/* * XXX: I CANT INTO LATIN */ static void capsicate(struct connection *conn) { int error; cap_rights_t rights; #ifdef ICL_KERNEL_PROXY const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE, ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE }; #else const unsigned long cmds[] = { ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE }; #endif cap_rights_init(&rights, CAP_IOCTL); error = cap_rights_limit(conn->conn_iscsi_fd, &rights); if (error != 0 && errno != ENOSYS) log_err(1, "cap_rights_limit"); error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds, sizeof(cmds) / sizeof(cmds[0])); if (error != 0 && errno != ENOSYS) log_err(1, "cap_ioctls_limit"); error = cap_enter(); if (error != 0 && errno != ENOSYS) log_err(1, "cap_enter"); if (cap_sandboxed()) log_debugx("Capsicum capability mode enabled"); else log_warnx("Capsicum capability mode not supported"); }
int pkg_sshserve(int fd) { struct stat st; char *line = NULL; char *file, *age; size_t linecap = 0, r; ssize_t linelen; time_t mtime = 0; const char *errstr; int ffd; char buf[BUFSIZ]; char fpath[MAXPATHLEN]; char rpath[MAXPATHLEN]; const char *restricted = NULL; restricted = pkg_object_string(pkg_config_get("SSH_RESTRICT_DIR")); printf("ok: pkg "PKGVERSION"\n"); for (;;) { if ((linelen = getline(&line, &linecap, stdin)) < 0) break; if (linelen == 0) continue; /* trim cr */ if (line[linelen - 1] == '\n') line[linelen - 1] = '\0'; if (strcmp(line, "quit") == 0) return (EPKG_OK); if (strncmp(line, "get ", 4) != 0) { printf("ko: unknown command '%s'\n", line); continue; } file = line + 4; if (*file == '/') file++; else if (*file == '\0') { printf("ko: bad command get, expecting 'get file age'\n"); continue; } pkg_debug(1, "SSH server> file requested: %s", file); age = file; while (!isspace(*age)) { if (*age == '\0') { age = NULL; break; } age++; } if (age == NULL) { printf("ko: bad command get, expecting 'get file age'\n"); continue; } *age = '\0'; age++; while (isspace(*age)) { if (*age == '\0') { age = NULL; break; } age++; } if (age == NULL) { printf("ko: bad command get, expecting 'get file age'\n"); continue; } mtime = strtonum(age, 0, LONG_MAX, &errstr); if (errstr) { printf("ko: bad number %s: %s\n", age, errstr); continue; } #ifdef HAVE_CAPSICUM if (!cap_sandboxed() && restricted != NULL) { #else if (restricted != NULL) { #endif chdir(restricted); if (realpath(file, fpath) == NULL || realpath(restricted, rpath) == NULL || strncmp(fpath, rpath, strlen(rpath)) != 0) { printf("ko: file not found\n"); continue; } } if (fstatat(fd, file, &st, 0) == -1) { pkg_debug(1, "SSH server> fstatat failed"); printf("ko: file not found\n"); continue; } if (!S_ISREG(st.st_mode)) { printf("ko: not a file\n"); continue; } if (st.st_mtime <= mtime) { printf("ok: 0\n"); continue; } if ((ffd = openat(fd, file, O_RDONLY)) == -1) { printf("ko: file not found\n"); continue; } printf("ok: %" PRIdMAX "\n", (intmax_t)st.st_size); pkg_debug(1, "SSH server> sending ok: %" PRIdMAX "", (intmax_t)st.st_size); while ((r = read(ffd, buf, sizeof(buf))) > 0) { pkg_debug(1, "SSH server> sending data"); fwrite(buf, 1, r, stdout); } pkg_debug(1, "SSH server> finished"); close(ffd); } free(line); return (EPKG_OK); }