From cd62b92571a0af22badbb9654164c9fa5c718214 Mon Sep 17 00:00:00 2001
From: m8in <m8in@gmx.de>
Date: Sun, 26 Apr 2026 09:51:20 +0200
Subject: [PATCH] zfs-branch and ssh-port

---
 core/base.module.sh                           | 16 +++++-----
 .../etc/sudoers.d/allow-composition-sync-send |  7 +++--
 script/host/zfs/composition-sync/sync-send.sh | 27 +++++++++-------
 script/host/zfs/composition-sync/sync.sh      | 31 ++++++++++---------
 4 files changed, 43 insertions(+), 38 deletions(-)

diff --git a/core/base.module.sh b/core/base.module.sh
index 66a4a24..a220aaa 100755
--- a/core/base.module.sh
+++ b/core/base.module.sh
@@ -5,10 +5,10 @@
 
 
 
-function checkAllInputParameters() {
+function base.checkAllInputParameters() {
     local _ALLOWED_CHARS _ARG _SUCCESS
     # Global whitelist for all start-parameters ($1, $2, ...)
-    _ALLOWED_CHARS='-[:alnum:]_.:'
+    _ALLOWED_CHARS='-[:alnum:]/_.:'
     readonly _ALLOWED_CHARS
 
     _SUCCESS="true"
@@ -16,12 +16,12 @@ function checkAllInputParameters() {
         if [[ -n "${_ARG}" ]]; then
             # Has to start with an alphanumeric char or --
             if [[ ! "${_ARG}" =~ ^[[:alnum:]] ]] && [[ ! "${_ARG}" =~ ^--[[:alnum:]] ]]; then
-                echo "❌ Security: No special character is allowed at the bginning of the parameter: '${_ARG}'" >&2
+                echo "❌ Security base.checkAllInputParameters(): No special character is allowed at the beginning of the parameter: '${_ARG}'" >&2
                 _SUCCESS="false"
             fi
             # No forbidden character is allowed to remain
             if [[ -n "${_ARG//[${_ALLOWED_CHARS}]/}" ]]; then
-                echo "❌ Security: Illegal character found in parameter: '${_ARG}'" >&2
+                echo "❌ Security base.checkAllInputParameters(): Illegal character found in parameter: '${_ARG}'" >&2
                 _SUCCESS="false"
             fi
         fi
@@ -33,7 +33,7 @@ function checkAllInputParameters() {
     return 1
 }
 
-function checkScriptforCorrectAssignments() {
+function base.checkScriptforCorrectAssignments() {
     local _LN=0
     local _SUCCESS="true"
 
@@ -326,7 +326,7 @@ function base.set() {
         && readonly "${_VARNAME}" \
         && return 0
 
-    echo "❌ Security: Validation '$_REGEX' failed for ${_VARNAME}" >&2
+    echo "❌ Security base.set(): Validation '$_REGEX' failed for ${_VARNAME}" >&2
     exit 1
 }
 
@@ -354,13 +354,13 @@ if [ "${BASH_SOURCE[0]}" == "${0}" ]; then
 else
     # If not exists, define a global array 'COLOR'
     trap "base.abort '  User-initiated termination.'" INT \
-        && checkAllInputParameters "${@}" \
         && declare -A -g COLOR=([SET]=unprepared) \
         && prepare.setCOLOR \
         && prepare.setPATH "/bin/grep" \
         && declare -A -g CIS=([SET]=unprepared) \
         && prepare.setCIS \
-        && checkScriptforCorrectAssignments \
+        && base.checkAllInputParameters "${@}" \
+        && base.checkScriptforCorrectAssignments \
         || base.abort "The necessary preparations have failed."
 
