/[pdpsoft]/nl.nikhef.ndpf.tools/sgmshell/sgmshell.cin
ViewVC logotype

Annotation of /nl.nikhef.ndpf.tools/sgmshell/sgmshell.cin

Parent Directory Parent Directory | Revision Log Revision Log


Revision 24 - (hide annotations) (download)
Wed Aug 27 08:56:23 2008 UTC (14 years, 1 month ago) by davidg
File size: 1128 byte(s)
Better logging

1 davidg 23 #! /usr/bin/perl -w
2     #
3     use strict;
4     use File::Temp qw/ :mktemp /;
5    
6     my $verbose=0;
7 davidg 24 my ($logf,$logfname);
8 davidg 23
9 davidg 24 $verbose and do {
10     ($logf,$logfname) = mkstemp( "/var/tmp/sgmshell.$$.XXXXX" );
11     };
12 davidg 23
13     my $logmsg = "starting sgmshell uid $< on ".(scalar gmtime)." with @ARGV\n";
14 davidg 24
15 davidg 23 $verbose and print $logf $logmsg;
16 davidg 24 system("logger -p daemon.notice -t sgmshell[$$] \'$logmsg\'");
17 davidg 23
18 davidg 24 ( (! defined $ARGV[0] ) or $ARGV[0] ne "-c" ) and do {
19     $verbose and print $logf "Terminating due to invalid invocation (argv0 is not -c)\n";
20     system("logger -p daemon.notice -t sgmshell[$$] \'interactive login without -c banned\'");
21 davidg 23 die "Invalid invocation\n";
22     };
23     shift @ARGV;
24    
25     # verify validity of command
26     my $command = join ' ',@ARGV;
27     my $permitted=0;
28     foreach ( $command ) {
29     /^rsync --server( --sender)? -[a-zA-Z0-9]+ \. \/data\/esia\/\S+$/ and do {
30     @_ = split;
31     $permitted=1 unless $_[$#_]=~/\/\.\.\//;
32     };
33     }
34     $permitted or do {
35 davidg 24 $verbose and print $logf "denied command $command (".$ARGV[$#ARGV].")\n";
36     system("logger -p daemon.notice -t sgmshell[$$] \'denied command: $command\'");
37 davidg 23 die "Invalid invocation\n";
38     };
39    
40     # execute it
41     exec @ARGV;
42    

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28