kaazoo/rssh-2.3.4_zfs_support.patch

## rssh-2.3.4_zfs_support.patch
diff --git a/configure b/configure
index b28f969..d96a6a7 100755
--- a/configure
+++ b/configure
@@ -311,7 +311,7 @@ ac_includes_default="\
 # include <unistd.h>
 #endif"

-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path rdist_path rsync_path static defcflags CHROOT_HELPER LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path rdist_path rsync_path zfs_path static defcflags CHROOT_HELPER LTLIBOBJS'
 ac_subst_files=''

 # Initialize some variables set by options.
@@ -861,6 +861,7 @@ Optional Packages:
   --with-cvs              specify path to cvs binary
   --with-rdist              specify path to rdist binary
   --with-rsync              specify path to rsync binary
+  --with-zfs              specify path to zfs binary

 Some influential environment variables:
   CC          C compiler command
@@ -5066,7 +5067,7 @@ echo "$as_me: WARNING: specified sftp-server binary does not exist" >&2;}
 fi


-# CVS, rdist, and rsync might not be installed.  But we don't want to force
+# CVS, rdist, rsync and zfs might not be installed.  But we don't want to force
 # the user to configure bogus paths, so default to /usr/bin/*

 # Check for cvs binary
@@ -5254,6 +5255,68 @@ echo "$as_me: WARNING: specified rsync binary does not exist" >&2;}
 fi


+# Check for zfs binary
+
+
+# Check whether --with-zfs or --without-zfs was given.
+if test "${with_zfs+set}" = set; then
+  withval="$with_zfs"
+  zfs_path="$withval"
+else
+  zfs_path=""
+fi;
+
+# Extract the first word of "zfs", so it can be a program name with args.
+set dummy zfs; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_zfs_path+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $zfs_path in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_zfs_path="$zfs_path" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_zfs_path="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  ;;
+esac
+fi
+zfs_path=$ac_cv_path_zfs_path
+
+if test -n "$zfs_path"; then
+  echo "$as_me:$LINENO: result: $zfs_path" >&5
+echo "${ECHO_T}$zfs_path" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+if test -z "$zfs_path"; then
+  { echo "$as_me:$LINENO: WARNING: can't find zfs - using /sbin/zfs.  Use --with-zfs to override" >&5
+echo "$as_me: WARNING: can't find zfs - using /sbin/zfs.  Use --with-zfs to override" >&2;}
+  zfs_path=/sbin/zfs
+fi
+
+if ! test -x "$zfs_path"; then
+  { echo "$as_me:$LINENO: WARNING: specified zfs binary does not exist" >&5
+echo "$as_me: WARNING: specified zfs binary does not exist" >&2;}
+fi
+
+
 # disable static configuration

 # Check whether --enable-static or --disable-static was given.
@@ -5990,6 +6053,7 @@ s,@sftp_path@,$sftp_path,;t t
 s,@cvs_path@,$cvs_path,;t t
 s,@rdist_path@,$rdist_path,;t t
 s,@rsync_path@,$rsync_path,;t t
+s,@zfs_path@,$zfs_path,;t t
 s,@static@,$static,;t t
 s,@defcflags@,$defcflags,;t t
 s,@CHROOT_HELPER@,$CHROOT_HELPER,;t t
diff --git a/main.c.in b/main.c.in
index 7d1695c..ac649e7 100644
--- a/main.c.in
+++ b/main.c.in
@@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo,
 			argvec[1] = "4";
 		else if ( !(strcmp(*cmd, PATH_RSYNC)) )
 			argvec[1] = "5";
+		else if ( !(strcmp(*cmd, PATH_ZFS)) )
+			argvec[1] = "6";
 		else {
 			log_set_priority(LOG_ERR);
 			log_msg("fatal error identifying the correct command "
@@ -267,7 +269,8 @@ void vers_info( void )
 	printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER);
 	printf("%20s = %s\n", "cvs binary path", PATH_CVS);
 	printf("%20s = %s\n", "rdist binary path", PATH_RDIST);
-	printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC);
+	printf("%20s = %s\n", "rsync binary path", PATH_RSYNC);
+	printf("%20s = %s\n\n", "zfs binary path", PATH_ZFS);
 }


diff --git a/pathnames.h.in b/pathnames.h.in
index 17e2fb7..683d692 100644
--- a/pathnames.h.in
+++ b/pathnames.h.in
@@ -36,6 +36,7 @@
 #define PATH_CVS		"@cvs_path@"
 #define PATH_RDIST		"@rdist_path@"
 #define PATH_RSYNC		"@rsync_path@"
+#define PATH_ZFS      "@zfs_path@"

