Last active
February 10, 2022 00:53
-
-
Save kaazoo/1358e893033f536802f9 to your computer and use it in GitHub Desktop.
rssh-2.3.4_zfs_support.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/configure b/configure | |
index b28f969..d96a6a7 100755 | |
--- a/configure | |
+++ b/configure | |
@@ -311,7 +311,7 @@ ac_includes_default="\ | |
# include <unistd.h> | |
#endif" | |
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path rdist_path rsync_path static defcflags CHROOT_HELPER LTLIBOBJS' | |
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path rdist_path rsync_path zfs_path static defcflags CHROOT_HELPER LTLIBOBJS' | |
ac_subst_files='' | |
# Initialize some variables set by options. | |
@@ -861,6 +861,7 @@ Optional Packages: | |
--with-cvs specify path to cvs binary | |
--with-rdist specify path to rdist binary | |
--with-rsync specify path to rsync binary | |
+ --with-zfs specify path to zfs binary | |
Some influential environment variables: | |
CC C compiler command | |
@@ -5066,7 +5067,7 @@ echo "$as_me: WARNING: specified sftp-server binary does not exist" >&2;} | |
fi | |
-# CVS, rdist, and rsync might not be installed. But we don't want to force | |
+# CVS, rdist, rsync and zfs might not be installed. But we don't want to force | |
# the user to configure bogus paths, so default to /usr/bin/* | |
# Check for cvs binary | |
@@ -5254,6 +5255,68 @@ echo "$as_me: WARNING: specified rsync binary does not exist" >&2;} | |
fi | |
+# Check for zfs binary | |
+ | |
+ | |
+# Check whether --with-zfs or --without-zfs was given. | |
+if test "${with_zfs+set}" = set; then | |
+ withval="$with_zfs" | |
+ zfs_path="$withval" | |
+else | |
+ zfs_path="" | |
+fi; | |
+ | |
+# Extract the first word of "zfs", so it can be a program name with args. | |
+set dummy zfs; ac_word=$2 | |
+echo "$as_me:$LINENO: checking for $ac_word" >&5 | |
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 | |
+if test "${ac_cv_path_zfs_path+set}" = set; then | |
+ echo $ECHO_N "(cached) $ECHO_C" >&6 | |
+else | |
+ case $zfs_path in | |
+ [\\/]* | ?:[\\/]*) | |
+ ac_cv_path_zfs_path="$zfs_path" # Let the user override the test with a path. | |
+ ;; | |
+ *) | |
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | |
+for as_dir in $PATH | |
+do | |
+ IFS=$as_save_IFS | |
+ test -z "$as_dir" && as_dir=. | |
+ for ac_exec_ext in '' $ac_executable_extensions; do | |
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | |
+ ac_cv_path_zfs_path="$as_dir/$ac_word$ac_exec_ext" | |
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 | |
+ break 2 | |
+ fi | |
+done | |
+done | |
+ | |
+ ;; | |
+esac | |
+fi | |
+zfs_path=$ac_cv_path_zfs_path | |
+ | |
+if test -n "$zfs_path"; then | |
+ echo "$as_me:$LINENO: result: $zfs_path" >&5 | |
+echo "${ECHO_T}$zfs_path" >&6 | |
+else | |
+ echo "$as_me:$LINENO: result: no" >&5 | |
+echo "${ECHO_T}no" >&6 | |
+fi | |
+ | |
+if test -z "$zfs_path"; then | |
+ { echo "$as_me:$LINENO: WARNING: can't find zfs - using /sbin/zfs. Use --with-zfs to override" >&5 | |
+echo "$as_me: WARNING: can't find zfs - using /sbin/zfs. Use --with-zfs to override" >&2;} | |
+ zfs_path=/sbin/zfs | |
+fi | |
+ | |
+if ! test -x "$zfs_path"; then | |
+ { echo "$as_me:$LINENO: WARNING: specified zfs binary does not exist" >&5 | |
+echo "$as_me: WARNING: specified zfs binary does not exist" >&2;} | |
+fi | |
+ | |
+ | |
# disable static configuration | |
# Check whether --enable-static or --disable-static was given. | |
@@ -5990,6 +6053,7 @@ s,@sftp_path@,$sftp_path,;t t | |
s,@cvs_path@,$cvs_path,;t t | |
s,@rdist_path@,$rdist_path,;t t | |
s,@rsync_path@,$rsync_path,;t t | |
+s,@zfs_path@,$zfs_path,;t t | |
s,@static@,$static,;t t | |
s,@defcflags@,$defcflags,;t t | |
s,@CHROOT_HELPER@,$CHROOT_HELPER,;t t | |
diff --git a/main.c.in b/main.c.in | |
index 7d1695c..ac649e7 100644 | |
--- a/main.c.in | |
+++ b/main.c.in | |
@@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo, | |
argvec[1] = "4"; | |
else if ( !(strcmp(*cmd, PATH_RSYNC)) ) | |
argvec[1] = "5"; | |
+ else if ( !(strcmp(*cmd, PATH_ZFS)) ) | |
