8 years ago · f958e37e9d
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ COPYRIGHT=© 2008-2011 Enrico Tassi <gares@fettunta.org>
 
				
				 BINARIES=mddiff smd-applet
			
 
				
				 MANPAGES1=mddiff.1 smd-server.1 smd-client.1 \
			
 
				
				 	 smd-pull.1 smd-push.1 smd-loop.1 smd-applet.1 smd-translate.1 \
			
 
				
				-	 smd-check-conf.1
			
 
				
				+	 smd-check-conf.1 smd-restricted-shell.1
			
 
				
				 MANPAGES5=smd-config.5
			
 
				
				 HTML=index.html design.html hooks.html
			
 
				
				 DESTDIR=
			
@@ -171,6 +171,7 @@ install-bin: $(BINARIES)
 
				
				 	$(call install-replacing,smd-push,bin)
			
 
				
				 	$(call install-replacing,smd-translate,bin)
			
 
				
				 	$(call install-replacing,smd-check-conf,bin)
			
 
				
				+	$(call install-replacing,smd-restricted-shell,bin)
			
 
				
				 	$(call install-replacing,smd-loop,bin)
			
 
				
				 	$(call install-replacing,smd-common,share/$(PROJECTNAME))
			
 
				
				 	$(call install-replacing,syncmaildir.lua,share/lua/$(LUAV))
			
--- a/README
+++ b/README
@@ -76,6 +76,8 @@ flexibility).
 
				
				   performs a quick check that a setup, especially when it involves
			
 
				
				   some folders renaming, actually works as expected. This tool is meant to
			
 
				
				   be manually called by the user to check a given configuration file.
			
 
				
				+- [`smd-restricted-shell`](smd-restricted-shell.1.html)
			
 
				
				+  ...
			
 
				
				 - [`smd-loop`](smd-loop.1.html) 
			
 
				
				   runs runs smd-push and smd-pull at regular intervals as defined
			
 
				
				   by the user in a configuration file, in the style of a crontab, but
			
--- a/smd-restricted-shell
+++ b/smd-restricted-shell
@@ -0,0 +1,26 @@
 
				
				+#!/bin/sh
			
 
				
				+#
			
 
				
				+# Released under the terms of GPLv3 or at your option any later version.
			
 
				
				+# No warranties.
			
 
				
				+# Copyright Enrico Tassi <gares@fettunta.org>
			
 
				
				+
			
 
				
				+set -e
			
 
				
				+#set -x
			
 
				
				+
			
 
				
				+PREFIX="@PREFIX@"
			
 
				
				+if [ `echo "$PREFIX" | cut -c -1` = "@" ]; then
			
 
				
				+	echo "smd-restricted-shell not installed, assuming PREFIX=."
			
 
				
				+	WHERE="./"
			
 
				
				+else
			
 
				
				+	WHERE="$PREFIX/bin"
			
 
				
				+fi
			
 
				
				+
			
 
				
				+# check that SSH_ORIGINAL_COMMAND contains only
			
 
				
				+# smd-client/smd-server
			
 
				
				+C=`echo $SSH_ORIGINAL_COMMAND | cut -f 1`
			
 
				
				+if [ "$C" != "$WHERE/smd-client" -a "$C" != "$WHERE/smd-server" ]; then
			
 
				
				+      exit 1
			
 
				
				+fi
			
 
				
				+
			
 
				
				+# we now run the smd command
			
 
				
				+exec $SSH_ORIGINAL_COMMAND
			
--- a/smd-restricted-shell.1.txt
+++ b/smd-restricted-shell.1.txt
@@ -0,0 +1,22 @@
 
				
				+NAME
			
 
				
				+  smd-restricted-shell - restricted shell for smd
			
 
				
				+
			
 
				
				+SYNOPSIS
			
 
				
				+  command="smd-restricted-shell" ssh-rsa ...
			
 
				
				+
			
 
				
				+DESCRIPTION
			
 
				
				+  This utility is meant to be used in conjunction with an ssh key.
			
 
				
				+  You can restrict the commands that are allowed to be executed on your
			
 
				
				+  remote host when the login is performed using a particular ssh key.
			
 
				
				+  Just prefix the line corresponding to that ssh key with
			
 
				
				+
			
 
				
				+    command="smd-restricted-shell"
			
 
				
				+
			
 
				
				+FILES
			
 
				
				+  ~/.ssh/authorized_keys
			
 
				
				+
			
 
				
				+SEE ALSO
			
 
				
				+  ssd(8)
			
 
				
				+
			
 
				
				+AUTHOR
			
 
				
				+  Enrico Tassi <gares@fettunta.org>