 /* these generally are overridden by the makefile */
 #ifndef PATH_RSSH_CONFIG
diff --git a/rssh.conf.default b/rssh.conf.default
index c847565..bc3970d 100644
--- a/rssh.conf.default
+++ b/rssh.conf.default
@@ -11,6 +11,7 @@ logfacility = LOG_USER
 #allowcvs
 #allowrdist
 #allowrsync
+#allowzfs

 # set the default umask
 umask = 022
diff --git a/rssh.h b/rssh.h
index d15f645..eb19dd3 100644
--- a/rssh.h
+++ b/rssh.h
@@ -46,6 +46,7 @@ typedef char bool;
 #define RSSH_ALLOW_CVS   (1 << 2)
 #define RSSH_ALLOW_RDIST (1 << 3)
 #define RSSH_ALLOW_RSYNC (1 << 4)
-#define RSSH_USE_CHROOT	 (1 << 5)
+#define RSSH_ALLOW_ZFS   (1 << 5)
+#define RSSH_USE_CHROOT	 (1 << 6)

 #endif /* _rssh_h */
diff --git a/rsshconf.c b/rsshconf.c
index 6b4630f..ca41008 100644
--- a/rsshconf.c
+++ b/rsshconf.c
@@ -71,6 +71,7 @@ const char *keywords[] = {
 	"allowcvs",
 	"allowrdist",
 	"allowrsync",
+	"allowzfs",
 	"chrootpath",
 	"logfacility",
 	"umask",
@@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t *opts, const char *line,
 int process_allow_rsync( ShellOptions_t *opts, const char *line,
 		        const int lineno );

+int process_allow_zfs( ShellOptions_t *opts, const char *line,
+		        const int lineno );
+
 int get_token( const char *str, char *buf, const int buflen,
 	       const bool colon, const bool ign_spc );

@@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t	*opts,
 			return FALSE;
 		return TRUE;
 	case 6:
+		/* allow zfs */
+		if ( !(process_allow_zfs(opts, line + pos, lineno) ) )
+			return FALSE;
+		return TRUE;
+	case 7:
 		/* default chroot path */
 		if ( !(process_chroot_path(opts, line + pos, lineno) ) )
 			return FALSE;
 		return TRUE;
-	case 7:
+	case 8:
 		/* syslog log facility */
 		if ( !(process_log_facility(opts, line + pos, lineno) ) )
 			return FALSE;
 		return TRUE;
-	case 8:
+	case 9:
 		/* set the user's umask */
 		if ( !(process_umask(opts, line + pos, lineno) ) )
 			return FALSE;
 		return TRUE;
-	case 9:
+	case 10:
 		/* user */
 		if ( !(process_user(opts, line + pos, lineno) ) )
 			return FALSE;
@@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts,
 }


+/*
+ * process_allow_zfs() - make sure there are no tokens after the keyword,
+ *                      other than a possible comment.  If there are
+ *                      additional tokens other than comments, there is a
+ *                      syntax error, and FALSE is returned.  Otherwise, the
+ *                      line is ok, so opts are set to allow zfs, and TRUE
+ *                      is returned.
+ */
+int process_allow_zfs( ShellOptions_t *opts,
+		       const char *line,
+		       const int lineno )
+{
+	int pos;
+
+	if ( !(pos = eat_comment(line)) ){
+		if (log_en) log_msg("line %d: syntax error parsing config file",
+				lineno);
+		return FALSE;
+	}
+	if (log_en){
+		log_set_priority(LOG_INFO);
+		log_msg("allowing zfs to all users");
+	}
+	opts->shell_flags |= RSSH_ALLOW_ZFS;
+	return TRUE;
+}
+
+
 int process_chroot_path( ShellOptions_t *opts,
 		         const char *line,
 		         const int lineno )
@@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts,
 	bool	allow_cvs;
 	bool	allow_rdist;
 	bool	allow_rsync;
+	bool	allow_zfs;