+ argvec[1] = "6"; | |
else { | |
log_set_priority(LOG_ERR); | |
log_msg("fatal error identifying the correct command " | |
@@ -267,7 +269,8 @@ void vers_info( void ) | |
printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER); | |
printf("%20s = %s\n", "cvs binary path", PATH_CVS); | |
printf("%20s = %s\n", "rdist binary path", PATH_RDIST); | |
- printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC); | |
+ printf("%20s = %s\n", "rsync binary path", PATH_RSYNC); | |
+ printf("%20s = %s\n\n", "zfs binary path", PATH_ZFS); | |
} | |
diff --git a/pathnames.h.in b/pathnames.h.in | |
index 17e2fb7..683d692 100644 | |
--- a/pathnames.h.in | |
+++ b/pathnames.h.in | |
@@ -36,6 +36,7 @@ | |
#define PATH_CVS "@cvs_path@" | |
#define PATH_RDIST "@rdist_path@" | |
#define PATH_RSYNC "@rsync_path@" | |
+#define PATH_ZFS "@zfs_path@" | |
/* these generally are overridden by the makefile */ | |
#ifndef PATH_RSSH_CONFIG | |
diff --git a/rssh.conf.default b/rssh.conf.default | |
index c847565..bc3970d 100644 | |
--- a/rssh.conf.default | |
+++ b/rssh.conf.default | |
@@ -11,6 +11,7 @@ logfacility = LOG_USER | |
#allowcvs | |
#allowrdist | |
#allowrsync | |
+#allowzfs | |
# set the default umask | |
umask = 022 | |
diff --git a/rssh.h b/rssh.h | |
index d15f645..eb19dd3 100644 | |
--- a/rssh.h | |
+++ b/rssh.h | |
@@ -46,6 +46,7 @@ typedef char bool; | |
#define RSSH_ALLOW_CVS (1 << 2) | |
#define RSSH_ALLOW_RDIST (1 << 3) | |
#define RSSH_ALLOW_RSYNC (1 << 4) | |
-#define RSSH_USE_CHROOT (1 << 5) | |
+#define RSSH_ALLOW_ZFS (1 << 5) | |
+#define RSSH_USE_CHROOT (1 << 6) | |
#endif /* _rssh_h */ | |
diff --git a/rsshconf.c b/rsshconf.c | |
index 6b4630f..ca41008 100644 | |
--- a/rsshconf.c | |
+++ b/rsshconf.c | |
@@ -71,6 +71,7 @@ const char *keywords[] = { | |
"allowcvs", | |
"allowrdist", | |
"allowrsync", | |
+ "allowzfs", | |
"chrootpath", | |
"logfacility", | |
"umask", | |
@@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line, | |
int process_allow_rsync( ShellOptions_t *opts, const char *line, | |
const int lineno ); | |
+int process_allow_zfs( ShellOptions_t *opts, const char *line, | |
+ const int lineno ); | |
+ | |
int get_token( const char *str, char *buf, const int buflen, | |
const bool colon, const bool ign_spc ); | |
@@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts, | |
return FALSE; | |
return TRUE; | |
case 6: | |
+ /* allow zfs */ | |
+ if ( !(process_allow_zfs(opts, line + pos, lineno) ) ) | |
+ return FALSE; | |
+ return TRUE; | |
+ case 7: | |
/* default chroot path */ | |
if ( !(process_chroot_path(opts, line + pos, lineno) ) ) | |
return FALSE; | |
return TRUE; | |
- case 7: | |
+ case 8: | |
/* syslog log facility */ | |
if ( !(process_log_facility(opts, line + pos, lineno) ) ) | |
return FALSE; | |
return TRUE; | |
- case 8: | |
+ case 9: | |
/* set the user's umask */ | |
if ( !(process_umask(opts, line + pos, lineno) ) ) | |
return FALSE; | |
return TRUE; | |
- case 9: | |
+ case 10: | |
/* user */ | |
if ( !(process_user(opts, line + pos, lineno) ) ) | |
return FALSE; | |
@@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts, | |
} | |
+/* | |
+ * process_allow_zfs() - make sure there are no tokens after the keyword, | |
+ * other than a possible comment. If there are | |
+ * additional tokens other than comments, there is a | |
+ * syntax error, and FALSE is returned. Otherwise, the | |
+ * line is ok, so opts are set to allow zfs, and TRUE | |
+ * is returned. | |
+ */ | |
+int process_allow_zfs( ShellOptions_t *opts, | |
+ const char *line, | |
+ const int lineno ) | |
+{ | |
+ int pos; | |
+ | |
+ if ( !(pos = eat_comment(line)) ){ | |
+ if (log_en) log_msg("line %d: syntax error parsing config file", | |
+ lineno); | |
+ return FALSE; | |
+ } | |
+ if (log_en){ | |
+ log_set_priority(LOG_INFO); | |
+ log_msg("allowing zfs to all users"); | |
+ } | |
+ opts->shell_flags |= RSSH_ALLOW_ZFS; | |
+ return TRUE; | |
+} | |
+ | |
+ | |
int process_chroot_path( ShellOptions_t *opts, | |
const char *line, | |
const int lineno ) | |
@@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts, | |
