Add rule_type=rsync; Add pcre for file definitions #10
Conversation
Basic configuration of rsync via the yaml configuration. This should prevent anything from running without the --server flag. Also added the option to define pcre's for file names, so you can define wildcards, etc.
|
You have encouraged me to get off my duff. I've got the bulk of rsync support in a branch I've failed to push up. Give me a week to finish up the unit tests and I'd love to get your eyes on it. |
|
Hey, that would be great. My code was really just to get some basic functionality, but it doesn't do any extensive argument parsing. If you could however add my portion of the preg_match for file-names as well, that would be helpful. |
|
Can you check out the new rsync functionality - should meet your needs. |
| @@ -386,12 +386,93 @@ def find_match_scp(self, rule): # pylint: disable-msg=R0911,R0912 | |||
| files = rule.get('files') | |||
| if not isinstance(files, list): | |||
| files = [files] | |||
| if filepath not in files: | |||
| if rule.get('pcre_match'): | |||
There was a problem hiding this comment.
Can we be more clear that this is a pcre against the filename.
Rather than overloading 'files' lets add a new one, path_pcre (this will mirror the path_startswith that came in latest version)
files:
- foo.txt
- bar.txt
paths_pcre:
- foo.*txt
Alternatively, if you don't actually need pcre and glob works then use path_glob - there is also now glob support in authprogs.py, which is used by rsync.
| self.log( | ||
| 'scp denied - file "{}" - not in approved ' | ||
| 'list {}\n'.format(filepath, files) | ||
| 'regex {}\n'.format( filepath, files ) |
There was a problem hiding this comment.
Additional needs:
- unit tests
- update to doc/authprogs.md (man page)
Basic configuration of rsync via the yaml configuration. This should prevent anything from running without the --server flag.
Also added the option to define pcre's for file names, so you can define wildcards, etc.