Attachment #1678 for bug #1593




/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */

/*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
#ifndef CHROOTENV_H
#define CHROOTENV_H

extern int	chroot_no_tree;

#endif


Lines 119-124 void do_child(Session , const char ); Link Here

(-)openssh-5.2p1/session.c.homechroot (-3 / +19 lines)
119	void do_motd(void);	119	void do_motd(void);
120	int check_quietlogin(Session , const char );	120	int check_quietlogin(Session , const char );
121		121
		122	int chroot_no_tree = 0;
		123
122	static void do_authenticated1(Authctxt *);	124	static void do_authenticated1(Authctxt *);
123	static void do_authenticated2(Authctxt *);	125	static void do_authenticated2(Authctxt *);
124		126
Lines 802-807 do_exec(Session s, const char command) Link Here
802	debug("Forced command (key option) '%.900s'", command);	804	debug("Forced command (key option) '%.900s'", command);
803	}	805	}
804		806
		807	if ((s->is_subsystem != SUBSYSTEM_INT_SFTP) && chroot_no_tree) {
		808	logit("You aren't welcomed, go away!");
		809	exit (1);
		810	}
		811
805	#ifdef SSH_AUDIT_EVENTS	812	#ifdef SSH_AUDIT_EVENTS
806	if (command != NULL)	813	if (command != NULL)
807	PRIVSEP(audit_run_command(command));	814	PRIVSEP(audit_run_command(command));
Lines 1408-1413 safely_chroot(const char *path, uid_t ui Link Here
1408	const char *cp;	1415	const char *cp;
1409	char component[MAXPATHLEN];	1416	char component[MAXPATHLEN];
1410	struct stat st;	1417	struct stat st;
		1418	int last;
1411		1419
1412	if (*path != '/')	1420	if (*path != '/')
1413	fatal("chroot path does not begin at root");	1421	fatal("chroot path does not begin at root");
Lines 1419-1425 safely_chroot(const char *path, uid_t ui Link Here
1419	* root-owned directory with strict permissions.	1427	* root-owned directory with strict permissions.
1420	*/	1428	*/
1421	for (cp = path; cp != NULL;) {	1429	for (cp = path; cp != NULL;) {
1422	if ((cp = strchr(cp, '/')) == NULL)	1430	if (((last = ((cp = strchr(cp, '/')) == NULL))))
1423	strlcpy(component, path, sizeof(component));	1431	strlcpy(component, path, sizeof(component));
1424	else {	1432	else {
1425	cp++;	1433	cp++;
Lines 1432-1446 safely_chroot(const char *path, uid_t ui Link Here
1432	if (stat(component, &st) != 0)	1440	if (stat(component, &st) != 0)
1433	fatal("%s: stat(\"%s\"): %s", __func__,	1441	fatal("%s: stat(\"%s\"): %s", __func__,
1434	component, strerror(errno));	1442	component, strerror(errno));
1435	if (st.st_uid != 0 \|\| (st.st_mode & 022) != 0)	1443	if ((st.st_uid != 0 \|\| (st.st_mode & 022) != 0) && !(last && st.st_uid == uid))
1436	fatal("bad ownership or modes for chroot "	1444	fatal("bad ownership or modes for chroot "
1437	"directory %s\"%s\"",	1445	"directory %s\"%s\"",
1438	cp == NULL ? "" : "component ", component);	1446	cp == NULL ? "" : "component ", component);
1439	if (!S_ISDIR(st.st_mode))	1447	if (!S_ISDIR(st.st_mode))
1440	fatal("chroot path %s\"%s\" is not a directory",	1448	fatal("chroot path %s\"%s\" is not a directory",
1441	cp == NULL ? "" : "component ", component);	1449	cp == NULL ? "" : "component ", component);
1442
1443	}	1450	}
		1451	setenv ("TZ", "/etc/localtime", 0);
		1452	tzset ();
		1453
		1454	if (st.st_uid != uid)
		1455	++chroot_no_tree;
1444		1456
1445	if (chdir(path) == -1)	1457	if (chdir(path) == -1)
1446	fatal("Unable to chdir to chroot path \"%s\": "	1458	fatal("Unable to chdir to chroot path \"%s\": "
Lines 1450-1455 safely_chroot(const char *path, uid_t ui Link Here
1450	if (chdir("/") == -1)	1462	if (chdir("/") == -1)
1451	fatal("%s: chdir(/) after chroot: %s",	1463	fatal("%s: chdir(/) after chroot: %s",
1452	__func__, strerror(errno));	1464	__func__, strerror(errno));
		1465
		1466	if (access ("/etc/localtime", R_OK) < 0)
		1467	++chroot_no_tree;
		1468
1453	verbose("Changed root directory to \"%s\"", path);	1469	verbose("Changed root directory to \"%s\"", path);
1454	}	1470	}
1455		1471

