static inline bool script_dir_allowed(JCR *jcr, RUNSCRIPT *script, alist *allowed_script_dirs) { char *bp, *allowed_script_dir; bool allowed = false; POOL_MEM script_dir(PM_FNAME); /* * If there is no explicit list of allowed dirs allow any dir. */ if (!allowed_script_dirs) { return true; } /* * Determine the dir the script is in. */ pm_strcpy(script_dir, script->command); if ((bp = strrchr(script_dir.c_str(), '/'))) { *bp = '\0'; } /* * Match the path the script is in against the list of allowed script directories. */ foreach_alist(allowed_script_dir, allowed_script_dirs) { if (bstrcasecmp(script_dir.c_str(), allowed_script_dir)) { allowed = true; break; } } return allowed; }
static inline bool script_dir_allowed(JCR *jcr, RUNSCRIPT *script, alist *allowed_script_dirs) { char *bp, *allowed_script_dir; bool allowed = false; POOL_MEM script_dir(PM_FNAME); /* * If there is no explicit list of allowed dirs allow any dir. */ if (!allowed_script_dirs) { return true; } /* * Determine the dir the script is in. */ pm_strcpy(script_dir, script->command); if ((bp = strrchr(script_dir.c_str(), '/'))) { *bp = '\0'; } /* * Make sure there are no relative path elements in script dir by which the * user tries to escape the allowed dir checking. For scripts we only allow * absolute paths. */ if (strstr(script_dir.c_str(), "..")) { Dmsg1(200, "script_dir_allowed: relative pathnames not allowed: %s\n", script_dir.c_str()); return false; } /* * Match the path the script is in against the list of allowed script directories. */ foreach_alist(allowed_script_dir, allowed_script_dirs) { if (bstrcasecmp(script_dir.c_str(), allowed_script_dir)) { allowed = true; break; } } Dmsg2(200, "script_dir_allowed: script %s %s allowed by Allowed Script Dir setting", script->command, (allowed) ? "" : "NOT"); return allowed; }