     base.log debug "Module '${BASH_SOURCE[0]}' loaded by script: ${0}"
diff --git a/definitions/default/hosts/all/etc/sudoers.d/allow-composition-sync-send b/definitions/default/hosts/all/etc/sudoers.d/allow-composition-sync-send
index 941daa5..52c02ea 100644
--- a/definitions/default/hosts/all/etc/sudoers.d/allow-composition-sync-send
+++ b/definitions/default/hosts/all/etc/sudoers.d/allow-composition-sync-send
@@ -1,10 +1,11 @@
-# Definition: 2 mandantory parameter, 3. and 4. are optional
+# Definition: 3 mandantory parameter, 4. and 5. are optional
 # [[:space:]]+        -> Expects at least on space character
 # ( ... )?            -> defines the group as optional
 Cmnd_Alias C_COMPOSITION_SYNC = \
     /cis/script/host/zfs/composition-sync/sync-send.sh \
-        ^[a-zA-Z0-9][a-zA-Z0-9._-]* \
+        ^[a-zA-Z0-9][a-zA-Z0-9.-]* \
+         [a-zA-Z][a-zA-Z0-9/_-]*[a-zA-Z0-9] \
          [a-zA-Z0-9][a-zA-Z0-9_-]* \
         ([a-zA-Z0-9][a-zA-Z0-9._:-]*)? \
         ([a-zA-Z0-9][a-zA-Z0-9._:-]*)?$
-composition-sync ALL = (root) NOPASSWD: C_COMPOSITION_SYNC
\ No newline at end of file
+composition-sync ALL = (root) NOPASSWD: C_COMPOSITION_SYNC
diff --git a/script/host/zfs/composition-sync/sync-send.sh b/script/host/zfs/composition-sync/sync-send.sh
index 8787710..09bfe8b 100755
--- a/script/host/zfs/composition-sync/sync-send.sh
+++ b/script/host/zfs/composition-sync/sync-send.sh
@@ -94,14 +94,15 @@ function sendResume() {
 }
 
 function send() {
-    local _COMPOSITION _RECEIVERHOST _RECEIVERS_SNAPSHOT _NOW _ZFS _NEW_SNAPSHOT
-    _COMPOSITION="${1:?"send(): Missing first parameter COMPOSITION"}"
-    _RECEIVERHOST="${2:?"send(): Missing second parameter RECEIVERHOST"}"
-    _RECEIVERS_SNAPSHOT="${3}"
+    local _ZFS_BRANCH _COMPOSITION _RECEIVERHOST _RECEIVERS_SNAPSHOT _NOW _ZFS _NEW_SNAPSHOT
+    _ZFS_BRANCH="${1:?"send(): Missing first parameter ZFS_BRANCH"}"
+    _COMPOSITION="${2:?"send(): Missing first parameter COMPOSITION"}"
+    _RECEIVERHOST="${3:?"send(): Missing second parameter RECEIVERHOST"}"
+    _RECEIVERS_SNAPSHOT="${4}"
     _NOW=$(date -u "+%Y-%m-%d_%H:%M:%SZ")
-    _ZFS="zpool1/persistent/${_COMPOSITION:?"Missing COMPOSITION"}"
+    _ZFS="${_ZFS_BRANCH:?"Missing ZFS_BRANCH"}/${_COMPOSITION:?"Missing COMPOSITION"}"
     _NEW_SNAPSHOT="${_ZFS:?"Missing ZFS"}@SYNC_${_RECEIVERHOST:?"Missing RECEIVERHOST"}_${_NOW:?"Missing NOW"}"
-    readonly _COMPOSITION _RECEIVERHOST _RECEIVERS_SNAPSHOT _NOW _ZFS _NEW_SNAPSHOT
+    readonly _ZFS_BRANCH _COMPOSITION _RECEIVERHOST _RECEIVERS_SNAPSHOT _NOW _ZFS _NEW_SNAPSHOT
 
     # This common snapshot is the starting-point, if available.
     ! _COMMON_SNAPSHOT=$(printFoundCommonSnapshot "${_ZFS}" "${_RECEIVERHOST}" "${_RECEIVERS_SNAPSHOT}") \
@@ -125,13 +126,15 @@ function send() {
 
