ssh_filter_btrbk: allow stream compression if --compress option is set.

btrbk

@@ -58,6 +58,7 @@ my  $VERSION_INFO    = "btrbk command line client, version $VERSION";
 my @config_src = ("/etc/btrbk.conf", "/etc/btrbk/btrbk.conf");
 
 my %compression = (
+  # NOTE: also adapt "compress_list" in ssh_filter_btrbk.sh if you change this
   gzip   => { name => 'gzip',   format => 'gz',  compress_cmd => [ 'gzip',   '-c' ], decompress_cmd => [ 'gzip',   '-d', '-c' ], level_min => 1, level_max => 9 },
   pigz   => { name => 'pigz',   format => 'gz',  compress_cmd => [ 'pigz',   '-c' ], decompress_cmd => [ 'pigz',   '-d', '-c' ], level_min => 1, level_max => 9, threads => '-p' },
   bzip2  => { name => 'bzip2',  format => 'bz2', compress_cmd => [ 'bzip2',  '-c' ], decompress_cmd => [ 'bzip2',  '-d', '-c' ], level_min => 1, level_max => 9 },

doc/ssh_filter_btrbk.1

@@ -24,7 +24,7 @@ Example line in /root/.ssh/authorized_keys on a backup target host:
 .PP
 .RS 4
 .nf
-command="ssh_filter_btrbk.sh \-\-target \-\-delete \-\-restrict\-path /mnt/btr_backup" ssh\-rsa AAAAB3NzaC1...hwumXFRQBL btrbk@mydomain.com
+command="ssh_filter_btrbk.sh \-\-target \-\-delete \-\-compress \-\-restrict\-path /mnt/btr_backup" ssh\-rsa AAAAB3NzaC1...hwumXFRQBL btrbk@mydomain.com
 .fi
 .RE
 .SH OPTIONS
@@ -49,6 +49,12 @@ to \[lq]all\[rq], and for backup targets if
 \fItarget_preserve_daily\fR is not set to \[lq]all\[rq].
 .RE
 .PP
+\-c, \-\-compress
+.RS 4
+Allow commands for stream compression (pipes through gzip, pigz,
+bzip2, pbzip2, xz, lzo, lz4). Needed if \fIstream_compress\fR is set.
+.RE
+.PP
 \-i, \-\-info
 .RS 4
 Allow informative commands: "btrfs subvolume find\-new", "btrfs

ssh_filter_btrbk.sh

@@ -10,6 +10,8 @@ use_sudo=
 restrict_path_list=
 allow_list=
 allow_exact_list=
+allow_compress=
+compress_list="gzip|pigz|bzip2|pbzip2|xz|lzo|lz4"
 
 log_cmd()
 {
@@ -57,8 +59,16 @@ reject_filtered_cmd()
 	path_match="/${file_match}"
     fi
 
+    if [[ -n "$allow_compress" ]]; then
+        decompress_match="((${compress_list}) -d -c( -[0-9])?( -[pT][0-9]+)? \| )?"
+        compress_match="( \| (${compress_list}) -c( -[0-9])?( -[pT][0-9]+)?)?"
+    else
+        decompress_match=
+        compress_match=
+    fi
+
     # allow multiple paths (e.g. "btrfs subvolume snapshot <src> <dst>")
-    btrfs_cmd_match="^(${allow_list})( ${option_match})*( $path_match)+$"
+    btrfs_cmd_match="^${decompress_match}(${allow_list})( ${option_match})*( ${path_match})+${compress_match}$"
 
     if [[ $SSH_ORIGINAL_COMMAND =~ $btrfs_cmd_match ]] ; then
         return 0
@@ -106,6 +116,10 @@ while [[ "$#" -ge 1 ]]; do
           allow_exact_cmd "cat /proc/self/mounts"
           ;;
 
+      -c|--compress)
+          allow_compress=1
+          ;;
+
       -d|--delete)
           allow_cmd "btrfs subvolume delete"
           ;;
@@ -140,8 +154,8 @@ allow_list=${allow_list#\|}
 allow_exact_list=${allow_exact_list#\|}
 restrict_path_list=${restrict_path_list#\|}
 
-
 case "$SSH_ORIGINAL_COMMAND" in
+    *\.\./*)  reject_and_die "directory traversal"  ;;
     *\$*)     reject_and_die "unsafe character"     ;;
     *\&*)     reject_and_die "unsafe character"     ;;
     *\(*)     reject_and_die "unsafe character"     ;;
@@ -150,10 +164,8 @@ case "$SSH_ORIGINAL_COMMAND" in
     *\<*)     reject_and_die "unsafe character"     ;;
     *\>*)     reject_and_die "unsafe character"     ;;
     *\`*)     reject_and_die "unsafe character"     ;;
-    *\|*)     reject_and_die "unsafe character"     ;;
+    *\|*)     [[ -n "$allow_compress" ]] || reject_and_die "unsafe character (compression disallowed)" ;;
-    *\.\./*)  reject_and_die "directory traversal"  ;;
+esac
-    *)
+
 reject_filtered_cmd
 run_cmd
-	;;
-esac