rdiff-backup-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Rdiff-backup-commits] Changes to rdiff-backup/rdiff_backup/Security.py

From: Ben Escoto
Subject: [Rdiff-backup-commits] Changes to rdiff-backup/rdiff_backup/Security.py
Date: Mon, 24 Oct 2005 13:16:07 -0400 
Index: rdiff-backup/rdiff_backup/Security.py
diff -u rdiff-backup/rdiff_backup/Security.py:1.26 
rdiff-backup/rdiff_backup/Security.py:1.27
--- rdiff-backup/rdiff_backup/Security.py:1.26  Sat Oct 22 02:41:51 2005
+++ rdiff-backup/rdiff_backup/Security.py       Mon Oct 24 17:16:05 2005
@@ -47,13 +47,17 @@
                                 'os.utime':0, 'os.lchown':0, 'os.link':1, 
'os.symlink':1,
                                 'os.mkdir':0, 'os.makedirs':0}
                                 
-
 def initialize(action, cmdpairs):
        """Initialize allowable request list and chroot"""
        global allowed_requests
        set_security_level(action, cmdpairs)
        set_allowed_requests(Globals.security_level)
 
+def reset_restrict_path(rp):
+       """Reset restrict path to be within rpath"""
+       assert rp.conn is Globals.local_connection
+       Globals.restrict_path = rp.normalize().path
+
 def set_security_level(action, cmdpairs):
        """If running client, set security level and restrict_path
 
@@ -137,8 +141,7 @@
                                  "Hardlink.initialize_dictionaries", 
"user_group.uid2uname",
                                  "user_group.gid2gname"])
        if sec_level == "read-only" or sec_level == "all":
-               l.extend(["fs_abilities.get_fsabilities_readonly",
-                                 "fs_abilities.get_fsabilities_restoresource",
+               l.extend(["fs_abilities.get_readonly_fsa",
                                  
"restore.MirrorStruct.set_mirror_and_rest_times",
                                  "restore.MirrorStruct.set_mirror_select",
                                  "restore.MirrorStruct.initialize_rf_cache",
@@ -161,14 +164,16 @@
                                  "Globals.ITRB.increment_stat",
                                  "statistics.record_error",
                                  "log.ErrorLog.write_if_open",
-                                 "fs_abilities.get_fsabilities_readwrite"])
+                                 "fs_abilities.backup_set_globals"])
        if sec_level == "all":
                l.extend(["os.mkdir", "os.chown", "os.lchown", "os.rename",
-                                 "os.unlink", "os.remove", "os.chmod",
+                                 "os.unlink", "os.remove", "os.chmod", 
"os.makedirs",
                                  "backup.DestinationStruct.patch",
                                  "restore.TargetStruct.get_initial_iter",
                                  "restore.TargetStruct.patch",
                                  "restore.TargetStruct.set_target_select",
+                                 "fs_abilities.restore_set_globals",
+                                 "fs_abilities.single_set_globals",
                                  "regress.Regress", 
"manage.delete_earlier_than_local"])
        if Globals.server:
                l.extend(["SetConnections.init_connection_remote",
@@ -200,8 +205,7 @@
        if security_level == "override": return
        if request.function_string in allowed_requests: return
        if request.function_string in ("Globals.set", "Globals.set_local"):
-               if Globals.server and arglist[0] not in 
disallowed_server_globals:
-                       return
+               if arglist[0] not in disallowed_server_globals: return
        raise_violation(request, arglist)
 
 def vet_rpath(rpath):
reply via email to
[Prev in Thread] Current Thread [Next in Thread]