WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

remove duplicate code and raise permissions for chroot

pull/441/head
JacobBarthelmeh 2022-08-29 09:22:54 -07:00
parent e1f0a67c38
commit 8a286ad727
2 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
apps/wolfsshd/configuration.c
View File

@ -255,12 +255,6 @@ static WOLFSSHD_CONFIG* wolfSSHD_ConfigCopy(WOLFSSHD_CONFIG* conf)
newConf->heap); newConf->heap);
} }
if (ret == WS_SUCCESS && conf->chrootDir) {
ret = CreateString(&newConf->chrootDir, conf->chrootDir,
(int)WSTRLEN(conf->chrootDir),
newConf->heap);
}
if (ret == WS_SUCCESS) { if (ret == WS_SUCCESS) {
newConf->loginTimer = conf->loginTimer; newConf->loginTimer = conf->loginTimer;
newConf->port = conf->port; newConf->port = conf->port;
@ -286,8 +280,14 @@ void wolfSSHD_ConfigFree(WOLFSSHD_CONFIG* conf)
WOLFSSHD_CONFIG* next = current->next; WOLFSSHD_CONFIG* next = current->next;
heap = current->heap; heap = current->heap;
FreeString(&current->authKeysFile, heap); FreeString(&current->banner, heap);
FreeString(&current->hostKeyFile, heap); FreeString(&current->chrootDir, heap);
FreeString(&current->ciphers, heap);
FreeString(&current->kekAlgos, heap);
FreeString(&current->hostKeyAlgos, heap);
FreeString(&current->listenAddress, heap);
FreeString(&current->authKeysFile, heap);
FreeString(&current->hostKeyFile, heap);
WFREE(current, heap, DYNTYPE_SSHD); WFREE(current, heap, DYNTYPE_SSHD);
current = next; current = next;
@ -321,7 +321,7 @@ enum {
OPT_INCLUDE = 16, OPT_INCLUDE = 16,
OPT_CHROOT_DIR = 17, OPT_CHROOT_DIR = 17,
OPT_MATCH = 18, OPT_MATCH = 18,
OPT_FORCE_CMD = 19, OPT_FORCE_CMD = 19,
}; };
enum { enum {
NUM_OPTIONS = 20 NUM_OPTIONS = 20

17
apps/wolfsshd/wolfsshd.c
View File

@ -679,11 +679,22 @@ static void* HandleConnection(void* arg)
/* check for chroot set */ /* check for chroot set */
cmd = wolfSSHD_ConfigGetChroot(usrConf); cmd = wolfSSHD_ConfigGetChroot(usrConf);
if (cmd != NULL) { if (cmd != NULL) {
if (chroot(cmd) != 0) { if (wolfSSHD_AuthRaisePermissions(conn->auth) != WS_SUCCESS) {
wolfSSH_Log(WS_LOG_ERROR, wolfSSH_Log(WS_LOG_ERROR, "[SSHD] Failure to raise permissions "
"[SSHD] chroot failed to path %s", cmd); "for auth");
ret = WS_FATAL_ERROR; ret = WS_FATAL_ERROR;
} }
else {
if (chroot(cmd) != 0) {
wolfSSH_Log(WS_LOG_ERROR,
"[SSHD] chroot failed to path %s", cmd);
ret = WS_FATAL_ERROR;
}
if (wolfSSHD_AuthReducePermissions(conn->auth) != WS_SUCCESS) {
exit(1);
}
}
#ifdef WOLFSSH_SFTP #ifdef WOLFSSH_SFTP
if (ret == WS_SFTP_COMPLETE) { if (ret == WS_SFTP_COMPLETE) {