bool allow_cvs; | |
bool allow_rdist; | |
bool allow_rsync; | |
+ bool allow_zfs; | |
/* make space for user options */ | |
if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ | |
@@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts, | |
return FALSE; | |
} | |
if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, | |
- &allow_rdist, &allow_rsync) ){ | |
+ &allow_rdist, &allow_rsync, &allow_zfs) ){ | |
if (log_en){ | |
log_set_priority(LOG_ERR); | |
log_msg("syntax error parsing access bits, line %d", lineno); | |
@@ -999,6 +1037,10 @@ cleanup: | |
if (log_en) log_msg("allowing rsync to user %s", user); | |
opts->shell_flags |= RSSH_ALLOW_RSYNC; | |
} | |
+ if ( allow_zfs ){ | |
+ if (log_en) log_msg("allowing zfs to user %s", user); | |
+ opts->shell_flags |= RSSH_ALLOW_ZFS; | |
+ } | |
if ( path ){ | |
if (log_en) log_msg("chrooting %s to %s", user, path); | |
opts->shell_flags |= RSSH_USE_CHROOT; | |
diff --git a/util.c b/util.c | |
index f98d2bc..01981f3 100644 | |
--- a/util.c | |
+++ b/util.c | |
@@ -79,7 +79,8 @@ void fail( int flags, int argc, char **argv ) | |
if ( flags & RSSH_ALLOW_SFTP ) size += 5; | |
if ( flags & RSSH_ALLOW_CVS ) size += 4; | |
if ( flags & RSSH_ALLOW_RDIST ) size += 6; | |
- if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */ | |
+ if ( flags & RSSH_ALLOW_RSYNC ) size += 6; | |
+ if ( flags & RSSH_ALLOW_ZFS ) size += 4; /* last one, no space */ | |
/* create msg indicating what is allowed */ | |
if ( !size ) cmd = "This user is locked out."; | |
@@ -101,6 +102,8 @@ void fail( int flags, int argc, char **argv ) | |
strncat(cmd, "rdist ", size); | |
if ( flags & RSSH_ALLOW_RSYNC ) | |
strncat(cmd, "rsync", size); | |
+ if ( flags & RSSH_ALLOW_ZFS ) | |
+ strncat(cmd, "zfs", size); | |
} | |
/* print error message to user and log attempt */ | |
@@ -241,6 +244,11 @@ char *check_command_line( char **cl, ShellOptions_t *opts ) | |
} | |
return PATH_RSYNC; | |
} | |
+ | |
+ if ( check_command(*cl, opts, PATH_ZFS, RSSH_ALLOW_ZFS) ){ | |
+ return PATH_ZFS; | |
+ } | |
+ | |
/* No match, return NULL */ | |
return NULL; | |
} | |
@@ -265,6 +273,8 @@ char *get_command( char *cl, ShellOptions_t *opts ) | |
return PATH_RDIST; | |
if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) | |
return PATH_RSYNC; | |
+ if ( check_command(cl, opts, PATH_ZFS, RSSH_ALLOW_ZFS) ) | |
+ return PATH_ZFS; | |
return NULL; | |
} | |
@@ -330,22 +340,23 @@ int validate_umask( const char *temp, int *mask ) | |
* same name, and returns FALSE if the bits are not valid | |
*/ | |
int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, | |
- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) | |
+ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, bool *allow_zfs ) | |
{ | |
int i; | |
-#define NUM_ACCESS_BITS 5 | |
+#define NUM_ACCESS_BITS 6 | |
if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE; | |
/* make sure the bits are valid */ | |
for ( i = 0; i < NUM_ACCESS_BITS; i++ ) | |
if ( temp[i] < '0' || temp[i] > '1' ) return FALSE; | |
/* This is easier to read if we allign the = */ | |
- *allow_rsync = temp[0] - '0'; | |
- *allow_rdist = temp[1] - '0'; | |
- *allow_cvs = temp[2] - '0'; | |
- *allow_sftp = temp[3] - '0'; | |
- *allow_scp = temp[4] - '0'; | |
+ *allow_zfs = temp[0] - '0'; | |
+ *allow_rsync = temp[1] - '0'; | |
+ *allow_rdist = temp[2] - '0'; | |
+ *allow_cvs = temp[3] - '0'; | |
+ *allow_sftp = temp[4] - '0'; | |
+ *allow_scp = temp[5] - '0'; | |
return TRUE; | |
} | |
diff --git a/util.h b/util.h | |
index 8b81201..a5fcdb9 100644 | |
--- a/util.h | |
+++ b/util.h | |
@@ -38,7 +38,7 @@ char *get_command( char *cl, ShellOptions_t *opts); | |
char *extract_root( char *root, char *path ); | |
int validate_umask( const char *temp, int *mask ); | |
int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, | |
- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ); | |
+ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, bool *allow_zfs ); | |
bool opt_exist( char *cl, char opt ); | |
char *get_username( void ); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment