From 9741cd3b9ee5606f5fdbbb70cd9d951bb94c9b47 Mon Sep 17 00:00:00 2001
From: deajan <ozy@badministrateur.com>
Date: Sun, 23 Jun 2013 13:53:22 +0200
Subject: [PATCH] ssh commands filter update

---
 CHANGELOG.md          |  2 ++
 obackup_ssh_filter.sh | 27 +++++++++++++++++----------
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ed6f879..c9bf89a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,7 @@
 ## Latest changelog
 
+- 23/06/2013 v 1.84 RC1 approaching
+- Added ssh commands filter, updated documentation
 - Rewrote local space check function
 - Added ability to run another executable than rsync (see documentation on sudo execution)
 - Added some Rsync argument parameters (preserve ACL, Xattr, and stream compression)
diff --git a/obackup_ssh_filter.sh b/obackup_ssh_filter.sh
index 12a85da..10fc8e1 100755
--- a/obackup_ssh_filter.sh
+++ b/obackup_ssh_filter.sh
@@ -2,7 +2,9 @@
 
 ##### Obackup ssh command filter
 
-## Paranoia option. Only change this if you read the documentation and know what you're doing
+## If enabled, execution of "sudo" command will be allowed.
+SUDO_EXEC=yes
+## Paranoia option. Don't change this unless you read the documentation and still feel concerned about security issues.
 RSYNC_EXECUTABLE=rsync
 
 function Go
@@ -20,17 +22,22 @@ case ${SSH_ORIGINAL_COMMAND%% *} in
 	"du")
 	Go ;;
 	"sudo")
-	if [[ "$SSH_ORIGINAL_COMMAND" == "sudo $RSYNC_EXECUTABLE"* ]]
+	if [ "$SUDO_EXEC" == "yes" ]
 	then
-		Go
-	elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo du"* ]]
-	then
-		Go
-	elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]]
-	then
-		Go
+		if [[ "$SSH_ORIGINAL_COMMAND" == "sudo $RSYNC_EXECUTABLE"* ]]
+		then
+			Go
+		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo du"* ]]
+		then
+			Go
+		elif [[ "$SSH_ORIGINAL_COMMAND" == "sudo find"* ]]
+		then
+			Go
+		else
+			echo "Sudo command not allowed."
+		fi
 	else
-		echo "Sudo command not allowed."
+		echo "Sudo command not enabled."
 	fi
 	;;
 	*)