 
 # Parameter 1: Only alphanumeric characters allowed and [._-]  if not leading (due to: -oProxyCommand=...).
-# Parameter 2: Only alphanumeric characters allowed and [.-]   if not leading (due to: -oProxyCommand=...).
-# Parameter 3: Only alphanumeric characters allowed and [._:-] if not leading (due to: -oProxyCommand=...), but can be empty.
+# Parameter 2: Only alphanumeric characters allowed and [/_-]  if not leading (due to: -oProxyCommand=...).
+# Parameter 3: Only alphanumeric characters allowed and [.-]   if not leading (due to: -oProxyCommand=...).
 # Parameter 4: Only alphanumeric characters allowed and [._:-] if not leading (due to: -oProxyCommand=...), but can be empty.
+# Parameter 5: Only alphanumeric characters allowed and [._:-] if not leading (due to: -oProxyCommand=...), but can be empty.
 base.set RECEIVERHOST "${1}" '^[a-zA-Z0-9][a-zA-Z0-9._-]*$' || exit 1
-base.set COMPOSITION "${2}" '^[a-zA-Z0-9][a-zA-Z0-9.-]*$' || exit 1
-base.set RECEIVERS_SNAPSHOT "${3}" '(^[a-zA-Z0-9][a-zA-Z0-9._:-]*$)?' || exit 1
-base.set RESUME_TOKEN "${4}" '(^[a-zA-Z0-9][a-zA-Z0-9._:-]*$)?' || exit 1
+base.set ZFS_BRANCH "${2}" '^[a-zA-Z][a-zA-Z0-9/_-]*[a-zA-Z0-9]$' || exit 1
+base.set COMPOSITION "${3}" '^[a-zA-Z0-9][a-zA-Z0-9.-]*$' || exit 1
+base.set RECEIVERS_SNAPSHOT "${4}" '(^[a-zA-Z0-9][a-zA-Z0-9._:-]*$)?' || exit 1
+base.set RESUME_TOKEN "${5}" '(^[a-zA-Z0-9][a-zA-Z0-9._:-]*$)?' || exit 1
 
 # Resume mode
 if [ "${RECEIVERS_SNAPSHOT}" == "RESUME" ]; then
@@ -141,7 +144,7 @@ if [ "${RECEIVERS_SNAPSHOT}" == "RESUME" ]; then
     exit $?
 fi
 
-send "${COMPOSITION}" "${RECEIVERHOST}" "${RECEIVERS_SNAPSHOT}" \
+send "${ZFS_BRANCH}" "${COMPOSITION}" "${RECEIVERHOST}" "${RECEIVERS_SNAPSHOT}" \
     && exit 0
 
 echo "Failure in sync-send.sh: Something unexpected happend." >&2
diff --git a/script/host/zfs/composition-sync/sync.sh b/script/host/zfs/composition-sync/sync.sh
index 4d56e74..c0f9b39 100755
--- a/script/host/zfs/composition-sync/sync.sh
+++ b/script/host/zfs/composition-sync/sync.sh
@@ -119,17 +119,19 @@ function removeOutdatedSyncSnapshots() {
 }
 
