StephanSainleger
/
0k-charms
forked from 0k/0k-charms
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
432 Commits
13 Branches
0 Tags
107 MiB
Tree: 2bac396242
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2bac396242'
${ noResults }
0k-charms/rsync-backup-target/build/src/usr/local/sbin/ssh-admin-cmd-validate

88 lines
2.8 KiB
Raw Normal View History

new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] backup groups allow key management delegation Each backup endpoint is now part of a backup group. Each backup group can be managed by ad-hoc and separate account. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
new: [rsync-backup-target] allow dynamic management of backup keys Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
3 years ago
  1. #!/bin/bash
  3. ## Note that the shebang is not used, but it's the login shell that
  4. ## will execute this command.
  6. exname=$(basename "$0")
  8. mkdir -p /var/log/rsync
  10. LOG="/var/log/rsync/$exname.log"
  13. ssh_connection=(${SSH_CONNECTION})
  14. SSH_SOURCE_IP="${ssh_connection[0]}:${ssh_connection[1]}"
  16. log() {
  17. printf "%s [%s] %s - %s\n" \
  18. "$(date --rfc-3339=seconds)" "$$" "$SSH_SOURCE_IP" "$*" \
  19. >> "$LOG"
  20. }
  22. log "NEW ADMIN CONNECTION"
  24. if [ -z "$1" ] || ! [[ "$1" =~ ^[a-zA-Z0-9._-]+$ ]]; then
  25. log "INVALID SETUP, ARG IS: '$1'"
  26. echo "Your command has been rejected. Contact administrator."
  27. exit 1
  28. fi
  30. label="$1"
  33. reject() {
  34. log "REJECTED: $SSH_ORIGINAL_COMMAND"
  35. # echo "ORIG: $SSH_ORIGINAL_COMMAND" >&2
  36. echo "Your command has been rejected and reported to sys admin." >&2
  37. exit 1
  38. }
  41. if [[ "$SSH_ORIGINAL_COMMAND" =~ [\&\(\{\;\<\>\`\$\}] ]]; then
  42. log "BAD CHARS DETECTED"
  43. # echo "Bad chars: $SSH_ORIGINAL_COMMAND" >&2
  44. reject
  45. fi
  47. if [[ "$SSH_ORIGINAL_COMMAND" =~ ^"ssh-key add ssh-rsa "[a-zA-Z0-9/+]+" "[a-zA-Z0-9._-]+"@"[a-zA-Z0-9._-]+""$ ]]; then
  48. log "ACCEPTED: $SSH_ORIGINAL_COMMAND"
  50. ## Interpret \ to allow passing spaces (want to avoid possible issue with \n)
  51. #read -a ssh_args <<< "${SSH_ORIGINAL_COMMAND}"
  52. ssh_args=(${SSH_ORIGINAL_COMMAND})
  54. # echo "Would accept: $SSH_ORIGINAL_COMMAND" >&2
  55. exec sudo /usr/local/sbin/ssh-key add "$label" "${ssh_args[@]:2}"
  56. elif [[ "$SSH_ORIGINAL_COMMAND" =~ ^"ssh-key ls"$ ]]; then
  57. log "ACCEPTED: $SSH_ORIGINAL_COMMAND"
  59. ## Interpret \ to allow passing spaces (want to avoid possible issue with \n)
  60. #read -a ssh_args <<< "${SSH_ORIGINAL_COMMAND}"
  61. ssh_args=(${SSH_ORIGINAL_COMMAND})
  63. # echo "Would accept: $SSH_ORIGINAL_COMMAND" >&2
  64. exec /usr/local/sbin/ssh-key ls "$label" "${ssh_args[@]:2}"
  65. elif [[ "$SSH_ORIGINAL_COMMAND" =~ ^"ssh-key rm "[a-zA-Z0-9._-]+$ ]]; then
  66. log "ACCEPTED: $SSH_ORIGINAL_COMMAND"
  68. ## Interpret \ to allow passing spaces (want to avoid possible issue with \n)
  69. #read -a ssh_args <<< "${SSH_ORIGINAL_COMMAND}"
  70. ssh_args=(${SSH_ORIGINAL_COMMAND})
  72. # echo "Would accept: $SSH_ORIGINAL_COMMAND" >&2
  73. exec sudo /usr/local/sbin/ssh-key rm "$label" "${ssh_args[@]:2}"
  74. else
  76. log "NOT MATCHING ANY ALLOWED COMMAND"
  77. reject
  78. fi
  80. ## For other commands, like `find` or `md5`, that could be used to
  81. ## challenge the backups and check that archive is actually
  82. ## functional, I would suggest to write a simple command that takes no
  83. ## arguments, so as to prevent allowing wildcards or suspicious
  84. ## contents. Letting `find` go through is dangerous for instance
  85. ## because of the `-exec`. And path traversal can be done also when
  86. ## allowing /my/path/* by using '..'. This is why a fixed purpose
  87. ## embedded executable will be much simpler to handle, and to be honest
  88. ## we don't need much more.