From 5dcdf7e4109fd052db10d92181ceb9074346fd0d Mon Sep 17 00:00:00 2001 From: Aaron Ball Date: Sun, 11 Jul 2021 21:06:15 -0600 Subject: Improve support and security for custom commands --- src/main.c | 49 +++++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/src/main.c b/src/main.c index 9480cd1..e24c409 100644 --- a/src/main.c +++ b/src/main.c @@ -135,9 +135,9 @@ int line_in_file(char* path, char* line) { * @return 1 if is a git command, 0 if not */ int is_git_cmd(char* str) { - if(strcmp(str, "git-upload-pack") == 0 - || strcmp(str, "git-upload-archive") == 0 - || strcmp(str, "git-receive-pack") == 0) + if(strncmp(str, "git-upload-pack ", 16) == 0 + || strncmp(str, "git-upload-archive ", 19) == 0 + || strncmp(str, "git-receive-pack ", 17) == 0) return 1; return 0; } @@ -193,9 +193,9 @@ int validate_git(char *user, char *repo) { int main(int argc, char* argv[]) { char cmd[128]; // Buffer for the first cmd in SSH_ORIGINAL_COMMAND char repo[128]; // Buffer for the repo path (from SSH_ORIGINAL_COMMAND) - char gitsh[512]; // Buffer for the git-shell cmd (from SSH_ORIGINAL_COMMAND) + char finalcmd[512]; // Buffer for the final cmd (from SSH_ORIGINAL_COMMAND) char* user; - char msg[512]; + char msg[1024]; // Ensure username is specified if(argc == 1) { @@ -214,29 +214,38 @@ int main(int argc, char* argv[]) { return 1; } - // Read the first command in the ssh - sscanf(getenv("SSH_ORIGINAL_COMMAND"), "%128s '%128[^']'[^\n]", cmd, repo); - - if(is_git_cmd(cmd)) { + if(is_git_cmd(getenv("SSH_ORIGINAL_COMMAND"))) { + // End user requested a git command + sscanf(getenv("SSH_ORIGINAL_COMMAND"), "%128s '%128[^']'[^\n]", cmd, repo); // Read the repo path (command argument) if(!validate_git(user, repo)) { - sprintf(msg, "[%s][%s] attempted invalid git command \"%s\"", \ + sprintf(msg, "[%s][%s] attempted invalid git command \"%s\"", user, repo, cmd); logmsg(msg); return 1; } - } else if(! is_allowed_cmd(cmd)) { - sprintf(msg, "[%s][%s] attempted disallowed command \"%s\"", \ - user, repo, cmd); + + sprintf(finalcmd, "/usr/bin/env git-shell -c \"%s '%s'\"", cmd, repo); + sprintf(msg, "[%s][%s] executed \"%s\"", user, repo, finalcmd); logmsg(msg); - fprintf(stderr, "Command '%s' is not allowed\n", cmd); - return 1; - } - sprintf(msg, "[%s][%s] executed \"%s\"", user, repo, cmd); - logmsg(msg); - sprintf(gitsh, "/usr/bin/env git-shell -c \"%s '%s'\"", cmd, repo); - system(gitsh); + } else { + // End user requested a non-git command (must be in git-shell-commands) + sscanf(getenv("SSH_ORIGINAL_COMMAND"), "%128s [^\n]", cmd); + if(! is_allowed_cmd(cmd)) { + sprintf(msg, "[%s] attempted disallowed command \"%s\"", user, cmd); + logmsg(msg); + fprintf(stderr, "Command '%s' is not allowed\n", cmd); + return 1; + } + + sprintf(finalcmd, "%s/git-shell-commands/%s", + getenv("HOME"), + getenv("SSH_ORIGINAL_COMMAND")); + sprintf(msg, "[%s] executed \"%s\"", user, finalcmd); + logmsg(msg); + } + system(finalcmd); return 0; } -- cgit v1.2.3