 function receive() {
-    local _RECEIVERHOST _COMPOSITION _SSH_PORT _DEFINITIONS  _SOURCEHOST _SSH_COMMAND _SEND_SCRIPT _ZFS_BRANCH _ZFS
+    local _RECEIVERHOST _COMPOSITION _SOURCEHOST _SSH_PORT _SSH_COMMAND _SEND_SCRIPT _ZFS_BRANCH _ZFS
     _RECEIVERHOST="${1:?"receive(): Missing first parameter RECEIVERHOST"}"
     _COMPOSITION="${2:?"receive(): Missing second parameter COMPOSITION"}"
-    _SSH_PORT="${3:-22}"
-    _SOURCEHOST=$(cat "${CIS[DOMAINDEFINITIONS]:?"Missing CIS_DOMAINDEFINITIONS"}compositions/${_COMPOSITION}/current-host")
+    _SOURCEHOST=$(head -n 1 "${CIS[DOMAINDEFINITIONS]:?"Missing CIS_DOMAINDEFINITIONS"}compositions/${_COMPOSITION}/current-host" 2> /dev/null)
+    base.set _SOURCEHOST "${_SOURCEHOST}" '^[a-zA-Z0-9][a-zA-Z0-9.-]*$'
+    _SSH_PORT=$(head -n 1 "${CIS[DOMAINDEFINITIONS]:?"Missing CIS_DOMAINDEFINITIONS"}compositions/${_COMPOSITION}/ssh-port" 2> /dev/null)
+    base.set _SSH_PORT "${_SSH_PORT:-22}" '^[1-9][0-9]{1,4}$'
     _SSH_COMMAND="ssh -p ${_SSH_PORT} -o ConnectTimeout=20 -o ServerAliveInterval=15 -C composition-sync@${_SOURCEHOST}"
     _SEND_SCRIPT="${CIS[SCRIPTSROOT]:?"Missing CIS_SCRIPTSROOT"}host/zfs/composition-sync/sync-send.sh"
-    _ZFS_BRANCH=$(cat "${CIS[DOMAINDEFINITIONS]:?"Missing CIS_DOMAINDEFINITIONS"}compositions/${_COMPOSITION}/zfs-branch")
-    _ZFS_BRANCH="${_ZFS_BRANCH:-zpool1/persistent}"
+    _ZFS_BRANCH=$(head -n 1 "${CIS[DOMAINDEFINITIONS]:?"Missing CIS_DOMAINDEFINITIONS"}compositions/${_COMPOSITION}/zfs-branch" 2> /dev/null)
+    base.set _ZFS_BRANCH "${_ZFS_BRANCH:-zpool1/persistent}" '^[a-zA-Z][a-zA-Z0-9/_-]*[a-zA-Z0-9]$'
     _ZFS="${_ZFS_BRANCH%/}/${_COMPOSITION}-BACKUP"
-    readonly _RECEIVERHOST _COMPOSITION _SSH_PORT _DEFINITIONS _SOURCEHOST _SSH_COMMAND _SEND_SCRIPT _ZFS_BRANCH _ZFS
+    readonly _RECEIVERHOST _COMPOSITION _SSH_COMMAND _SEND_SCRIPT _ZFS_BRANCH _ZFS
     (
         flock -n 9 || exit 1
 
@@ -147,17 +149,17 @@ function receive() {
         fi
 
         # Add "-s" for resumable streams in the next line at zfs receive. Not done yet because of: cannot receive resume stream: kernel modules must be upgraded to receive this stream.
-        ${_SSH_COMMAND} "sudo ${_SEND_SCRIPT:?"Missing SEND_SCRIPT"} \"${_RECEIVERHOST}\" \"${_COMPOSITION}\" \"${_COMMON_SNAPSHOT#${_ZFS}@}\" \"${_RESUME_TOKEN}\"" | zfs receive -v "${_ZFS}"
+        ${_SSH_COMMAND} "sudo ${_SEND_SCRIPT:?"Missing SEND_SCRIPT"} \"${_RECEIVERHOST}\" \"${_ZFS_BRANCH}\" \"${_COMPOSITION}\" \"${_COMMON_SNAPSHOT#${_ZFS}@}\" \"${_RESUME_TOKEN}\"" | zfs receive -v "${_ZFS}"
         if [ $? -ne 0 ]; then
-            tryRollbackToRepair "${_RECEIVERHOST}" "${_ZFS}" && return 0
             echo "Unable to receive stream using these settings:"
             echo "  - Sending host:     ${_SOURCEHOST}:${_SSH_PORT}"
             echo "  - Receiving host:   ${_RECEIVERHOST}"
             echo "  - Composition:      ${_COMPOSITION}"
-            echo "  - Offered snapshot: ${_COMMON_SNAPSHOT}"
+            echo "  - Offered snapshot: ${_ZFS}@${_COMMON_SNAPSHOT#${_ZFS}@}"
             echo "  - Resume token:     ${_RESUME_TOKEN}"
             echo "Current state of snapshots:"
             zfs list -t snapshot "${_ZFS}" 2> /dev/null | tail
+            tryRollbackToRepair "${_COMPOSITION}" "${_RECEIVERHOST}" "${_ZFS}" && return 0
             return 1
         fi
 