 	/* make space for user options */
 	if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){
@@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts,
 		return FALSE;
 	}
 	if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs,
-			      &allow_rdist, &allow_rsync) ){
+			      &allow_rdist, &allow_rsync, &allow_zfs) ){
 		if (log_en){
 			log_set_priority(LOG_ERR);
 			log_msg("syntax error parsing access bits, line %d", lineno);
@@ -999,6 +1037,10 @@ cleanup:
 		if (log_en) log_msg("allowing rsync to user %s", user);
 		opts->shell_flags |= RSSH_ALLOW_RSYNC;
 	}
+	if ( allow_zfs ){
+		if (log_en) log_msg("allowing zfs to user %s", user);
+		opts->shell_flags |= RSSH_ALLOW_ZFS;
+	}
 	if ( path ){
 		if (log_en) log_msg("chrooting %s to %s", user, path);
 		opts->shell_flags |= RSSH_USE_CHROOT;
diff --git a/util.c b/util.c
index f98d2bc..01981f3 100644
--- a/util.c
+++ b/util.c
@@ -79,7 +79,8 @@ void fail( int flags, int argc, char **argv )
 	if ( flags & RSSH_ALLOW_SFTP ) size += 5;
 	if ( flags & RSSH_ALLOW_CVS ) size += 4;
 	if ( flags & RSSH_ALLOW_RDIST ) size += 6;
-	if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */
+	if ( flags & RSSH_ALLOW_RSYNC ) size += 6;
+	if ( flags & RSSH_ALLOW_ZFS ) size += 4; /* last one, no space */

 	/* create msg indicating what is allowed */
 	if ( !size ) cmd = "This user is locked out.";
@@ -101,6 +102,8 @@ void fail( int flags, int argc, char **argv )
 			strncat(cmd, "rdist ", size);
 		if ( flags & RSSH_ALLOW_RSYNC )
 			strncat(cmd, "rsync", size);
+		if ( flags & RSSH_ALLOW_ZFS )
+			strncat(cmd, "zfs", size);
 	}

 	/* print error message to user and log attempt */
@@ -241,6 +244,11 @@ char *check_command_line( char **cl, ShellOptions_t *opts )
 		}
 		return PATH_RSYNC;
 	}
+
+	if ( check_command(*cl, opts, PATH_ZFS, RSSH_ALLOW_ZFS) ){
+		return PATH_ZFS;
+	}
+
 	/* No match, return NULL */
 	return NULL;
 }
@@ -265,6 +273,8 @@ char *get_command( char *cl, ShellOptions_t *opts )
 		return PATH_RDIST;
 	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) )
 		return PATH_RSYNC;
+	if ( check_command(cl, opts, PATH_ZFS, RSSH_ALLOW_ZFS) )
+		return PATH_ZFS;
 	return NULL;
 }

@@ -330,22 +340,23 @@ int validate_umask( const char *temp, int *mask )
  *                     same name, and returns FALSE if the bits are not valid
  */
 int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
-		     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync )
+		     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, bool *allow_zfs )
 {
 	int	i;

