec/rssh_chroot_helper
More information about the Midnightbsd-cvs
mailing list