Lines 94-99 int remote_glob(struct sftp_conn *, cons Link Here

(-)openssh-5.2p1/sftp.c.homechroot (+2 lines)
94		94
95	extern char *__progname;	95	extern char *__progname;
96		96
		97	int chroot_no_tree = 0;
		98
97	/* Separators for interactive commands */	99	/* Separators for interactive commands */
98	#define WHITESPACE " \t\r\n"	100	#define WHITESPACE " \t\r\n"
99		101




#include "xmalloc.h"
#include "buffer.h"
#include "log.h"
#include "chrootenv.h"

#include "sftp.h"
#include "sftp-common.h"

	char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];

	strmode(st->st_mode, mode);
	if (!remote && !chroot_no_tree && (pw = getpwuid(st->st_uid)) != NULL) {
		user = pw->pw_name;
	} else {
		snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
		user = ubuf;
	}
	if (!remote && !chroot_no_tree && (gr = getgrgid(st->st_gid)) != NULL) {
		group = gr->gr_name;
	} else {
		snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);

Lines 22-32 Link Here

(-)openssh-5.2p1/sftp-server-main.c.homechroot (+3 lines)
22	#include <stdarg.h>	22	#include <stdarg.h>
23	#include <stdio.h>	23	#include <stdio.h>
24	#include <unistd.h>	24	#include <unistd.h>
		25	#include <time.h>
25		26
26	#include "log.h"	27	#include "log.h"
27	#include "sftp.h"	28	#include "sftp.h"
28	#include "misc.h"	29	#include "misc.h"
29		30
		31	int chroot_no_tree = 0;
		32
30	void	33	void
31	cleanup_exit(int i)	34	cleanup_exit(int i)
32	{	35	{

Return to bug 1593

Added Link Here

(-)/dev/null (+32 lines)
1	/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
2
3	/*
4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	* 1. Redistributions of source code must retain the above copyright
10	* notice, this list of conditions and the following disclaimer.
11	* 2. Redistributions in binary form must reproduce the above copyright
12	* notice, this list of conditions and the following disclaimer in the
13	* documentation and/or other materials provided with the distribution.
14	*
15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25	*/
26	#ifndef CHROOTENV_H
27	#define CHROOTENV_H
28
29	extern int chroot_no_tree;
30
31	#endif
32

Lines 40-45 Link Here

(-)openssh-5.2p1/sftp-common.c.homechroot (-2 / +3 lines)
40	#include "xmalloc.h"	40	#include "xmalloc.h"
41	#include "buffer.h"	41	#include "buffer.h"
42	#include "log.h"	42	#include "log.h"
		43	#include "chrootenv.h"
43		44
44	#include "sftp.h"	45	#include "sftp.h"
45	#include "sftp-common.h"	46	#include "sftp-common.h"
Lines 194-206 ls_file(const char *name, const struct s Link Here
194	char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];	195	char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
195		196
196	strmode(st->st_mode, mode);	197	strmode(st->st_mode, mode);
197	if (!remote && (pw = getpwuid(st->st_uid)) != NULL) {	198	if (!remote && !chroot_no_tree && (pw = getpwuid(st->st_uid)) != NULL) {
198	user = pw->pw_name;	199	user = pw->pw_name;
199	} else {	200	} else {
200	snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);	201	snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
201	user = ubuf;	202	user = ubuf;
202	}	203	}
203	if (!remote && (gr = getgrgid(st->st_gid)) != NULL) {	204	if (!remote && !chroot_no_tree && (gr = getgrgid(st->st_gid)) != NULL) {
204	group = gr->gr_name;	205	group = gr->gr_name;
205	} else {	206	} else {
206	snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);	207	snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);