-#define NUM_ACCESS_BITS 5
+#define NUM_ACCESS_BITS 6

 	if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE;
 	/* make sure the bits are valid */
 	for ( i = 0; i < NUM_ACCESS_BITS; i++ )
 		if ( temp[i] < '0' || temp[i] > '1' ) return FALSE;
 	/* This is easier to read if we allign the = */
-	*allow_rsync = temp[0] - '0';
-	*allow_rdist = temp[1] - '0';
-	*allow_cvs   = temp[2] - '0';
-	*allow_sftp  = temp[3] - '0';
-	*allow_scp   = temp[4] - '0';
+	*allow_zfs   = temp[0] - '0';
+	*allow_rsync = temp[1] - '0';
+	*allow_rdist = temp[2] - '0';
+	*allow_cvs   = temp[3] - '0';
+	*allow_sftp  = temp[4] - '0';
+	*allow_scp   = temp[5] - '0';
 	return TRUE;
 }

diff --git a/util.h b/util.h
index 8b81201..a5fcdb9 100644
--- a/util.h
+++ b/util.h
@@ -38,7 +38,7 @@ char *get_command( char *cl, ShellOptions_t *opts);
 char *extract_root( char *root, char *path );
 int  validate_umask( const char *temp, int *mask );
 int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp,
-	       	     bool *allow_cvs, bool *allow_rdist, bool *allow_rsync );
+	   bool *allow_cvs, bool *allow_rdist, bool *allow_rsync, bool *allow_zfs );
 bool opt_exist( char *cl, char opt );
 char *get_username( void );
	diff --git a/configure b/configure
	index b28f969..d96a6a7 100755
	--- a/configure
	+++ b/configure
	@@ -311,7 +311,7 @@ ac_includes_default="\
	# include <unistd.h>
	#endif"

	-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path rdist_path rsync_path static defcflags CHROOT_HELPER LTLIBOBJS'
	+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE LN_S CPP EGREP LIBOBJS scp_path sftp_path cvs_path rdist_path rsync_path zfs_path static defcflags CHROOT_HELPER LTLIBOBJS'
	ac_subst_files=''

	# Initialize some variables set by options.
	@@ -861,6 +861,7 @@ Optional Packages:
	--with-cvs specify path to cvs binary
	--with-rdist specify path to rdist binary
	--with-rsync specify path to rsync binary
	+ --with-zfs specify path to zfs binary

	Some influential environment variables:
	CC C compiler command
	@@ -5066,7 +5067,7 @@ echo "$as_me: WARNING: specified sftp-server binary does not exist" >&2;}
	fi


	-# CVS, rdist, and rsync might not be installed. But we don't want to force
	+# CVS, rdist, rsync and zfs might not be installed. But we don't want to force
	# the user to configure bogus paths, so default to /usr/bin/*

	# Check for cvs binary
	@@ -5254,6 +5255,68 @@ echo "$as_me: WARNING: specified rsync binary does not exist" >&2;}
	fi


	+# Check for zfs binary
	+
	+
	+# Check whether --with-zfs or --without-zfs was given.
	+if test "${with_zfs+set}" = set; then
	+ withval="$with_zfs"
	+ zfs_path="$withval"
	+else
	+ zfs_path=""
	+fi;
	+
	+# Extract the first word of "zfs", so it can be a program name with args.
	+set dummy zfs; ac_word=$2
	+echo "$as_me:$LINENO: checking for $ac_word" >&5
	+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
	+if test "${ac_cv_path_zfs_path+set}" = set; then
	+ echo $ECHO_N "(cached) $ECHO_C" >&6
	+else
	+ case $zfs_path in
	+ [\\/]* \| ?:[\\/]*)
	+ ac_cv_path_zfs_path="$zfs_path" # Let the user override the test with a path.
	+ ;;
	+ *)
	+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
	+for as_dir in $PATH
	+do
	+ IFS=$as_save_IFS
	+ test -z "$as_dir" && as_dir=.
	+ for ac_exec_ext in '' $ac_executable_extensions; do
	+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
	+ ac_cv_path_zfs_path="$as_dir/$ac_word$ac_exec_ext"
	+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
	+ break 2
	+ fi
	+done
	+done
	+
	+ ;;
	+esac
	+fi
	+zfs_path=$ac_cv_path_zfs_path
	+
	+if test -n "$zfs_path"; then
	+ echo "$as_me:$LINENO: result: $zfs_path" >&5
	+echo "${ECHO_T}$zfs_path" >&6
	+else
	+ echo "$as_me:$LINENO: result: no" >&5
	+echo "${ECHO_T}no" >&6
	+fi
	+
	+if test -z "$zfs_path"; then
	+ { echo "$as_me:$LINENO: WARNING: can't find zfs - using /sbin/zfs. Use --with-zfs to override" >&5
	+echo "$as_me: WARNING: can't find zfs - using /sbin/zfs. Use --with-zfs to override" >&2;}
	+ zfs_path=/sbin/zfs
	+fi
	+
	+if ! test -x "$zfs_path"; then
	+ { echo "$as_me:$LINENO: WARNING: specified zfs binary does not exist" >&5
	+echo "$as_me: WARNING: specified zfs binary does not exist" >&2;}
	+fi
	+
	+
	# disable static configuration

