Attachment #1206 for bug #177




.Nd SFTP server subsystem
.Sh SYNOPSIS
.Nm sftp-server
.Op Fl C Ar chroot_path
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
.Sh DESCRIPTION

.Pp
Valid options are:
.Bl -tag -width Ds
.It Fl C Ar chroot_path
Requests that
.Nm
.Xr chroot 2
itself to the specified path prior to processing requests from the user.
The
.Ar chroot_path
use the tilde syntax to refer to a user's home directory or one of the
following
escape characters:
.Ql %d
(local user's home directory) or
.Ql %g
(local user's primary group name).
Note that
.Xr chroot 2
support requires
.Nm
to be installed setuid root.
.It Fl f Ar log_facility
Specifies the facility code that is used when logging messages from
.Nm .




#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <grp.h>
#include <time.h>
#include <unistd.h>
#include <stdarg.h>

		buffer_consume(&iqueue, msg_len - consumed);
}

static void
do_chroot(const char *chroot_path_template)
{
	char *cp, *chroot_path;
	struct group *gr;

	if ((gr = getgrgid(pw->pw_gid)) == NULL)
		fatal("No group found for gid %lu", (u_long)pw->pw_gid);

	cp = percent_expand(chroot_path_template, "d", pw->pw_dir,
	    "u", pw->pw_name, "g", gr->gr_name, (char *)NULL);
	chroot_path = tilde_expand_filename(cp, getuid());
	xfree(cp);

	logit("chroot to %s", chroot_path);

	/* Ensure the user has rights to access the chroot path first */
	temporarily_use_uid(pw);
	if (chdir(chroot_path) == -1)
		fatal("chdir(\"%s\"): %s", chroot_path, strerror(errno));
	restore_uid();

	if (chroot(chroot_path) == -1)
		fatal("chroot(\"%s\"): %s", chroot_path, strerror(errno));
	if (chdir("/") == -1)
		fatal("chdir(\"/\"): %s", strerror(errno));
	xfree(chroot_path);
}

/* Cleanup handler that logs active handles upon normal exit */
void
cleanup_exit(int i)

	int in, out, max, ch, skipargs = 0, log_stderr = 0;
	ssize_t len, olen, set_size;
	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
	char *cp, *chroot_path = NULL;

	extern char *optarg;
	extern char *__progname;


	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
		switch (ch) {
		case 'C':
			chroot_path = optarg;
			break;
		case 'c':
			/*
			 * Ignore all arguments if we are invoked as a

	logit("session opened for local user %s from [%s]",
	    pw->pw_name, client_addr);

	if (chroot_path != NULL)
		do_chroot(chroot_path);
	if (getuid() != geteuid())
		permanently_set_uid(pw);
		
	handle_init();

	in = dup(STDIN_FILENO);

Lines 5-11 Link Here

(-)sftp-server/Makefile (-1 / +1 lines)
5	PROG= sftp-server	5	PROG= sftp-server
6	BINOWN= root	6	BINOWN= root
7		7
8	BINMODE?=555	8	BINMODE?=4555
9		9
10	BINDIR= /usr/libexec	10	BINDIR= /usr/libexec
11	MAN= sftp-server.8	11	MAN= sftp-server.8

