From 526e332b027abde5b7f902e9020677e866acc934 Mon Sep 17 00:00:00 2001
From: Axel Burri <axel@tty0.ch>
Date: Wed, 10 Oct 2018 22:43:28 +0200
Subject: [PATCH] ssh_filter_btrbk.sh: bugfix: ignore --restrict-path for
 "btrfs subvolume list"

btrbk now runs "btrfs subvolume list" from the mountpoint instead of
the volume path, which for some users is not below --restrict-path. As
the output of "btrfs subvolume list" is the same (complete btrfs tree
for the filesystem), it is ok to ignore the restrict-path here.
---
 ssh_filter_btrbk.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ssh_filter_btrbk.sh b/ssh_filter_btrbk.sh
index 000dfd6..69775c1 100755
--- a/ssh_filter_btrbk.sh
+++ b/ssh_filter_btrbk.sh
@@ -14,6 +14,10 @@ allow_stream_buffer=1
 allow_compress=1
 compress_list="gzip|pigz|bzip2|pbzip2|xz|lzop|lz4"
 
+# note that the backslash is NOT a metacharacter in a POSIX bracket expression!
+option_match='-[a-zA-Z0-9=-]+'   # matches short as well as long options
+file_match='[0-9a-zA-Z_@+./-]*'  # matches file path (equal to $file_match in btrbk)
+
 log_cmd()
 {
     if [[ -n "$enable_log" ]]; then
@@ -47,10 +51,6 @@ run_cmd()
 
 reject_filtered_cmd()
 {
-    # note that the backslash is NOT a metacharacter in a POSIX bracket expression!
-    option_match='-[a-zA-Z0-9=-]+'   # matches short as well as long options
-    file_match='[0-9a-zA-Z_@+./-]*'  # matches file path (equal to $file_match in btrbk)
-
     if [[ -n "$restrict_path_list" ]]; then
 	# match any of restrict_path_list with or without trailing slash,
 	# or any file/directory (matching file_match) below restrict_path
@@ -162,7 +162,7 @@ while [[ "$#" -ge 1 ]]; do
 done
 
 allow_cmd "${sudo_prefix}btrfs subvolume show"; # subvolume queries are always allowed
-allow_cmd "${sudo_prefix}btrfs subvolume list"; # subvolume queries are always allowed
+allow_exact_cmd "${sudo_prefix}btrfs subvolume list ${file_match}"; # subvolume queries are always allowed
 allow_cmd "readlink"                            # used to resolve mountpoints
 allow_exact_cmd "cat /proc/self/mountinfo"      # used to resolve mountpoints
 allow_exact_cmd "cat /proc/self/mounts"         # legacy, for btrbk < 0.27.0