	# Check whether --enable-static or --disable-static was given.
	@@ -5990,6 +6053,7 @@ s,@sftp_path@,$sftp_path,;t t
	s,@cvs_path@,$cvs_path,;t t
	s,@rdist_path@,$rdist_path,;t t
	s,@rsync_path@,$rsync_path,;t t
	+s,@zfs_path@,$zfs_path,;t t
	s,@static@,$static,;t t
	s,@defcflags@,$defcflags,;t t
	s,@CHROOT_HELPER@,$CHROOT_HELPER,;t t
	diff --git a/main.c.in b/main.c.in
	index 7d1695c..ac649e7 100644
	--- a/main.c.in
	+++ b/main.c.in
	@@ -217,6 +217,8 @@ char **build_shell_args( struct passwd uinfo,
	argvec[1] = "4";
	else if ( !(strcmp(*cmd, PATH_RSYNC)) )
	argvec[1] = "5";
	+ else if ( !(strcmp(*cmd, PATH_ZFS)) )
	+ argvec[1] = "6";
	else {
	log_set_priority(LOG_ERR);
	log_msg("fatal error identifying the correct command "
	@@ -267,7 +269,8 @@ void vers_info( void )
	printf("%20s = %s\n", "sftp server binary", PATH_SFTP_SERVER);
	printf("%20s = %s\n", "cvs binary path", PATH_CVS);
	printf("%20s = %s\n", "rdist binary path", PATH_RDIST);
	- printf("%20s = %s\n\n", "rsync binary path", PATH_RSYNC);
	+ printf("%20s = %s\n", "rsync binary path", PATH_RSYNC);
	+ printf("%20s = %s\n\n", "zfs binary path", PATH_ZFS);
	}


	diff --git a/pathnames.h.in b/pathnames.h.in
	index 17e2fb7..683d692 100644
	--- a/pathnames.h.in
	+++ b/pathnames.h.in
	@@ -36,6 +36,7 @@
	#define PATH_CVS "@cvs_path@"
	#define PATH_RDIST "@rdist_path@"
	#define PATH_RSYNC "@rsync_path@"
	+#define PATH_ZFS "@zfs_path@"

	/* these generally are overridden by the makefile */
	#ifndef PATH_RSSH_CONFIG
	diff --git a/rssh.conf.default b/rssh.conf.default
	index c847565..bc3970d 100644
	--- a/rssh.conf.default
	+++ b/rssh.conf.default
	@@ -11,6 +11,7 @@ logfacility = LOG_USER
	#allowcvs
	#allowrdist
	#allowrsync
	+#allowzfs

	# set the default umask
	umask = 022
	diff --git a/rssh.h b/rssh.h
	index d15f645..eb19dd3 100644
	--- a/rssh.h
	+++ b/rssh.h
	@@ -46,6 +46,7 @@ typedef char bool;
	#define RSSH_ALLOW_CVS (1 << 2)
	#define RSSH_ALLOW_RDIST (1 << 3)
	#define RSSH_ALLOW_RSYNC (1 << 4)
	-#define RSSH_USE_CHROOT (1 << 5)
	+#define RSSH_ALLOW_ZFS (1 << 5)
	+#define RSSH_USE_CHROOT (1 << 6)

