Attachment #1346 for bug #177




.Nd SFTP server subsystem
.Sh SYNOPSIS
.Nm sftp-server
.Op Fl C Ar chroot_path
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
.Sh DESCRIPTION

.Pp
Valid options are:
.Bl -tag -width Ds
.It Fl C Ar chroot_path
Requests that
.Nm
.Xr chroot 2
itself to the specified path prior to processing requests from the user.
The
.Ar chroot_path
use the tilde syntax to refer to a user's home directory or one of the
following
escape characters:
.Ql %d
(local user's home directory) or
.Ql %g
(local user's primary group name).
Note that
.Xr chroot 2
support requires
.Nm
to be installed setuid root.
.It Fl f Ar log_facility
Specifies the facility code that is used when logging messages from
.Nm .




#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <grp.h>
#include <time.h>
#include <unistd.h>
#include <stdarg.h>

		buffer_consume(&iqueue, msg_len - consumed);
}

static void
do_chroot(const char *chroot_path_template)
{
	char *cp, *chroot_path;
	struct group *gr;

	if ((gr = getgrgid(pw->pw_gid)) == NULL)
		fatal("No group found for gid %lu", (u_long)pw->pw_gid);

	cp = percent_expand(chroot_path_template, "d", pw->pw_dir,
	    "u", pw->pw_name, "g", gr->gr_name, (char *)NULL);
	chroot_path = tilde_expand_filename(cp, getuid());
	xfree(cp);

	logit("chroot to %s", chroot_path);

	/* Ensure the user has rights to access the chroot path first */
	temporarily_use_uid(pw);
	if (chdir(chroot_path) == -1)
		fatal("chdir(\"%s\"): %s", chroot_path, strerror(errno));
	restore_uid();

	if (chroot(chroot_path) == -1)
		fatal("chroot(\"%s\"): %s", chroot_path, strerror(errno));
	if (chdir("/") == -1)
		fatal("chdir(\"/\"): %s", strerror(errno));
	xfree(chroot_path);
}

/* Cleanup handler that logs active handles upon normal exit */
void
cleanup_exit(int i)

	int in, out, max, ch, skipargs = 0, log_stderr = 0;
	ssize_t len, olen, set_size;
	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
	char *cp, buf[4*4096], *chroot_path = NULL;

	extern char *optarg;
	extern char *__progname;


	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
		switch (ch) {
		case 'C':
			chroot_path = optarg;
			break;
		case 'c':
			/*
			 * Ignore all arguments if we are invoked as a

	logit("session opened for local user %s from [%s]",
	    pw->pw_name, client_addr);

	if (chroot_path != NULL)
		do_chroot(chroot_path);
	if (getuid() != geteuid())
		permanently_set_uid(pw);
		
	handle_init();

	in = dup(STDIN_FILENO);

