View | Details | Raw Unified | Return to bug 177 | Differences between
and this patch

Collapse All | Expand All

(-)sftp-server.8 (+20 lines)
Lines 30-35 Link Here
30
.Nd SFTP server subsystem
30
.Nd SFTP server subsystem
31
.Sh SYNOPSIS
31
.Sh SYNOPSIS
32
.Nm sftp-server
32
.Nm sftp-server
33
.Op Fl C Ar chroot_path
33
.Op Fl f Ar log_facility
34
.Op Fl f Ar log_facility
34
.Op Fl l Ar log_level
35
.Op Fl l Ar log_level
35
.Sh DESCRIPTION
36
.Sh DESCRIPTION
Lines 54-59 for more information. Link Here
54
.Pp
55
.Pp
55
Valid options are:
56
Valid options are:
56
.Bl -tag -width Ds
57
.Bl -tag -width Ds
58
.It Fl C Ar chroot_path
59
Requests that
60
.Nm
61
.Xr chroot 2
62
itself to the specified path prior to processing requests from the user.
63
The
64
.Ar chroot_path
65
use the tilde syntax to refer to a user's home directory or one of the
66
following
67
escape characters:
68
.Ql %d
69
(local user's home directory) or
70
.Ql %g
71
(local user's primary group name).
72
Note that
73
.Xr chroot 2
74
support requires
75
.Nm
76
to be installed setuid root.
57
.It Fl f Ar log_facility
77
.It Fl f Ar log_facility
58
Specifies the facility code that is used when logging messages from
78
Specifies the facility code that is used when logging messages from
59
.Nm .
79
.Nm .
(-)sftp-server.c (-1 / +39 lines)
Lines 32-37 Link Here
32
#include <stdio.h>
32
#include <stdio.h>
33
#include <string.h>
33
#include <string.h>
34
#include <pwd.h>
34
#include <pwd.h>
35
#include <grp.h>
35
#include <time.h>
36
#include <time.h>
36
#include <unistd.h>
37
#include <unistd.h>
37
#include <stdarg.h>
38
#include <stdarg.h>
Lines 1185-1190 process(void) Link Here
1185
		buffer_consume(&iqueue, msg_len - consumed);
1186
		buffer_consume(&iqueue, msg_len - consumed);
1186
}
1187
}
1187
1188
1189
static void
1190
do_chroot(const char *chroot_path_template)
1191
{
1192
	char *cp, *chroot_path;
1193
	struct group *gr;
1194
1195
	if ((gr = getgrgid(pw->pw_gid)) == NULL)
1196
		fatal("No group found for gid %lu", (u_long)pw->pw_gid);
1197
1198
	cp = percent_expand(chroot_path_template, "d", pw->pw_dir,
1199
	    "u", pw->pw_name, "g", gr->gr_name, (char *)NULL);
1200
	chroot_path = tilde_expand_filename(cp, getuid());
1201
	xfree(cp);
1202
1203
	logit("chroot to %s", chroot_path);
1204
1205
	/* Ensure the user has rights to access the chroot path first */
1206
	temporarily_use_uid(pw);
1207
	if (chdir(chroot_path) == -1)
1208
		fatal("chdir(\"%s\"): %s", chroot_path, strerror(errno));
1209
	restore_uid();
1210
1211
	if (chroot(chroot_path) == -1)
1212
		fatal("chroot(\"%s\"): %s", chroot_path, strerror(errno));
1213
	if (chdir("/") == -1)
1214
		fatal("chdir(\"/\"): %s", strerror(errno));
1215
	xfree(chroot_path);
1216
}
1217
1188
/* Cleanup handler that logs active handles upon normal exit */
1218
/* Cleanup handler that logs active handles upon normal exit */
1189
void
1219
void
1190
cleanup_exit(int i)
1220
cleanup_exit(int i)
Lines 1214-1220 main(int argc, char **argv) Link Here
1214
	int in, out, max, ch, skipargs = 0, log_stderr = 0;
1244
	int in, out, max, ch, skipargs = 0, log_stderr = 0;
1215
	ssize_t len, olen, set_size;
1245
	ssize_t len, olen, set_size;
1216
	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1246
	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1217
	char *cp, buf[4*4096];
1247
	char *cp, buf[4*4096], *chroot_path = NULL;
1218
1248
1219
	extern char *optarg;
1249
	extern char *optarg;
1220
	extern char *__progname;
1250
	extern char *__progname;
Lines 1227-1232 main(int argc, char **argv) Link Here
1227
1257
1228
	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
1258
	while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
1229
		switch (ch) {
1259
		switch (ch) {
1260
		case 'C':
1261
			chroot_path = optarg;
1262
			break;
1230
		case 'c':
1263
		case 'c':
1231
			/*
1264
			/*
1232
			 * Ignore all arguments if we are invoked as a
1265
			 * Ignore all arguments if we are invoked as a
Lines 1271-1276 main(int argc, char **argv) Link Here
1271
	logit("session opened for local user %s from [%s]",
1304
	logit("session opened for local user %s from [%s]",
1272
	    pw->pw_name, client_addr);
1305
	    pw->pw_name, client_addr);
1273
1306
1307
	if (chroot_path != NULL)
1308
		do_chroot(chroot_path);
1309
	if (getuid() != geteuid())
1310
		permanently_set_uid(pw);
1311
		
1274
	handle_init();
1312
	handle_init();
1275
1313
1276
	in = dup(STDIN_FILENO);
1314
	in = dup(STDIN_FILENO);

Return to bug 177