Added ssh_wrapper script to my scripts. Bumped to version 1.2.3

svn path=/local/; revision=428

3 files changed, 32 insertions, 2 deletions

diff --git a/z-distfiles/Makefile b/z-distfiles/Makefile
index 5d617f9..ed74175 100644
--- a/z-distfiles/Makefile
+++ b/z-distfiles/Makefile
@@ -1,5 +1,5 @@
 DOWNLOAD_DIR=/var/www/www.gunnarwrobel.de/htdocs/downloads/
-VERSION=1.2.2
+VERSION=1.2.3
 
 TAR=tar cvfj 
 TAREX=--exclude="CVS" --exclude=".svn" --exclude=*~
diff --git a/z-distfiles/scripts-gw/Makefile b/z-distfiles/scripts-gw/Makefile
index 1dd36c9..8932cbb 100644
--- a/z-distfiles/scripts-gw/Makefile
+++ b/z-distfiles/scripts-gw/Makefile
@@ -1,7 +1,7 @@
 DESTDIR=
 
 SBINSCRIPTS = SVN-dump SVN-monthly birthDay check-SUID tripUpdate SVN-daily check-ALLWRITE dailyRoutine mysql-dump-all
-BINSCRIPTS = emerge-single svm-replicate svm-expanded svm-start svn-add svn-del
+BINSCRIPTS = emerge-single svm-replicate svm-expanded svm-start svn-add svn-del ssh_wrapper
 
 all:
 	echo "No compilation necessary!"
diff --git a/z-distfiles/scripts-gw/ssh_wrapper b/z-distfiles/scripts-gw/ssh_wrapper
new file mode 100755
index 0000000..0d9a7b4
--- /dev/null
+++ b/z-distfiles/scripts-gw/ssh_wrapper
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# This script checks to make sure that an incoming SSH command is a
+# permitted command, and executes it if it is. If not, the script
+# simply exits, which will cause a read timeout at the other end of
+# the connection.
+#
+LOGFILE=${HOME}/.log/ssh.check
+
+check_run () {
+    if [ "$SSH_ORIGINAL_COMMAND" = "$1" ]; then
+	echo "Command OK!" >> $LOGFILE
+	exec $SSH_ORIGINAL_COMMAND
+	return 0
+    fi
+    echo "Command REJECTED!" >> $LOGFILE
+    return 1
+}
+
+/bin/date >> $LOGFILE
+echo "Remote command: ${SSH_ORIGINAL_COMMAND}" >> $LOGFILE
+
+if [ -d "${HOME}/.ssh_wrap" ]; then
+    for allowed in ${HOME}/.ssh_wrap/*
+    do
+      check_run `head -n 1 "${allowed}"`
+    done
+else
+    echo "No commands allowed!" >> $LOGFILE
+fi