diff options
| author | Wayne Davison <wayned@samba.org> | 2018-03-25 11:02:50 -0700 |
|---|---|---|
| committer | Wayne Davison <wayned@samba.org> | 2018-03-25 11:02:50 -0700 |
| commit | 5df9847f0610113fae06d82c17f3622d60fb57f6 (patch) | |
| tree | a216b6ccb7dcb31a47645eb6f5ddb2de0d98eacc | |
| parent | fb7a162f535a12b8f79d6e2b7c3adbb720385297 (diff) | |
| download | android_external_rsync-5df9847f0610113fae06d82c17f3622d60fb57f6.tar.gz android_external_rsync-5df9847f0610113fae06d82c17f3622d60fb57f6.tar.bz2 android_external_rsync-5df9847f0610113fae06d82c17f3622d60fb57f6.zip | |
Allow some pre-/post-xfer exec shell restrictions.
Support both RSYNC_SHELL & RSYNC_NO_XFER_EXEC environment variables.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | clientserver.c | 6 | ||||
| -rw-r--r-- | main.c | 27 | ||||
| -rw-r--r-- | rsync.yo | 4 | ||||
| -rw-r--r-- | rsyncd.conf.yo | 4 | ||||
| -rw-r--r-- | socket.c | 2 |
6 files changed, 37 insertions, 9 deletions
@@ -8,4 +8,5 @@ Changes since 3.1.3: ENHANCEMENTS: - - ... + - Added support for RSYNC_SHELL & RSYNC_NO_XFER_EXEC environment variables + that affect the pre-xfer exec and post-xfer exec rsync daemon options. diff --git a/clientserver.c b/clientserver.c index e2e2dc02..93c4457f 100644 --- a/clientserver.c +++ b/clientserver.c @@ -688,7 +688,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char log_init(1); #ifdef HAVE_PUTENV - if (*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) { + if ((*lp_prexfer_exec(i) || *lp_postxfer_exec(i)) && !getenv("RSYNC_NO_XFER_EXEC")) { int status; /* For post-xfer exec, fork a new process to run the rsync @@ -714,7 +714,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char else status = -1; set_env_num("RSYNC_EXIT_STATUS", status); - if (system(lp_postxfer_exec(i)) < 0) + if (shell_exec(lp_postxfer_exec(i)) < 0) status = -1; _exit(status); } @@ -758,7 +758,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char close(STDIN_FILENO); dup2(pre_exec_error_fd, STDOUT_FILENO); close(pre_exec_error_fd); - status = system(lp_prexfer_exec(i)); + status = shell_exec(lp_prexfer_exec(i)); if (!WIFEXITED(status)) _exit(1); _exit(WEXITSTATUS(status)); @@ -154,6 +154,27 @@ pid_t wait_process(pid_t pid, int *status_ptr, int flags) return waited_pid; } +int shell_exec(const char *cmd) +{ + char *shell = getenv("RSYNC_SHELL"); + int status; + pid_t pid; + + if (!shell) + return system(cmd); + + if ((pid = fork()) < 0) + return -1; + + if (pid == 0) { + execlp(shell, shell, "-c", cmd, NULL); + _exit(1); + } + + int ret = wait_process(pid, &status, 0); + return ret < 0 ? -1 : status; +} + /* Wait for a process to exit, calling io_flush while waiting. */ static void wait_process_with_flush(pid_t pid, int *exit_code_ptr) { @@ -1497,9 +1518,7 @@ const char *get_panic_action(void) if (cmd_fmt) return cmd_fmt; - else - return "xterm -display :0 -T Panic -n Panic " - "-e gdb /proc/%d/exe %d"; + return "xterm -display :0 -T Panic -n Panic -e gdb /proc/%d/exe %d"; } @@ -1520,7 +1539,7 @@ static void rsync_panic_handler(UNUSED(int whatsig)) /* Unless we failed to execute gdb, we allow the process to * continue. I'm not sure if that's right. */ - ret = system(cmd_buf); + ret = shell_exec(cmd_buf); if (ret) _exit(ret); } @@ -236,6 +236,10 @@ The command specified above uses ssh to run nc (netcat) on a proxyhost, which forwards all data to port 873 (the rsync daemon) on the targethost (%H). +Note also that if the RSYNC_SHELL environment varibable is set, that +program will be used to run the RSYNC_CONNECT_PROG command instead of +using the default shell of the system() call. + manpagesection(USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION) It is sometimes useful to use various features of an rsync daemon (such as diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo index 7326b42d..3076a492 100644 --- a/rsyncd.conf.yo +++ b/rsyncd.conf.yo @@ -812,6 +812,10 @@ Even though the commands can be associated with a particular module, they are run using the permissions of the user that started the daemon (not the module's uid/gid setting) without any chroot restrictions. +These settings honor 2 environment variables: use RSYNC_SHELL to set a shell to +use when running the command (which otherwise uses your system() call's default +shell), and use RSYNC_NO_XFER_EXEC to disable both options completely. + ) manpagesection(CONFIG DIRECTIVES) @@ -847,7 +847,7 @@ static int sock_exec(const char *prog) fprintf(stderr, "Failed to run \"%s\"\n", prog); exit(1); } - exit(system(prog)); + exit(shell_exec(prog)); } close(fd[1]); |