[patch] sftp-server basepath [yet another]

This is a discussion on [patch] sftp-server basepath [yet another] within the OpenSSH Development forums, part of the Networking and Network Related category; --82I3+IH0IqGh5yIs Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hi, I made this simple path to make ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page [patch] sftp-server basepath [yet another]

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 09-01-2007
Bruno Cesar Ribas
 
Posts: n/a
Default [patch] sftp-server basepath [yet another]

--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

Hi,

I made this simple path to make sftp-server restricted to a basepath!

This was done because use sshfs [wich base is sftp-server] to allow people
access medias [ cdrom,dvdrom, floppy, usb] from x-terms.

Those x-terms [ diskless] does not have all users, so we share a single user
and a DSA empty passphrase, with some acl scipts at .ssh/authorized keys.

Main usage of this patch is to NOT allow a user who mounted a floppy access
other mounted media from another user.

Usage:
sftp-server -b <path>

My page includes this path: http://www.inf.ufpr.br/ribas/sshfs_help/

And it is attached too.

Thanks for atention

Bruno Ribas
--
Bruno Ribas - ribas@c3sl.ufpr.br
http://web.inf.ufpr.br/ribas
C3SL: http://www.c3sl.ufpr.br

--82I3+IH0IqGh5yIs
Content-Type: text/x-diff; charset=utf-8
Content-Disposition: attachment; filename="sftp-server.c.patch"

--- openssh-4.6p1.orig/sftp-server.c 2007-01-05 03:31:03.000000000 -0200
+++ openssh-4.6p1/sftp-server.c 2007-09-01 16:35:30.109167610 -0300
@@ -53,6 +53,9 @@
/* Our verbosity */
LogLevel log_level = SYSLOG_LEVEL_ERROR;

+/* Our basepath */
+char *basepath="/";
+
/* Our client */
struct passwd *pw = NULL;
char *client_addr = NULL;
@@ -811,7 +814,15 @@
path = get_string(NULL);
debug3("request %u: opendir", id);
logit("opendir \"%s\"", path);
- dirp = opendir(path);
+
+ if(strncmp(basepath,realpath(path,NULL),strlen(bas epath))==0) {
+ logit("opendir: access to \"%s\" granted",path);
+ dirp = opendir(path);
+ } else {
+ logit("opendir \"%s\" out of \"%s\"",path,basepath);
+ errno=EACCES;
+ }
+
if (dirp == NULL) {
status = errno_to_portable(errno);
} else {
@@ -1222,7 +1233,7 @@
__progname = ssh_get_progname(argv[0]);
log_init(__progname, log_level, log_facility, log_stderr);

- while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
+ while (!skipargs && (ch = getopt(argc, argv, "C:f:l:b:che")) != -1) {
switch (ch) {
case 'c':
/*
@@ -1244,6 +1255,12 @@
if (log_level == SYSLOG_FACILITY_NOT_SET)
error("Invalid log facility \"%s\"", optarg);
break;
+ case 'b':
+ /*
+ * Set's base path to sftp-server
+ */
+ basepath=xstrdup(optarg);
+ break;
case 'h':
default:
usage();

--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

--82I3+IH0IqGh5yIs--
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 05:25 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0