	#endif /* _rssh_h */
	diff --git a/rsshconf.c b/rsshconf.c
	index 6b4630f..ca41008 100644
	--- a/rsshconf.c
	+++ b/rsshconf.c
	@@ -71,6 +71,7 @@ const char *keywords[] = {
	"allowcvs",
	"allowrdist",
	"allowrsync",
	+ "allowzfs",
	"chrootpath",
	"logfacility",
	"umask",
	@@ -106,6 +107,9 @@ int process_allow_rdist( ShellOptions_t opts, const char line,
	int process_allow_rsync( ShellOptions_t opts, const char line,
	const int lineno );

	+int process_allow_zfs( ShellOptions_t opts, const char line,
	+ const int lineno );
	+
	int get_token( const char str, char buf, const int buflen,
	const bool colon, const bool ign_spc );

	@@ -220,21 +224,26 @@ int process_config_line( ShellOptions_t *opts,
	return FALSE;
	return TRUE;
	case 6:
	+ /* allow zfs */
	+ if ( !(process_allow_zfs(opts, line + pos, lineno) ) )
	+ return FALSE;
	+ return TRUE;
	+ case 7:
	/* default chroot path */
	if ( !(process_chroot_path(opts, line + pos, lineno) ) )
	return FALSE;
	return TRUE;
	- case 7:
	+ case 8:
	/* syslog log facility */
	if ( !(process_log_facility(opts, line + pos, lineno) ) )
	return FALSE;
	return TRUE;
	- case 8:
	+ case 9:
	/* set the user's umask */
	if ( !(process_umask(opts, line + pos, lineno) ) )
	return FALSE;
	return TRUE;
	- case 9:
	+ case 10:
	/* user */
	if ( !(process_user(opts, line + pos, lineno) ) )
	return FALSE;
	@@ -557,6 +566,34 @@ int process_allow_rsync( ShellOptions_t *opts,
	}


	+/*
	+ * process_allow_zfs() - make sure there are no tokens after the keyword,
	+ * other than a possible comment. If there are
	+ * additional tokens other than comments, there is a
	+ * syntax error, and FALSE is returned. Otherwise, the
	+ * line is ok, so opts are set to allow zfs, and TRUE
	+ * is returned.
	+ */
	+int process_allow_zfs( ShellOptions_t *opts,
	+ const char *line,
	+ const int lineno )
	+{
	+ int pos;
	+
	+ if ( !(pos = eat_comment(line)) ){
	+ if (log_en) log_msg("line %d: syntax error parsing config file",
	+ lineno);
	+ return FALSE;
	+ }
	+ if (log_en){
	+ log_set_priority(LOG_INFO);
	+ log_msg("allowing zfs to all users");
	+ }
	+ opts->shell_flags \|= RSSH_ALLOW_ZFS;
	+ return TRUE;
	+}
	+
	+
	int process_chroot_path( ShellOptions_t *opts,
	const char *line,
	const int lineno )
	@@ -854,6 +891,7 @@ int process_user( ShellOptions_t *opts,
	bool allow_cvs;
	bool allow_rdist;
	bool allow_rsync;
	+ bool allow_zfs;

	/* make space for user options */
	if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){
	@@ -925,7 +963,7 @@ int process_user( ShellOptions_t *opts,
	return FALSE;
	}
	if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs,
	- &allow_rdist, &allow_rsync) ){
	+ &allow_rdist, &allow_rsync, &allow_zfs) ){
	if (log_en){
	log_set_priority(LOG_ERR);
	log_msg("syntax error parsing access bits, line %d", lineno);
	@@ -999,6 +1037,10 @@ cleanup:
	if (log_en) log_msg("allowing rsync to user %s", user);
	opts->shell_flags \|= RSSH_ALLOW_RSYNC;
	}
	+ if ( allow_zfs ){
	+ if (log_en) log_msg("allowing zfs to user %s", user);
	+ opts->shell_flags \|= RSSH_ALLOW_ZFS;
	+ }
	if ( path ){
	if (log_en) log_msg("chrooting %s to %s", user, path);
	opts->shell_flags \|= RSSH_USE_CHROOT;
	diff --git a/util.c b/util.c
	index f98d2bc..01981f3 100644
	--- a/util.c
	+++ b/util.c
	@@ -79,7 +79,8 @@ void fail( int flags, int argc, char **argv )
	if ( flags & RSSH_ALLOW_SFTP ) size += 5;
	if ( flags & RSSH_ALLOW_CVS ) size += 4;
	if ( flags & RSSH_ALLOW_RDIST ) size += 6;
	- if ( flags & RSSH_ALLOW_RSYNC ) size += 5; /* last one, no space */
	+ if ( flags & RSSH_ALLOW_RSYNC ) size += 6;
	+ if ( flags & RSSH_ALLOW_ZFS ) size += 4; /* last one, no space */

