remove duplicate code and raise permissions for chroot

2022-08-29 09:22:54 -07:00 · 2022-08-29 09:22:54 -07:00 · 8a286ad727
parent e1f0a67c38
commit 8a286ad727
2 changed files with 23 additions and 12 deletions
--- a/apps/wolfsshd/configuration.c
+++ b/apps/wolfsshd/configuration.c
@ -255,12 +255,6 @@ static WOLFSSHD_CONFIG* wolfSSHD_ConfigCopy(WOLFSSHD_CONFIG* conf)
                                        newConf->heap);
        }

-        if (ret == WS_SUCCESS && conf->chrootDir) {
-            ret = CreateString(&newConf->chrootDir, conf->chrootDir,
-                                        (int)WSTRLEN(conf->chrootDir),
-                                        newConf->heap);
-        }
-
        if (ret == WS_SUCCESS) {
            newConf->loginTimer   = conf->loginTimer;
            newConf->port         = conf->port;
@ -286,8 +280,14 @@ void wolfSSHD_ConfigFree(WOLFSSHD_CONFIG* conf)
        WOLFSSHD_CONFIG* next = current->next;
        heap = current->heap;

-        FreeString(&current->authKeysFile, heap);
-        FreeString(&current->hostKeyFile, heap);
+        FreeString(&current->banner,    heap);
+        FreeString(&current->chrootDir, heap);
+        FreeString(&current->ciphers,   heap);
+        FreeString(&current->kekAlgos,  heap);
+        FreeString(&current->hostKeyAlgos,  heap);
+        FreeString(&current->listenAddress, heap);
+        FreeString(&current->authKeysFile,  heap);
+        FreeString(&current->hostKeyFile,   heap);

        WFREE(current, heap, DYNTYPE_SSHD);
        current = next;
@ -321,7 +321,7 @@ enum {
    OPT_INCLUDE                 = 16,
    OPT_CHROOT_DIR              = 17,
    OPT_MATCH                   = 18,
-    OPT_FORCE_CMD              = 19,
+    OPT_FORCE_CMD               = 19,
 };
 enum {
    NUM_OPTIONS = 20
--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@ -679,11 +679,22 @@ static void* HandleConnection(void* arg)
        /* check for chroot set */
        cmd = wolfSSHD_ConfigGetChroot(usrConf);
        if (cmd != NULL) {
-            if (chroot(cmd) != 0) {
-                wolfSSH_Log(WS_LOG_ERROR,
-                    "[SSHD] chroot failed to path  %s", cmd);
+            if (wolfSSHD_AuthRaisePermissions(conn->auth) != WS_SUCCESS) {
+                wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Failure to raise permissions "
+                    "for auth");
                ret = WS_FATAL_ERROR;
            }
+            else {
+                if (chroot(cmd) != 0) {
+                    wolfSSH_Log(WS_LOG_ERROR,
+                        "[SSHD] chroot failed to path  %s", cmd);
+                    ret = WS_FATAL_ERROR;
+                }
+
+                if (wolfSSHD_AuthReducePermissions(conn->auth) != WS_SUCCESS) {
+                    exit(1);
+                }
+        }

        #ifdef WOLFSSH_SFTP
            if (ret == WS_SFTP_COMPLETE) {