@@ -178,8 +180,9 @@ function tryRollbackToRepair() {
     _RECEIVERHOST="${2:?"tryRollbackToRepair(): Missing second parameter RECEIVERHOST"}"
     _ZFS="${3:?"tryRollbackToRepair(): Missing third parameter ZFS"}"
     _ROLLBACK_DAY=$(head -n 1 "${CIS[DOMAINDEFINITIONS]:?"Missing CIS_DOMAINDEFINITIONS"}compositions/${_COMPOSITION:?"Missing COMPOSITION"}/rollback")
+    base.set _ROLLBACK_DAY "${_ROLLBACK_DAY:-'2020-01-01'}" '^[0-9]{4}-[0-9]{2}-[0-9]{2}$'
     _ROLLBACK_SNAPSHOT=$(zfs list -H -o name -S creation -t snapshot "${_ZFS}" | head -n 1 | grep -F -- "@SYNC_${_RECEIVERHOST}_${_ROLLBACK_DAY}_")
-    readonly _COMPOSITION _RECEIVERHOST _ZFS _ROLLBACK_DAY _ROLLBACK_SNAPSHOT
+    readonly _COMPOSITION _RECEIVERHOST _ZFS _ROLLBACK_SNAPSHOT
 
     # Nothing to do
     [ -z "${_ROLLBACK_SNAPSHOT}" ] && return 0
@@ -196,11 +199,9 @@ function tryRollbackToRepair() {
 
 # Parameter 1: only one of these values are allowed (--all, --once, --loop)
 # Parameter 2: is optional '()?' and only a subset of alphanumeric characters are allowed and [_-] if not leading (due to: -oProxyCommand=...).
-# Parameter 3: only digests between 10-99999 are allowed
-# Value 4    : only a subset of alphanumeric characters are allowed and [.-] if not leading (due to: -oProxyCommand=...).
+# Value 3    : only a subset of alphanumeric characters are allowed and [.-] if not leading (due to: -oProxyCommand=...).
 base.set MODE "${1}" '^(--all|--once|--loop)$'
 base.set COMPOSITION "${2}" '^([a-zA-Z0-9][a-zA-Z0-9_-]*)?$'
-base.set SSH_PORT "${3:-22}" '^[1-9][0-9]{1,4}$'
 base.set RECEIVERHOST "$(hostname -b)" '^[a-zA-Z0-9][a-zA-Z0-9.-]*$'
 
 [ "${MODE}" == "--all" ] \
@@ -209,11 +210,11 @@ base.set RECEIVERHOST "$(hostname -b)" '^[a-zA-Z0-9][a-zA-Z0-9.-]*$'
     && exit 0
 
 [ "${MODE}" == "--once" ] \
-    && receive "${RECEIVERHOST}" "${COMPOSITION}" "${SSH_PORT}" \
+    && receive "${RECEIVERHOST}" "${COMPOSITION}" \
     && exit 0
 
 [ "${MODE}" == "--loop" ] && while true; do
-    receive "${RECEIVERHOST}" "${COMPOSITION}" "${SSH_PORT}" \
+    receive "${RECEIVERHOST}" "${COMPOSITION}" \
         && echo "Sleep for 5s" \
         && sleep 5 \
         && echo \