aboutsummaryrefslogtreecommitdiffstats
path: root/community
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2016-11-30 15:45:47 +0100
committerJakub Jirutka <jakub@jirutka.cz>2016-11-30 15:45:47 +0100
commitbf57e9098049a430cb2fb630eced9701f13e1b98 (patch)
tree33280735468c9e23c55620ed146f580c9c390622 /community
parente01ae805e5b356a814c3e24e6ef2c1983422754e (diff)
downloadaports-bf57e9098049a430cb2fb630eced9701f13e1b98.tar.bz2
aports-bf57e9098049a430cb2fb630eced9701f13e1b98.tar.xz
community/rssh: move from testing
Diffstat (limited to 'community')
-rw-r--r--community/rssh/APKBUILD51
-rw-r--r--community/rssh/fix-error-message-for-invalid-option.patch18
-rw-r--r--community/rssh/handle-rsync-v3-e-option.patch130
-rw-r--r--community/rssh/makefile.patch15
-rw-r--r--community/rssh/rssh.post-deinstall4
-rw-r--r--community/rssh/rssh.post-install4
6 files changed, 222 insertions, 0 deletions
diff --git a/community/rssh/APKBUILD b/community/rssh/APKBUILD
new file mode 100644
index 0000000000..8830857b86
--- /dev/null
+++ b/community/rssh/APKBUILD
@@ -0,0 +1,51 @@
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
+pkgname=rssh
+pkgver=2.3.4
+pkgrel=0
+pkgdesc="Restricted shell for use with OpenSSH, allowing only scp, sftp, and/or rsync"
+url="http://www.pizzashack.org/rssh/"
+arch="all"
+license="BSD"
+depends="openssh"
+makedepends="rsync"
+install="$pkgname.post-install $pkgname.post-deinstall"
+subpackages="$pkgname-doc"
+source="http://prdownloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+ makefile.patch
+ fix-error-message-for-invalid-option.patch
+ handle-rsync-v3-e-option.patch"
+options="suid"
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libexecdir=/usr/lib/$pkgname \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --localstatedir=/var \
+ || return 1
+ make || return 1
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install || return 1
+}
+
+md5sums="5211f5fe206704f813a3cec61f487042 rssh-2.3.4.tar.gz
+7a916b10032af5fe6ac74e5988771022 makefile.patch
+bd14dc3608413df3eb76f7e9c4a3b2d9 fix-error-message-for-invalid-option.patch
+be33f477870f614c52d5456d5ea7cda5 handle-rsync-v3-e-option.patch"
+sha256sums="f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 rssh-2.3.4.tar.gz
+cc9ad2cd8759840453fa3976ad35794ef959743ffd409b410ff7289beebf4c58 makefile.patch
+c03b02deca6793ee05ab4f9f99393ae3c2d8f3747cbc23b00387f1a171173aea fix-error-message-for-invalid-option.patch
+0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91 handle-rsync-v3-e-option.patch"
+sha512sums="c1a77abdf4abe5f936fb1c9c008fc81fabf7b624d69ed31fe2ae5619dfa4a79f1d4a4f2daa5291a36d40353fa2168e74e5ba61294230d702fcdc88ae0d520487 rssh-2.3.4.tar.gz
+24a58353ed2714eafe26326e5a4065bac83bcb20af07ddb64270b9ed607127c896947c45badf2e67b18672ced90557c885ce13fc540cc3bbb0bc6b7e547f0c11 makefile.patch
+abad4a707f7851c60549d6073c331a4a2b47bdcf97956d5cbad3af9bcb83d6ad33694ac3270df5c7df6ec709026e0253c49024fa20a33a453524547031df77aa fix-error-message-for-invalid-option.patch
+942dd8e0495cf13bbb679332cab6c1781560e32ade0905527fe71e5399f930edfe0c442653deb218a182b11e49599c3bd78d0fc715de45cf9aa078e6a586b9c7 handle-rsync-v3-e-option.patch"
diff --git a/community/rssh/fix-error-message-for-invalid-option.patch b/community/rssh/fix-error-message-for-invalid-option.patch
new file mode 100644
index 0000000000..10ed0583f3
--- /dev/null
+++ b/community/rssh/fix-error-message-for-invalid-option.patch
@@ -0,0 +1,18 @@
+From: Russ Allbery <rra@debian.org>
+Subject: [PATCH] Fix error message from invalid options
+
+Don't refer to all invalid options as invalid scp options.
+
+Signed-off-by: Russ Allbery <rra@debian.org>
+
+--- a/util.c
++++ b/util.c
+@@ -152,7 +152,7 @@ bool opt_filter(char **vec, const char opt)
+ while (vec && *vec){
+ if (opt_exist(*vec, opt)){
+ fprintf(stderr, "\nillegal insecure %c option", opt);
+- log_msg("insecure %c option in scp command line!", opt);
++ log_msg("insecure %c option in command line!", opt);
+ return TRUE;
+ }
+ vec++;
diff --git a/community/rssh/handle-rsync-v3-e-option.patch b/community/rssh/handle-rsync-v3-e-option.patch
new file mode 100644
index 0000000000..e1694ee0ad
--- /dev/null
+++ b/community/rssh/handle-rsync-v3-e-option.patch
@@ -0,0 +1,130 @@
+From: Russ Allbery <rra@stanford.edu>
+Subject: [PATCH] Handle the rsync v3 -e option for protocol information
+
+As of rsync 3, rsync reused the -e option to pass protocol information
+from the client to the server. We therefore cannot reject all -e
+options to rsync, only ones not sent with --server or containing
+something other than protocol information as an argument.