Return to bug 177

Lines 32-37 Link Here

(-)sftp-server.c (-1 / +39 lines)
32	#include <stdio.h>	32	#include <stdio.h>
33	#include <string.h>	33	#include <string.h>
34	#include <pwd.h>	34	#include <pwd.h>
		35	#include <grp.h>
35	#include <time.h>	36	#include <time.h>
36	#include <unistd.h>	37	#include <unistd.h>
37	#include <stdarg.h>	38	#include <stdarg.h>
Lines 1185-1190 process(void) Link Here
1185	buffer_consume(&iqueue, msg_len - consumed);	1186	buffer_consume(&iqueue, msg_len - consumed);
1186	}	1187	}
1187		1188
		1189	static void
		1190	do_chroot(const char *chroot_path_template)
		1191	{
		1192	char cp, chroot_path;
		1193	struct group *gr;
		1194
		1195	if ((gr = getgrgid(pw->pw_gid)) == NULL)
		1196	fatal("No group found for gid %lu", (u_long)pw->pw_gid);
		1197
		1198	cp = percent_expand(chroot_path_template, "d", pw->pw_dir,
		1199	"u", pw->pw_name, "g", gr->gr_name, (char *)NULL);
		1200	chroot_path = tilde_expand_filename(cp, getuid());
		1201	xfree(cp);
		1202
		1203	logit("chroot to %s", chroot_path);
		1204
		1205	/* Ensure the user has rights to access the chroot path first */
		1206	temporarily_use_uid(pw);
		1207	if (chdir(chroot_path) == -1)
		1208	fatal("chdir(\"%s\"): %s", chroot_path, strerror(errno));
		1209	restore_uid();
		1210
		1211	if (chroot(chroot_path) == -1)
		1212	fatal("chroot(\"%s\"): %s", chroot_path, strerror(errno));
		1213	if (chdir("/") == -1)
		1214	fatal("chdir(\"/\"): %s", strerror(errno));
		1215	xfree(chroot_path);
		1216	}
		1217
1188	/* Cleanup handler that logs active handles upon normal exit */	1218	/* Cleanup handler that logs active handles upon normal exit */
1189	void	1219	void
1190	cleanup_exit(int i)	1220	cleanup_exit(int i)
Lines 1214-1220 main(int argc, char **argv) Link Here
1214	int in, out, max, ch, skipargs = 0, log_stderr = 0;	1244	int in, out, max, ch, skipargs = 0, log_stderr = 0;
1215	ssize_t len, olen, set_size;	1245	ssize_t len, olen, set_size;
1216	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;	1246	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1217	char cp, buf[44096];	1247	char cp, buf[44096], *chroot_path = NULL;
1218		1248
1219	extern char *optarg;	1249	extern char *optarg;
1220	extern char *__progname;	1250	extern char *__progname;
Lines 1227-1232 main(int argc, char **argv) Link Here
1227		1257
1228	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {	1258	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
1229	switch (ch) {	1259	switch (ch) {
		1260	case 'C':
		1261	chroot_path = optarg;
		1262	break;
1230	case 'c':	1263	case 'c':
1231	/*	1264	/*
1232	* Ignore all arguments if we are invoked as a	1265	* Ignore all arguments if we are invoked as a
Lines 1271-1276 main(int argc, char **argv) Link Here
1271	logit("session opened for local user %s from [%s]",	1304	logit("session opened for local user %s from [%s]",
1272	pw->pw_name, client_addr);	1305	pw->pw_name, client_addr);
1273		1306
		1307	if (chroot_path != NULL)
		1308	do_chroot(chroot_path);
		1309	if (getuid() != geteuid())
		1310	permanently_set_uid(pw);
		1311
1274	handle_init();	1312	handle_init();
1275		1313
1276	in = dup(STDIN_FILENO);	1314	in = dup(STDIN_FILENO);

Lines 30-35 Link Here

(-)sftp-server.8 (+20 lines)
30	.Nd SFTP server subsystem	30	.Nd SFTP server subsystem
31	.Sh SYNOPSIS	31	.Sh SYNOPSIS
32	.Nm sftp-server	32	.Nm sftp-server
		33	.Op Fl C Ar chroot_path
33	.Op Fl f Ar log_facility	34	.Op Fl f Ar log_facility
34	.Op Fl l Ar log_level	35	.Op Fl l Ar log_level
35	.Sh DESCRIPTION	36	.Sh DESCRIPTION
Lines 54-59 for more information. Link Here
54	.Pp	55	.Pp
55	Valid options are:	56	Valid options are:
56	.Bl -tag -width Ds	57	.Bl -tag -width Ds
		58	.It Fl C Ar chroot_path
		59	Requests that
		60	.Nm
		61	.Xr chroot 2
		62	itself to the specified path prior to processing requests from the user.
		63	The
		64	.Ar chroot_path
		65	use the tilde syntax to refer to a user's home directory or one of the
		66	following
		67	escape characters:
		68	.Ql %d
		69	(local user's home directory) or
		70	.Ql %g
		71	(local user's primary group name).
		72	Note that
		73	.Xr chroot 2
		74	support requires
		75	.Nm
		76	to be installed setuid root.
57	.It Fl f Ar log_facility	77	.It Fl f Ar log_facility
58	Specifies the facility code that is used when logging messages from	78	Specifies the facility code that is used when logging messages from
59	.Nm .	79	.Nm .