/*
* XXX: I CANT INTO LATIN
*/
static void
capsicate(struct connection *conn)
{
int error;
cap_rights_t rights;
#ifdef ICL_KERNEL_PROXY
const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE,
ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE
};
#else
const unsigned long cmds[] = { ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD,
ISCSISREMOVE
};
#endif
cap_rights_init(&rights, CAP_IOCTL);
error = cap_rights_limit(conn->conn_iscsi_fd, &rights);
if (error != 0 && errno != ENOSYS)
log_err(1, "cap_rights_limit");
error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds,
sizeof(cmds) / sizeof(cmds[0]));
if (error != 0 && errno != ENOSYS)
log_err(1, "cap_ioctls_limit");
error = cap_enter();
if (error != 0 && errno != ENOSYS)
log_err(1, "cap_enter");
if (cap_sandboxed())
log_debugx("Capsicum capability mode enabled");
else
log_warnx("Capsicum capability mode not supported");
}
int
pkg_sshserve(int fd)
{
struct stat st;
char *line = NULL;
char *file, *age;
size_t linecap = 0, r;
ssize_t linelen;
time_t mtime = 0;
const char *errstr;
int ffd;
char buf[BUFSIZ];
char fpath[MAXPATHLEN];
char rpath[MAXPATHLEN];
const char *restricted = NULL;
restricted = pkg_object_string(pkg_config_get("SSH_RESTRICT_DIR"));
printf("ok: pkg "PKGVERSION"\n");
for (;;) {
if ((linelen = getline(&line, &linecap, stdin)) < 0)
break;
if (linelen == 0)
continue;
/* trim cr */
if (line[linelen - 1] == '\n')
line[linelen - 1] = '\0';
if (strcmp(line, "quit") == 0)
return (EPKG_OK);
if (strncmp(line, "get ", 4) != 0) {
printf("ko: unknown command '%s'\n", line);
continue;
}
file = line + 4;
if (*file == '/')
file++;
else if (*file == '\0') {
printf("ko: bad command get, expecting 'get file age'\n");
continue;
}
pkg_debug(1, "SSH server> file requested: %s", file);
age = file;
while (!isspace(*age)) {
if (*age == '\0') {
age = NULL;
break;
}
age++;
}
if (age == NULL) {
printf("ko: bad command get, expecting 'get file age'\n");
continue;
}
*age = '\0';
age++;
while (isspace(*age)) {
if (*age == '\0') {
age = NULL;
break;
}
age++;
}
if (age == NULL) {
printf("ko: bad command get, expecting 'get file age'\n");
continue;
}
mtime = strtonum(age, 0, LONG_MAX, &errstr);
if (errstr) {
printf("ko: bad number %s: %s\n", age, errstr);
continue;
}
#ifdef HAVE_CAPSICUM
if (!cap_sandboxed() && restricted != NULL) {
#else
if (restricted != NULL) {
#endif
chdir(restricted);
if (realpath(file, fpath) == NULL ||
realpath(restricted, rpath) == NULL ||
strncmp(fpath, rpath, strlen(rpath)) != 0) {
printf("ko: file not found\n");
continue;
}
}
if (fstatat(fd, file, &st, 0) == -1) {
pkg_debug(1, "SSH server> fstatat failed");
printf("ko: file not found\n");
continue;
}
if (!S_ISREG(st.st_mode)) {
printf("ko: not a file\n");
continue;
}
if (st.st_mtime <= mtime) {
printf("ok: 0\n");
continue;
}
if ((ffd = openat(fd, file, O_RDONLY)) == -1) {
printf("ko: file not found\n");
continue;
}
printf("ok: %" PRIdMAX "\n", (intmax_t)st.st_size);
pkg_debug(1, "SSH server> sending ok: %" PRIdMAX "", (intmax_t)st.st_size);
while ((r = read(ffd, buf, sizeof(buf))) > 0) {
pkg_debug(1, "SSH server> sending data");
fwrite(buf, 1, r, stdout);
}
pkg_debug(1, "SSH server> finished");
close(ffd);
}
free(line);
return (EPKG_OK);
}
