#!/bin/sh

# Allow calling rsync over ssh single purpose keys.
# The key doesn't allow for changing wildcards, but SSH puts the command that
# the user sent on the ssh command line in SSH_ORIGINAL_COMMAND.
# We check that it doesn't have any [;&|] characters (so only one command) and
# that the command begins with 'rsync'
# 
# Taken from: http://www.barryodonovan.com/publications/lg/104/

case "$SSH_ORIGINAL_COMMAND" in
    *\&* | *\;* | *\|*)
        echo "Access denied"
        ;;
    rsync\ --server*)
        $SSH_ORIGINAL_COMMAND
        ;;
    hostname)
        $SSH_ORIGINAL_COMMAND
        ;;
    *)
        echo "Access denied"
        ;;
esac