static inline bool script_dir_allowed(JCR *jcr, RUNSCRIPT *script, alist *allowed_script_dirs)
{
char *bp, *allowed_script_dir;
bool allowed = false;
POOL_MEM script_dir(PM_FNAME);
/*
* If there is no explicit list of allowed dirs allow any dir.
*/
if (!allowed_script_dirs) {
return true;
}
/*
* Determine the dir the script is in.
*/
pm_strcpy(script_dir, script->command);
if ((bp = strrchr(script_dir.c_str(), '/'))) {
*bp = '\0';
}
/*
* Match the path the script is in against the list of allowed script directories.
*/
foreach_alist(allowed_script_dir, allowed_script_dirs) {
if (bstrcasecmp(script_dir.c_str(), allowed_script_dir)) {
allowed = true;
break;
}
}
return allowed;
}
static inline bool script_dir_allowed(JCR *jcr, RUNSCRIPT *script, alist *allowed_script_dirs)
{
char *bp, *allowed_script_dir;
bool allowed = false;
POOL_MEM script_dir(PM_FNAME);
/*
* If there is no explicit list of allowed dirs allow any dir.
*/
if (!allowed_script_dirs) {
return true;
}
/*
* Determine the dir the script is in.
*/
pm_strcpy(script_dir, script->command);
if ((bp = strrchr(script_dir.c_str(), '/'))) {
*bp = '\0';
}
/*
* Make sure there are no relative path elements in script dir by which the
* user tries to escape the allowed dir checking. For scripts we only allow
* absolute paths.
*/
if (strstr(script_dir.c_str(), "..")) {
Dmsg1(200, "script_dir_allowed: relative pathnames not allowed: %s\n", script_dir.c_str());
return false;
}
/*
* Match the path the script is in against the list of allowed script directories.
*/
foreach_alist(allowed_script_dir, allowed_script_dirs) {
if (bstrcasecmp(script_dir.c_str(), allowed_script_dir)) {
allowed = true;
break;
}
}
Dmsg2(200, "script_dir_allowed: script %s %s allowed by Allowed Script Dir setting",
script->command, (allowed) ? "" : "NOT");
return allowed;
}
