[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[rdiff-backup-users] Update to that path prefixing patch
From: |
Charles Duffy |
Subject: |
[rdiff-backup-users] Update to that path prefixing patch |
Date: |
Tue, 16 Aug 2005 11:33:26 -0500 |
User-agent: |
Mozilla Thunderbird 1.0.2 (Windows/20050317) |
Charles Duffy wrote:
Going back to the path-prefixing feature, I have a patch that appears
to work under *very light* testing
...which, on further light testing, has turned up some issues (caused,
roughly, by os.path.join trying to be excessively smart).
An updated version is attached.
diff -ru rdiff-backup-1.0.0/rdiff_backup/Globals.py
/usr/lib/python2.3/site-packages/rdiff_backup/Globals.py
--- rdiff-backup-1.0.0/rdiff_backup/Globals.py 2005-08-14 01:12:55.000000000
-0500
+++ /usr/lib/python2.3/site-packages/rdiff_backup/Globals.py 2005-08-16
10:19:17.000000000 -0500
@@ -215,6 +215,9 @@
# If set, exit with error instead of dropping ACLs or ACL entries.
never_drop_acls = None
+# If running as a server, append this prefix to all paths used.
+path_prefix = ""
+
def get(name):
"""Return the value of something in this module"""
diff -ru rdiff-backup-1.0.0/rdiff_backup/Main.py
/usr/lib/python2.3/site-packages/rdiff_backup/Main.py
--- rdiff-backup-1.0.0/rdiff_backup/Main.py 2005-08-14 01:12:55.000000000
-0500
+++ /usr/lib/python2.3/site-packages/rdiff_backup/Main.py 2005-08-16
10:19:17.000000000 -0500
@@ -62,7 +62,7 @@
"exclude-filelist-stdin", "exclude-globbing-filelist=",
"exclude-globbing-filelist-stdin", "exclude-mirror=",
"exclude-other-filesystems", "exclude-regexp=",
- "exclude-special-files", "force", "group-mapping-file=",
+ "exclude-special-files", "force", "force-path-prefix=",
"group-mapping-file=",
"include=", "include-filelist=", "include-filelist-stdin",
"include-globbing-filelist=",
"include-globbing-filelist-stdin", "include-regexp=",
@@ -115,6 +115,7 @@
"standard
input"))
select_files.append(sys.stdin)
elif opt == "--force": force = 1
+ elif opt == "--force-path-prefix": Globals.path_prefix =
normalize_path(arg)
elif opt == "--group-mapping-file": group_mapping_filename = arg
elif (opt == "--include" or
opt == "--include-special-files" or
diff -ru rdiff-backup-1.0.0/rdiff_backup/Security.py
/usr/lib/python2.3/site-packages/rdiff_backup/Security.py
--- rdiff-backup-1.0.0/rdiff_backup/Security.py 2005-08-14 01:12:55.000000000
-0500
+++ /usr/lib/python2.3/site-packages/rdiff_backup/Security.py 2005-08-16
11:03:35.656435000 -0500
@@ -21,6 +21,7 @@
import sys, tempfile
import Globals, Main, rpath, log
+import os.path
class Violation(Exception):
"""Exception that indicates an improper request has been received"""
@@ -177,11 +178,21 @@
def vet_request(request, arglist):
"""Examine request for security violations"""
- #if Globals.server: sys.stderr.write(str(request) + "\n")
+ #if Globals.server: sys.stderr.write("Vetting request (%s), %s [%s]\n"
% (str(request), str(arglist), repr([type(arg) for arg in arglist])))
security_level = Globals.security_level
+ if Globals.server and Globals.path_prefix:
+ for arg in arglist:
+ if isinstance(arg, rpath.RPath):
+ #sys.stderr.write("Adding prefix %s to RPath
(%s,%s)\n" % (repr(Globals.path_prefix), repr(arg.base), repr(arg.path)))
+ arg.base = os.path.normpath(Globals.path_prefix
+ os.sep + arg.base)
+ arg.path = os.path.normpath(Globals.path_prefix
+ os.sep + arg.path)
+ elif isinstance(arg, str) and request.function_string
in ['os.mkdir', 'os.listdir', 'os.chmod', 'C.make_file_dict']:
+ arglist[arglist.index(arg)] =
os.path.normpath(Globals.path_prefix + os.sep + arg)
+ #sys.stderr.write("Modified request (%s), %s [%s]\n" %
(str(request), str(arglist), repr([type(arg) for arg in arglist])))
if Globals.restrict_path:
for arg in arglist:
if isinstance(arg, rpath.RPath): vet_rpath(arg)
+ #elif isinstance(arg, str): sys.stderr.write("Not
vetting %s against restricted path list\n" % arg)
if security_level == "all": return
if request.function_string in allowed_requests: return
if request.function_string in ("Globals.set", "Globals.set_local"):
- [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/16
- [rdiff-backup-users] Update to that path prefixing patch,
Charles Duffy <=
- Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Ben Escoto, 2005/08/17
- Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/17
- Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Ben Escoto, 2005/08/18
- Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/18
- Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Ben Escoto, 2005/08/20
- Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/20