/[pdpsoft]/nl.nikhef.ndpf.tools/sgmshell/sgmshell.cin
ViewVC logotype

Contents of /nl.nikhef.ndpf.tools/sgmshell/sgmshell.cin

Parent Directory Parent Directory | Revision Log Revision Log

Revision 24 - (show annotations) (download)
Wed Aug 27 08:56:23 2008 UTC (13 years, 11 months ago) by davidg
File size: 1128 byte(s) 
Better logging
1 #! /usr/bin/perl -w
2 #
3 use strict;
4 use File::Temp qw/ :mktemp /;
5
6 my $verbose=0;
7 my ($logf,$logfname);
8
9 $verbose and do {
10 ($logf,$logfname) = mkstemp( "/var/tmp/sgmshell.$$.XXXXX" );
11 };
12
13 my $logmsg = "starting sgmshell uid $< on ".(scalar gmtime)." with @ARGV\n";
14
15 $verbose and print $logf $logmsg;
16 system("logger -p daemon.notice -t sgmshell[$$] \'$logmsg\'");
17
18 ( (! defined $ARGV[0] ) or $ARGV[0] ne "-c" ) and do {
19 $verbose and print $logf "Terminating due to invalid invocation (argv0 is not -c)\n";
20 system("logger -p daemon.notice -t sgmshell[$$] \'interactive login without -c banned\'");
21 die "Invalid invocation\n";
22 };
23 shift @ARGV;
24
25 # verify validity of command
26 my $command = join ' ',@ARGV;
27 my $permitted=0;
28 foreach ( $command ) {
29 /^rsync --server( --sender)? -[a-zA-Z0-9]+ \. \/data\/esia\/\S+$/ and do {
30 @_ = split;
31 $permitted=1 unless $_[$#_]=~/\/\.\.\//;
32 };
33 }
34 $permitted or do {
35 $verbose and print $logf "denied command $command (".$ARGV[$#ARGV].")\n";
36 system("logger -p daemon.notice -t sgmshell[$$] \'denied command: $command\'");
37 die "Invalid invocation\n";
38 };
39
40 # execute it
41 exec @ARGV;
42
grid.support@nikhef.nl
 ViewVC Help
Powered by ViewVC 1.1.28