Date: Wed, 21 Apr 2004 13:55:53 -0700 (PDT) From: nigmatyc <enispam@noos.fr> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/65860: [New Port] shell/rssh Message-ID: <200404212055.i3LKtrs7034497@www.freebsd.org> Resent-Message-ID: <200404212100.i3LL0VeC008185@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 65860
>Category: ports
>Synopsis: [New Port] shell/rssh
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Apr 21 14:00:31 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: nigmatyc
>Release: FreeBSD 5.2.1-RELEASE-p4 i386
>Organization:
>Environment:
FreeBSD toaster.open-coder.org 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #0: Wed Apr 14 13:25:08 CEST 2004 enigmatyc@toaster.open-coder.org:/usr/obj/usr/src/sys/TOASTER i386
>Description:
It is a shell that allow only the use of scp and/or sftp.
For exemple, if you host an arch repository and want a lot of security (sftp), you can give this account to the commiters.
>How-To-Repeat:
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# rssh
# rssh/distinfo
# rssh/Makefile
# rssh/files
# rssh/files/patch-util.c
# rssh/pkg-descr
# rssh/pkg-plist
#
echo c - rssh
mkdir -p rssh > /dev/null 2>&1
echo x - rssh/distinfo
sed 's/^X//' >rssh/distinfo << 'END-of-rssh/distinfo'
XMD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139
XSIZE (rssh-2.1.1.tar.gz) = 88858
END-of-rssh/distinfo
echo x - rssh/Makefile
sed 's/^X//' >rssh/Makefile << 'END-of-rssh/Makefile'
X# New ports collection makefile for: rssh
X# Date created: Fri Apr 16 02:04:33 CEST 2004
X# Whom: enigmatyc
X#
X# $FreeBSD$
X#
X
XPORTNAME= rssh
XPORTVERSION= 2.1.1
XCATEGORIES= shells
XMASTER_SITES= http://heanet.dl.sourceforge.net/sourceforge/rssh/
X
XMAINTAINER= enigmatyc@laposte.net
XCOMMENT= a Restricted Secure SHell only for sftp or/and scp
X
XMAN1= rssh.1
X
XGNU_CONFIGURE= Yes
X
X.include <bsd.port.mk>
END-of-rssh/Makefile
echo c - rssh/files
mkdir -p rssh/files > /dev/null 2>&1
echo x - rssh/files/patch-util.c
sed 's/^X//' >rssh/files/patch-util.c << 'END-of-rssh/files/patch-util.c'
X--- util.c.orig Mon Jul 7 20:41:29 2003
X+++ util.c Fri Apr 16 01:28:16 2004
X@@ -1,9 +1,9 @@
X /*
X * util.c - utility functions for rssh
X- *
X+ *
X * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ).
X *
X- * This program is licensed under a BSD-style license, as follows:
X+ * This program is licensed under a BSD-style license, as follows:
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X@@ -66,10 +66,10 @@
X extern char *username;
X extern char *progname;
X
X-/*
X+/*
X * build_arg_vector() - return a pointer to a vector of strings which
X * represent the arguments of the command to execv().
X- */
X+ */
X char **build_arg_vector( char *str, size_t reserve )
X {
X
X@@ -77,18 +77,18 @@
X int retc;
X
X result.we_offs = reserve;
X- if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){
X+ if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){
X log_set_priority(LOG_ERR);
X switch( retc ){
X case WRDE_BADCHAR:
X case WRDE_CMDSUB:
X- fprintf(stderr, "%s: bad characters in arguments\n",
X+ fprintf(stderr, "%s: bad characters in arguments\n",
X progname);
X log_msg("user %s used bad chars in command",
X username);
X break;
X default:
X- fprintf(stderr, "%s: error expanding arguments\n",
X+ fprintf(stderr, "%s: error expanding arguments\n",
X progname);
X log_msg("error expanding arguments for user %s",
X username);
X@@ -105,7 +105,7 @@
X
X log_set_priority(LOG_ERR);
X /* determine which commands are usable for error message */
X- if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
X+ if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
X (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) )
X cmd = " to scp or sftp";
X else if ( flags & RSSH_ALLOW_SCP )
X@@ -147,7 +147,7 @@
X len = strlen(PATH_SFTP_SERVER);
X if ( cl_len < len ) len = cl_len;
X /* check to see if cl starts with an allowed command */
X- if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
X+ if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
X (isspace(cl[len]) || cl[len] == '\0') &&
X opts->shell_flags & RSSH_ALLOW_SFTP )
X return PATH_SFTP_SERVER;
X@@ -155,7 +155,7 @@
X len = 3;
X /* if cl_len is less than 3, then it's not a valid command */
X if ( cl_len < 3 ) return NULL;
X- if ( !(strncmp(cl, "scp", len)) &&
X+ if ( !(strncmp(cl, "scp", len)) &&
X (isspace(cl[len])) &&
X opts->shell_flags & RSSH_ALLOW_SCP ){
X return PATH_SCP;
X@@ -183,7 +183,7 @@
X len--;
X }
X if ( (strncmp(root, path, len)) ) return NULL;
X-
X+
X /*
X * path[len] is the first character of path which is not part of root.
X * If it is not '/' then we chopped path off in the middle of a path
X@@ -223,7 +223,7 @@
X * them. Returns the bits in the bool pointers of the
X * same name, and returns FALSE if the bits are not valid
X */
X-int validate_access( const char *temp, bool *allow_sftp,
X+int validate_access( const char *temp, bool *allow_sftp,
X bool *allow_scp )
X {
X char scp[2];
END-of-rssh/files/patch-util.c
echo x - rssh/pkg-descr
sed 's/^X//' >rssh/pkg-descr << 'END-of-rssh/pkg-descr'
Xrssh is a Restricted Secure SHell that allow only the use of sftp or scp.
XIt could be use when you need an account (and a valid shell) in order to
Xexecute sftp or scp but when you don't want to give the possibility to log
Xin to this user.
X
XFor more valid information go on :
Xwww.pizzashack.org/rssh/index.shtml
X
XEnjoy !
XFreeBSD is great !
X
X--
Xenigmatyc <enigmatyc@laposte.net>
END-of-rssh/pkg-descr
echo x - rssh/pkg-plist
sed 's/^X//' >rssh/pkg-plist << 'END-of-rssh/pkg-plist'
Xbin/rssh
Xetc/rssh.conf
Xlibexec/rssh_chroot_helper
END-of-rssh/pkg-plist
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404212055.i3LKtrs7034497>