int main (int argc, char **argv) { char *evas = NULL; struct invocable *i = NULL; char *b = NULL; char *sargv = NULL; evas = getenv (_GLUSTERD_CALLED_); if (evas && strcmp (evas, "1") == 0) /* OK, we know glusterd called us, no need to look for further config * ... altough this conclusion should not inherit to our children */ unsetenv (_GLUSTERD_CALLED_); else { /* we regard all gsyncd invocations unsafe * that do not come from glusterd and * therefore restrict it */ restricted = 1; if (!getenv (_GSYNCD_DISPATCHED_)) { evas = getenv ("SSH_ORIGINAL_COMMAND"); if (evas) sargv = evas; else { evas = getenv ("SHELL"); if (evas && strcmp (basename (evas), "gsyncd") == 0 && argc == 3 && strcmp (argv[1], "-c") == 0) sargv = argv[2]; } } } if (!(sargv && restricted)) return invoke_gsyncd (argc, argv); argc = str2argv (sargv, &argv); if (argc == -1 || setenv (_GSYNCD_DISPATCHED_, "1", 1) == -1) { fprintf (stderr, "internal error\n"); return 1; } b = basename (argv[0]); for (i = invocables; i->name; i++) { if (strcmp (b, i->name) == 0) return i->invoker (argc, argv); } fprintf (stderr, "invoking %s in restricted SSH session is not allowed\n", b); return 1; }
int main (int argc, char **argv) { int ret = -1; char *evas = NULL; struct invocable *i = NULL; char *b = NULL; char *sargv = NULL; #ifdef USE_LIBGLUSTERFS glusterfs_ctx_t *ctx = NULL; ctx = glusterfs_ctx_new (); if (!ctx) return ENOMEM; if (glusterfs_globals_init (ctx)) return 1; THIS->ctx = ctx; ret = default_mem_acct_init (THIS); if (ret) { fprintf (stderr, "internal error: mem accounting failed\n"); return 1; } #endif evas = getenv (_GLUSTERD_CALLED_); if (evas && strcmp (evas, "1") == 0) /* OK, we know glusterd called us, no need to look for further config *...although this conclusion should not inherit to our children */ unsetenv (_GLUSTERD_CALLED_); else { /* we regard all gsyncd invocations unsafe * that do not come from glusterd and * therefore restrict it */ restricted = 1; if (!getenv (_GSYNCD_DISPATCHED_)) { evas = getenv ("SSH_ORIGINAL_COMMAND"); if (evas) sargv = evas; else { evas = getenv ("SHELL"); if (evas && strcmp (basename (evas), "gsyncd") == 0 && argc == 3 && strcmp (argv[1], "-c") == 0) sargv = argv[2]; } } } if (!(sargv && restricted)) return invoke_gsyncd (argc, argv); argc = str2argv (sargv, &argv); if (argc == -1 || setenv (_GSYNCD_DISPATCHED_, "1", 1) == -1) { fprintf (stderr, "internal error\n"); return 1; } b = basename (argv[0]); for (i = invocables; i->name; i++) { if (strcmp (b, i->name) == 0) return i->invoker (argc, argv); } fprintf (stderr, "invoking %s in restricted SSH session is not allowed\n", b); free(argv); return 1; }