Add rssh 2.1.1, a Restricted Secure SHell only for sftp or/and scp.

rssh is a Restricted Secure SHell that allow only the use of sftp or scp. It could be use when you need an account (and a valid shell) in order to execute sftp or scp but when you don't want to give the possibility to log in to this user. WWW: http://www.pizzashack.org/rssh/index.shtml PR: ports/65860 Submitted by: enigmatyc
svn path=/head/; revision=109638
2025-01-21 08:42:23 +00:00 · 2004-05-21 13:37:24 +00:00 · 2004-05-21 13:37:24 +00:00 · 288e67f0c1 · 2021-03-31 03:12:20 +00:00
commit 288e67f0c1
parent bb68d51003
6 changed files with 140 additions and 0 deletions
--- a/shells/Makefile
+++ b/shells/Makefile
@ -20,6 +20,7 @@
    SUBDIR += pdksh
    SUBDIR += perlsh
    SUBDIR += rc
+    SUBDIR += rssh
    SUBDIR += sash
    SUBDIR += scponly
    SUBDIR += tcshrc
--- a/shells/rssh/Makefile
+++ b/shells/rssh/Makefile
@ -0,0 +1,21 @@
+# New ports collection makefile for:	rssh
+# Date created:				Fri Apr 16 02:04:33 CEST 2004
+# Whom:					enigmatyc
+#
+# $FreeBSD$
+#
+
+PORTNAME=	rssh
+PORTVERSION=	2.1.1
+CATEGORIES=	shells security
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	${PORTNAME}
+
+MAINTAINER=	enigmatyc@laposte.net
+COMMENT=	A Restricted Secure SHell only for sftp or/and scp
+
+GNU_CONFIGURE=	yes
+MAN1=		rssh.1
+PLIST_FILES=	bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper
+
+.include <bsd.port.mk>
--- a/shells/rssh/distinfo
+++ b/shells/rssh/distinfo
@ -0,0 +1,2 @@
+MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139
+SIZE (rssh-2.1.1.tar.gz) = 88858
--- a/shells/rssh/files/patch-Makefile.in
+++ b/shells/rssh/files/patch-Makefile.in
@ -0,0 +1,13 @@
+--- Makefile.in.orig	Sun Jul 20 19:27:29 2003
+++ Makefile.in	Fri May 21 15:23:01 2004
+@@ -357,8 +357,8 @@
+ 	@list='$(dist_sysconf_DATA)'; for p in $$list; do \
+ 	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ 	  f="`echo $$p | sed -e 's|^.*/||'`"; \
+-	  echo " $(dist_sysconfDATA_INSTALL) $$d$$p $(DESTDIR)$(sysconfdir)/$$f"; \
+-	  $(dist_sysconfDATA_INSTALL) $$d$$p $(DESTDIR)$(sysconfdir)/$$f; \
+	  echo " $(dist_sysconfDATA_INSTALL) $$d$$p $(DESTDIR)$(sysconfdir)/$$f.dist"; \
+	  $(dist_sysconfDATA_INSTALL) $$d$$p $(DESTDIR)$(sysconfdir)/$$f.dist; \
+ 	done
+ 
+ uninstall-dist_sysconfDATA:
--- a/shells/rssh/files/patch-util.c
+++ b/shells/rssh/files/patch-util.c
@ -0,0 +1,94 @@
+--- util.c.orig	Mon Jul  7 20:41:29 2003
+++ util.c	Fri Apr 16 01:28:16 2004
+@@ -1,9 +1,9 @@
+ /*
+  * util.c - utility functions for rssh
+- * 
+ *
+  * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ).
+  *
+- * This program is licensed under a BSD-style license, as follows: 
+ * This program is licensed under a BSD-style license, as follows:
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -66,10 +66,10 @@
+ extern char *username;
+ extern char *progname;
+ 
+-/* 
+/*
+  * build_arg_vector() - return a pointer to a vector of strings which
+  *                      represent the arguments of the command to execv().
+- */                 
+ */
+ char **build_arg_vector( char *str, size_t reserve )
+ {
+ 
+@@ -77,18 +77,18 @@
+ 	int		retc;
+ 
+ 	result.we_offs = reserve;
+-	if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){
+	if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){
+ 		log_set_priority(LOG_ERR);
+ 		switch( retc ){
+ 		case WRDE_BADCHAR:
+ 		case WRDE_CMDSUB:
+-			fprintf(stderr, "%s: bad characters in arguments\n", 
+			fprintf(stderr, "%s: bad characters in arguments\n",
+ 				progname);
+ 			log_msg("user %s used bad chars in command",
+ 				username);
+ 			break;
+ 		default:
+-			fprintf(stderr, "%s: error expanding arguments\n", 
+			fprintf(stderr, "%s: error expanding arguments\n",
+ 				progname);
+ 			log_msg("error expanding arguments for user %s",
+ 				username);
+@@ -105,7 +105,7 @@
+ 
+ 	log_set_priority(LOG_ERR);
+ 	/* determine which commands are usable for error message */
+-	if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == 
+	if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
+ 			(RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) )
+ 		cmd = " to scp or sftp";
+ 	else if ( flags & RSSH_ALLOW_SCP )
+@@ -147,7 +147,7 @@
+ 	len = strlen(PATH_SFTP_SERVER);
+ 	if ( cl_len < len ) len = cl_len;
+ 	/* check to see if cl starts with an allowed command */
+-	if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && 
+	if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
+ 			(isspace(cl[len]) || cl[len] == '\0') &&
+ 			opts->shell_flags & RSSH_ALLOW_SFTP )
+ 		return PATH_SFTP_SERVER;
+@@ -155,7 +155,7 @@
+ 	len = 3;
+ 	/* if cl_len is less than 3, then it's not a valid command */
+ 	if ( cl_len < 3 ) return NULL;
+-	if ( !(strncmp(cl, "scp", len)) && 
+	if ( !(strncmp(cl, "scp", len)) &&
+ 			(isspace(cl[len])) &&
+ 			opts->shell_flags & RSSH_ALLOW_SCP ){
+ 		return PATH_SCP;
+@@ -183,7 +183,7 @@
+ 		len--;
+ 	}
+ 	if ( (strncmp(root, path, len)) ) return NULL;
+-	
+
+ 	/*
+ 	 * path[len] is the first character of path which is not part of root.
+ 	 * If it is not '/' then we chopped path off in the middle of a path
+@@ -223,7 +223,7 @@
+  *                     them.  Returns the bits in the bool pointers of the
+  *                     same name, and returns FALSE if the bits are not valid
+  */
+-int validate_access( const char *temp, bool *allow_sftp, 
+int validate_access( const char *temp, bool *allow_sftp,
+ 		     bool *allow_scp )
+ {
+ 	char	scp[2];
--- a/shells/rssh/pkg-descr
+++ b/shells/rssh/pkg-descr
@ -0,0 +1,9 @@
+rssh is a Restricted Secure SHell that allow only the use of sftp or scp.
+It could be use when you need an account (and a valid shell) in order to
+execute sftp or scp but when you don't want to give the possibility to log
+in to this user.
+
+WWW: http://www.pizzashack.org/rssh/index.shtml
+
+- enigmatyc
+enigmatyc@laposte.net