Return to bug 177

Lines 27-32 Link Here

(-)sftp-server.c (-1 / +39 lines)
27	#include <stdio.h>	27	#include <stdio.h>
28	#include <string.h>	28	#include <string.h>
29	#include <pwd.h>	29	#include <pwd.h>
		30	#include <grp.h>
30	#include <time.h>	31	#include <time.h>
31	#include <unistd.h>	32	#include <unistd.h>
32	#include <stdarg.h>	33	#include <stdarg.h>
Lines 1161-1166 process(void) Link Here
1161	buffer_consume(&iqueue, msg_len - consumed);	1162	buffer_consume(&iqueue, msg_len - consumed);
1162	}	1163	}
1163		1164
		1165	static void
		1166	do_chroot(const char *chroot_path_template)
		1167	{
		1168	char cp, chroot_path;
		1169	struct group *gr;
		1170
		1171	if ((gr = getgrgid(pw->pw_gid)) == NULL)
		1172	fatal("No group found for gid %lu", (u_long)pw->pw_gid);
		1173
		1174	cp = percent_expand(chroot_path_template, "d", pw->pw_dir,
		1175	"u", pw->pw_name, "g", gr->gr_name, (char *)NULL);
		1176	chroot_path = tilde_expand_filename(cp, getuid());
		1177	xfree(cp);
		1178
		1179	logit("chroot to %s", chroot_path);
		1180
		1181	/* Ensure the user has rights to access the chroot path first */
		1182	temporarily_use_uid(pw);
		1183	if (chdir(chroot_path) == -1)
		1184	fatal("chdir(\"%s\"): %s", chroot_path, strerror(errno));
		1185	restore_uid();
		1186
		1187	if (chroot(chroot_path) == -1)
		1188	fatal("chroot(\"%s\"): %s", chroot_path, strerror(errno));
		1189	if (chdir("/") == -1)
		1190	fatal("chdir(\"/\"): %s", strerror(errno));
		1191	xfree(chroot_path);
		1192	}
		1193
1164	/* Cleanup handler that logs active handles upon normal exit */	1194	/* Cleanup handler that logs active handles upon normal exit */
1165	void	1195	void
1166	cleanup_exit(int i)	1196	cleanup_exit(int i)
Lines 1190-1196 main(int argc, char **argv) Link Here
1190	int in, out, max, ch, skipargs = 0, log_stderr = 0;	1220	int in, out, max, ch, skipargs = 0, log_stderr = 0;
1191	ssize_t len, olen, set_size;	1221	ssize_t len, olen, set_size;
1192	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;	1222	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1193	char *cp;	1223	char cp, chroot_path = NULL;
1194		1224
1195	extern char *optarg;	1225	extern char *optarg;
1196	extern char *__progname;	1226	extern char *__progname;
Lines 1202-1207 main(int argc, char **argv) Link Here
1202		1232
1203	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {	1233	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
1204	switch (ch) {	1234	switch (ch) {
		1235	case 'C':
		1236	chroot_path = optarg;
		1237	break;
1205	case 'c':	1238	case 'c':
1206	/*	1239	/*
1207	* Ignore all arguments if we are invoked as a	1240	* Ignore all arguments if we are invoked as a
Lines 1246-1251 main(int argc, char **argv) Link Here
1246	logit("session opened for local user %s from [%s]",	1279	logit("session opened for local user %s from [%s]",
1247	pw->pw_name, client_addr);	1280	pw->pw_name, client_addr);
1248		1281
		1282	if (chroot_path != NULL)
		1283	do_chroot(chroot_path);
		1284	if (getuid() != geteuid())
		1285	permanently_set_uid(pw);
		1286
1249	handle_init();	1287	handle_init();
1250		1288
1251	in = dup(STDIN_FILENO);	1289	in = dup(STDIN_FILENO);

Lines 30-35 Link Here

(-)sftp-server.8 (+20 lines)
30	.Nd SFTP server subsystem	30	.Nd SFTP server subsystem
31	.Sh SYNOPSIS	31	.Sh SYNOPSIS
32	.Nm sftp-server	32	.Nm sftp-server
		33	.Op Fl C Ar chroot_path
33	.Op Fl f Ar log_facility	34	.Op Fl f Ar log_facility
34	.Op Fl l Ar log_level	35	.Op Fl l Ar log_level
35	.Sh DESCRIPTION	36	.Sh DESCRIPTION
Lines 54-59 for more information. Link Here
54	.Pp	55	.Pp
55	Valid options are:	56	Valid options are:
56	.Bl -tag -width Ds	57	.Bl -tag -width Ds
		58	.It Fl C Ar chroot_path
		59	Requests that
		60	.Nm
		61	.Xr chroot 2
		62	itself to the specified path prior to processing requests from the user.
		63	The
		64	.Ar chroot_path
		65	use the tilde syntax to refer to a user's home directory or one of the
		66	following
		67	escape characters:
		68	.Ql %d
		69	(local user's home directory) or
		70	.Ql %g
		71	(local user's primary group name).
		72	Note that
		73	.Xr chroot 2
		74	support requires
		75	.Nm
		76	to be installed setuid root.
57	.It Fl f Ar log_facility	77	.It Fl f Ar log_facility
58	Specifies the facility code that is used when logging messages from	78	Specifies the facility code that is used when logging messages from
59	.Nm .	79	.Nm .