	/* create msg indicating what is allowed */
	if ( !size ) cmd = "This user is locked out.";
	@@ -101,6 +102,8 @@ void fail( int flags, int argc, char **argv )
	strncat(cmd, "rdist ", size);
	if ( flags & RSSH_ALLOW_RSYNC )
	strncat(cmd, "rsync", size);
	+ if ( flags & RSSH_ALLOW_ZFS )
	+ strncat(cmd, "zfs", size);
	}

	/* print error message to user and log attempt */
	@@ -241,6 +244,11 @@ char check_command_line( char cl, ShellOptions_t opts )
	}
	return PATH_RSYNC;
	}
	+
	+ if ( check_command(*cl, opts, PATH_ZFS, RSSH_ALLOW_ZFS) ){
	+ return PATH_ZFS;
	+ }
	+
	/* No match, return NULL */
	return NULL;
	}
	@@ -265,6 +273,8 @@ char get_command( char cl, ShellOptions_t *opts )
	return PATH_RDIST;
	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) )
	return PATH_RSYNC;
	+ if ( check_command(cl, opts, PATH_ZFS, RSSH_ALLOW_ZFS) )
	+ return PATH_ZFS;
	return NULL;
	}

	@@ -330,22 +340,23 @@ int validate_umask( const char temp, int mask )
	* same name, and returns FALSE if the bits are not valid
	*/
	int validate_access( const char temp, bool allow_sftp, bool *allow_scp,
	- bool allow_cvs, bool allow_rdist, bool *allow_rsync )
	+ bool allow_cvs, bool allow_rdist, bool allow_rsync, bool allow_zfs )
	{
	int i;

	-#define NUM_ACCESS_BITS 5
	+#define NUM_ACCESS_BITS 6

	if ( strlen(temp) != NUM_ACCESS_BITS ) return FALSE;
	/* make sure the bits are valid */
	for ( i = 0; i < NUM_ACCESS_BITS; i++ )
	if ( temp[i] < '0' \|\| temp[i] > '1' ) return FALSE;
	/* This is easier to read if we allign the = */
	- *allow_rsync = temp[0] - '0';
	- *allow_rdist = temp[1] - '0';
	- *allow_cvs = temp[2] - '0';
	- *allow_sftp = temp[3] - '0';
	- *allow_scp = temp[4] - '0';
	+ *allow_zfs = temp[0] - '0';
	+ *allow_rsync = temp[1] - '0';
	+ *allow_rdist = temp[2] - '0';
	+ *allow_cvs = temp[3] - '0';
	+ *allow_sftp = temp[4] - '0';
	+ *allow_scp = temp[5] - '0';
	return TRUE;
	}

	diff --git a/util.h b/util.h
	index 8b81201..a5fcdb9 100644
	--- a/util.h
	+++ b/util.h
	@@ -38,7 +38,7 @@ char get_command( char cl, ShellOptions_t *opts);
	char extract_root( char root, char *path );
	int validate_umask( const char temp, int mask );
	int validate_access( const char temp, bool allow_sftp, bool *allow_scp,
	- bool allow_cvs, bool allow_rdist, bool *allow_rsync );
	+ bool allow_cvs, bool allow_rdist, bool allow_rsync, bool allow_zfs );
	bool opt_exist( char *cl, char opt );
	char *get_username( void );