Date: Thu, 4 Jan 2001 10:51:52 -0300 (ART) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: Daniel Hagan <dhagan@colltech.com> Cc: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>, Warner Losh <imp@bsdimp.com>, Roman Shterenzon <roman@xpert.com>, audit@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG, greid@dogma.freebsd-uk.eu.org Subject: Re: bin/23944: Proposed modification to ftpd Message-ID: <200101041351.KAA96373@ns1.via-net-works.net.ar> In-Reply-To: <3A536F7C.71DA4C2E@colltech.com> "from Daniel Hagan at Jan 3, 2001 01:29:16 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
--ELM978616312-93709-0_
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=ISO-8859-1
En un mensaje anterior, Daniel Hagan escribió:
> I've been poking around GNATS today, and I noticed misc/24034, a
> semi-related patch. If this (bin/23944) gets committed, someone needs
> to update the code from 24034 as well.
The patch I'm attaching contains a reworked version of my original
patch and a fix for misc/24034 under the new scenario. The only
problem is they are against 4.2-RELEASE, and thus ftpcmd.y 1.16.2.1
(I can't follow -stable at the moment).
Anyway, from what cvsweb reveals, there shouldn't be any trouble
making it fit in the current version.
Regards.
Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fschapachnik@vianetworks.com.ar
Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA
--ELM978616312-93709-0_
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: attachment; filename=ftpd.patch
--- ftpd.c.orig Mon Oct 23 17:57:54 2000
+++ ftpd.c Thu Jan 4 10:27:39 2001
@@ -139,6 +139,7 @@
int anon_only = 0; /* Only anonymous ftp allowed */
int guest;
int dochroot;
+char *cd_dir, *chroot_dir;
int stats;
int statfd = -1;
int type;
@@ -185,6 +186,9 @@
char *pid_file = NULL;
+/* WARNING: FTP_CHROOT_SEPARATOR *MUST* end in / */
+#define FTP_CHROOT_SEPARATOR "/./"
+
/*
* Timeout intervals for retrying connections
* to hosts that don't accept PORT cmds. This
@@ -248,6 +252,7 @@
static char *sgetsave __P((char *));
static void reapchild __P((int));
static void logxfer __P((char *, long, long));
+static void get_chroot_and_cd_dirs __P((char *, char **, char **));
static char *
curdir()
@@ -1027,6 +1032,8 @@
logged_in = 0;
guest = 0;
dochroot = 0;
+ free(chroot_dir);
+ free(cd_dir);
}
#if !defined(NOPAM)
@@ -1291,10 +1298,13 @@
goto bad;
}
} else if (dochroot) {
- if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+ get_chroot_and_cd_dirs(pw->pw_dir, &chroot_dir, &cd_dir);
+ if (chroot(chroot_dir) < 0 || chdir(cd_dir) < 0) {
reply(550, "Can't change root.");
goto bad;
}
+ free(chroot_dir);
+ free(cd_dir);
} else if (chdir(pw->pw_dir) < 0) {
if (chdir("/") < 0) {
reply(530, "User %s: can't change directory to %s.",
@@ -2789,5 +2799,50 @@
ctime(&now)+4, ident, remotehost,
path, name, size, now - start + (now == start));
write(statfd, buf, strlen(buf));
+ }
+}
+
+/*
+ * Make a pointer to the chroot dir and another to the cd dir.
+ * The first is all the path up to the first FTP_CHROOT_SEPARATOR.
+ * The later is the remaining chars, not including the FTP_CHROOT_SEPARATOR,
+ * but prepending a '/', if FTP_CHROOT_SEPARATOR is found.
+ * Otherwise, return user_home_dir as chroot_dir and "/" as cd_dir.
+ */
+static void
+get_chroot_and_cd_dirs(user_home_dir, chroot_dir, cd_dir)
+ char *user_home_dir;
+ char **chroot_dir;
+ char **cd_dir;
+{
+ char *p;
+
+ /* Make a pointer to first character of string FTP_CHROOT_SEPARATOR
+ inside user_home_dir. */
+ p = (char *) strstr(user_home_dir, FTP_CHROOT_SEPARATOR);
+ if (p == NULL) {
+ /*
+ * There is not FTP_CHROOT_SEPARATOR string inside
+ * user_home_dir. Return user_home_dir as chroot_dir,
+ * and "/" as cd_dir.
+ */
+ if ((*chroot_dir = (char *) strdup(user_home_dir)) == NULL)
+ fatal("Ran out of memory.");
+ if ((*cd_dir = (char *) strdup("/")) == NULL)
+ fatal("Ran out of memory.");
+ } else {
+ /*
+ * Use strlen(user_home_dir) as maximun length for
+ * both cd_dir and chroot_dir, as both are substrings of
+ * user_home_dir.
+ */
+ if ((*chroot_dir = malloc(strlen(user_home_dir))) == NULL)
+ fatal("Ran out of memory.");
+ if ((*cd_dir = malloc(strlen(user_home_dir))) == NULL)
+ fatal("Ran out of memory.");
+ (void) strncpy(*chroot_dir, user_home_dir, p-user_home_dir);
+ /* Skip FTP_CHROOT_SEPARATOR (except the last /). */
+ p += strlen(FTP_CHROOT_SEPARATOR)-1;
+ (void) strncpy(*cd_dir, p, strlen(p));
}
}
--- ftpcmd.y.orig Thu Jan 4 09:52:32 2001
+++ ftpcmd.y Thu Jan 4 10:30:40 2001
@@ -90,6 +90,8 @@
extern int usedefault;
extern int transflag;
extern char tmpline[];
+extern int dochroot;
+extern char *cd_dir, *chroot_dir;
off_t restart_point;
@@ -500,8 +502,14 @@
}
| CWD check_login CRLF
{
- if ($2)
- cwd(pw->pw_dir);
+ if ($2) {
+ if (guest)
+ cwd("/");
+ else if (dochroot) {
+ cwd(cd_dir);
+ } else
+ cwd(pw->pw_dir);
+ }
}
| CWD check_login SP pathname CRLF
{
--- ftpd.8.orig Fri Dec 29 12:53:21 2000
+++ ftpd.8 Fri Dec 29 12:55:51 2000
@@ -298,13 +298,14 @@
or the user is a member of a group with a group entry in this file,
i.e. one prefixed with
.Ql \&@ ,
-the session's root will be changed to the user's login directory by
+the session's root will be changed to the user's login directory (up to the first /./) by
.Xr chroot 2
as for an
.Dq anonymous
or
.Dq ftp
account (see next item).
+The user is placed into the directory that remainds after stripping the former from the user's login directory.
This facility may also be triggered by enabling the boolean "ftp-chroot"
capability in
.Xr login.conf 5 .
--ELM978616312-93709-0_--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101041351.KAA96373>