+
+Also scan the rsync command line for any --rsh option and reject it as
+well. This replaces and improves the upstream strategy for rejecting
+that command-line option, taking advantage of the parsing added to
+check the -e option.
+
+Based on work by Robert Hardy.
+
+Debian Bug#471803
+
+Signed-off-by: Russ Allbery <rra@stanford.edu>
+
+---
+ util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 72 insertions(+), 8 deletions(-)
+
+diff --git a/util.c b/util.c
+index f98d2bc..a257b06 100644
+--- a/util.c
++++ b/util.c
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif /* HAVE_LIBGEN_H */
++#include <regex.h>
+
+ /* LOCAL INCLUDES */
+ #include "pathnames.h"
+@@ -198,6 +199,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag )
+
+
+ /*
++ * rsync_e_okay() - take the command line passed to rssh and look for an -e
++ * option. If one is found, make sure --server is provided
++ * and the option contains only the protocol information.
++ * Also check for and reject any --rsh option. Returns FALSE
++ * if the command line should not be allowed, TRUE if it is
++ * okay.
++ */
++static int rsync_e_okay( char **vec )
++{
++ regex_t re;
++ int server = FALSE;
++ int e_found = FALSE;
++
++ /*
++ * rsync will send -e, followed by either just "." (meaning no special
++ * protocol) or "N.N" (meaning a pre-release protocol version),
++ * followed by some number of alphabetic flags indicating various
++ * supported options. There may be other options between - and the e,
++ * but -e will always be the last option in the string. A typical
++ * option passed by the client is "-ltpre.iL".
++ *
++ * Note that if --server is given, this should never be parsed as a
++ * shell, but we'll tightly verify it anyway, just in case.
++ *
++ * This regex matches the acceptable flags containing -e, so if it
++ * does not match, the command line should be rejected.
++ */
++ static const char pattern[]
++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$";
++
++ /*
++ * Only recognize --server if it's the first option. rsync itself
++ * always passes it that way, and if it's not the first argument, it
++ * could be hidden from the server as an argument to some other
++ * option.
++ */
++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){
++ server = TRUE;
++ }
++
++ /* Check the remaining options for -e or --rsh. */
++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
++ return FALSE;
++ }
++ while (vec && *vec){
++ if ( strcmp(*vec, "--") == 0 ) break;
++ if ( strcmp(*vec, "--rsh") == 0
++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){
++ e_found = TRUE;
++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ }
++ vec++;
++ }
++ regfree(&re);
++ if ( e_found && !server ) return FALSE;
++ return TRUE;
++}
++
++
++/*
+ * check_command_line() - take the command line passed to rssh, and verify
+ * that the specified command is one the user is
+ * allowed to run and validate the arguments. Return the
+@@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts )
+
+ if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ /* filter -e option */
+- if ( opt_filter(cl, 'e') ) return NULL;
+- while (cl && *cl){
+- if ( strstr(*cl, "--rsh" ) ){
+- fprintf(stderr, "\ninsecure --rsh= not allowed.");
+- log_msg("insecure --rsh option in rsync command line!");
+- return NULL;
+- }
+- cl++;
++ if ( !rsync_e_okay(cl) ){
++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed.");
++ log_msg("insecure -e or --rsh option in rsync command line!");
++ return NULL;
+ }
+ return PATH_RSYNC;
+ }
+--
+tg: (f8b36e2..) fixes/rsync-protocol (depends on: upstream)
diff --git a/community/rssh/makefile.patch b/community/rssh/makefile.patch
new file mode 100644
index 0000000000..ac13d67dd4
--- /dev/null
+++ b/community/rssh/makefile.patch
@@ -0,0 +1,15 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -727,10 +727,10 @@ uninstall-man: uninstall-man1 uninstall-
+
+
+ .c.o:
+- $(CC) -c $(DEFS) $(ourdefs) $(AM_CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
++ $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
+
+ install-exec-hook:
+- chmod u+s $(libexecdir)/rssh_chroot_helper
++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
+
+ rpm: dist
+ rpmbuild -ta --sign $(base).tar.gz
diff --git a/community/rssh/rssh.post-deinstall b/community/rssh/rssh.post-deinstall
new file mode 100644
index 0000000000..5cf5331a11
--- /dev/null
+++ b/community/rssh/rssh.post-deinstall
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+remove-shell /usr/bin/rssh
+exit 0
diff --git a/community/rssh/rssh.post-install b/community/rssh/rssh.post-install
new file mode 100644
index 0000000000..926f258224
--- /dev/null
+++ b/community/rssh/rssh.post-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+add-shell /usr/bin/rssh
+exit 0