switch to Python 3; allow command verifiers to change the command

[schsh.git] / schsh

diff --git a/schsh b/schsh
index 270691e3b77844a1acc94086b985d0f848e7e100..f96e69564275e9c47115217f9dc3fbd01cff438f 100755 (executable)
--- a/schsh
+++ b/schsh
@@ -1,9 +1,27 @@
-#!/usr/bin/python
+#!/usr/bin/python3

 #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
 # Configuration
 shell = None # set to "/bin/bash" or similar to allow shell access
 #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
 # Configuration
 shell = None # set to "/bin/bash" or similar to allow shell access

-allowCommands = ["scp", "rsync", "/usr/lib/openssh/sftp-server"]
-commandPaths = ["/usr/bin", "/bin"]
+
+def allowSCP(run, runstr):
+       if len(run) != 3: return False
+       if run[0] != "scp": return False
+       if run[1] not in ("-f", "-t"): return False
+       if run[2].startswith('-'): return False
+       run[0] = "/usr/bin/scp"
+       return True
+
+def allowRSync(run, runstr):
+       if len(run) < 3: return False
+       if run[0] != "rsync": return False
+       if run[1] != "--server": return False
+       run[0] = "/usr/bin/rsync"
+       return True
+
+def allowSFTP(run, runstr):
+       return runstr == "/usr/lib/openssh/sftp-server"
+
+allowCommands = [allowSCP, allowRSync, allowSFTP]

 
 # END of Configuration
 #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
 
 # END of Configuration
 #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#


@@ -27,35 +45,30 @@ def logquit(msg):
        log(msg, logging.ERROR)
        sys.exit(1)
 
        log(msg, logging.ERROR)
        sys.exit(1)
 

-def addPath(prog):
-       if prog.startswith("/"):
-               return prog
-       # look for it in the paths
-       for path in commandPaths:
-               fullprog = os.path.join(path, prog)
-               if os.path.exists(fullprog):
-                       return fullprog
-       return None
+def commandAllowed(run, runstr):
+       for allowed in allowCommands:
+               if allowed(run, runstr):
+                       return True
+       return False

 
 # parse arguments
 run = []
 if len(sys.argv) == 1:
        if shell is None:
 
 # parse arguments
 run = []
 if len(sys.argv) == 1:
        if shell is None:

-               print "No shell for you!"
+               print("No shell for you!")

                logquit("Shell access not allowed")
        else:
                run = [shell]
 elif len(sys.argv) == 3 and sys.argv[1] == "-c":
        # check if the command is allowed, and add path
        run = shlex.split(sys.argv[2])
                logquit("Shell access not allowed")
        else:
                run = [shell]
 elif len(sys.argv) == 3 and sys.argv[1] == "-c":
        # check if the command is allowed, and add path
        run = shlex.split(sys.argv[2])

-       if len(run) > 0 and run[0] in allowCommands:
-               run[0] = addPath(run[0])
+       if commandAllowed(run, sys.argv[2]): # this may change run, but that's okay

                log("Running '"+str(run)+"'")
        else:
                log("Running '"+str(run)+"'")
        else:

-               print "You are not allowed to run this command."
+               print("You are not allowed to run this command.")

                logquit("Attempt to run invalid command '"+sys.argv[2]+"'")
 else:
        logquit("Invalid arguments for schsh: "+str(sys.argv))
 
 assert len(run) > 0
                logquit("Attempt to run invalid command '"+sys.argv[2]+"'")
 else:
        logquit("Invalid arguments for schsh: "+str(sys.argv))
 
 assert len(run) > 0

-os.execl("/usr/bin/schroot", "/usr/bin/schroot", "-c", "user-"+get_username(), "-d", "/data", "--", *run)
+os.execl("/usr/bin/schroot", "/usr/bin/schroot", "-c", "schsh-"+get_username(), "-d", "/data", "--", *run)