From: Ian Kelling Date: Sat, 25 May 2024 01:39:32 +0000 (-0400) Subject: harden. update host names X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=ae95a1a3b5f9ff33f52d359b0c8ed2a9f16556e1;p=ansible-inputs.git harden. update host names --- diff --git a/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh b/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh index 634847e..12d5e4f 100755 --- a/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh +++ b/roles/kvmhost/files/simple/usr/local/bin/savannah-virsh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -r # We follow the GNU license recommendations at # https://www.gnu.org/licenses/license-recommendations.en.html. They # recommend that small programs, < 300 lines, be licensed under the @@ -25,33 +25,42 @@ ## Managed by Ansible, changes will be overwritten ## - - set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +regex='^[a-z. ]*$' + # restricted ssh does not allow arguments, but they exist in this env variable. -if [[ $SSH_ORIGINAL_COMMAND ]]; then - set -- ${SSH_ORIGINAL_COMMAND#* } -fi +# The var comes with a leading space, remove it. +args="${SSH_ORIGINAL_COMMAND#* }" -if [[ $# != 2 ]]; then - echo "error: bad argument" >&2; exit 1 +if [[ ! $args =~ $regex ]]; then + echo "error: bad argument. args=$args" >&2; exit 1 fi -case "$1" in - list|console|reboot|reset|start|destroy) true ;; +arg1="${args%% *}" + +case "$arg1" in + list) + virsh list --name + exit 0 + ;; + console|reboot|reset|start|destroy) true ;; *) echo "error: bad argument" >&2; exit 1 ;; esac -case "$2" in - *.savannah.gnu.org|debbugs2p.gnu.org|debbugs.gnu.org|emacsconfmedia0p.gnu.org|jitsi*.fsf.org|sourcehut.gnu.org) +# just 2 args, so split the space. +arg2="${args## *}" + + +case "$arg2" in + *.savannah.gnu.org|debbugs2p.gnu.org|debbugs.gnu.org|emacsconfmedia0p.gnu.org|jitsi*.fsf.org|verandah.gnu.org) true ;; *) echo "error: bad argument" >&2; exit 1 ;; esac -virsh "$1" "$2" +virsh "$arg1" "$arg2"