Branch data Line data Source code
1 : : /*- 2 : : * Copyright (c) 2011-2013 Baptiste Daroussin <bapt@FreeBSD.org> 3 : : * All rights reserved. 4 : : * 5 : : * Redistribution and use in source and binary forms, with or without 6 : : * modification, are permitted provided that the following conditions 7 : : * are met: 8 : : * 1. Redistributions of source code must retain the above copyright 9 : : * notice, this list of conditions and the following disclaimer 10 : : * in this position and unchanged. 11 : : * 2. Redistributions in binary form must reproduce the above copyright 12 : : * notice, this list of conditions and the following disclaimer in the 13 : : * documentation and/or other materials provided with the distribution. 14 : : * 15 : : * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 16 : : * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 : : * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 : : * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 19 : : * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 : : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 : : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 : : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 : : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 : : * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 : : */ 26 : : 27 : : #ifdef HAVE_CONFIG_H 28 : : #include "pkg_config.h" 29 : : #endif 30 : : 31 : : #ifdef HAVE_CAPSICUM 32 : : #include <sys/capsicum.h> 33 : : #endif 34 : : 35 : : #include <stdio.h> 36 : : #include <unistd.h> 37 : : #include <fcntl.h> 38 : : #include <err.h> 39 : : #include <errno.h> 40 : : 41 : : #include <pkg.h> 42 : : 43 : : #include "pkgcli.h" 44 : : 45 : : void 46 : 0 : usage_ssh(void) 47 : : { 48 : 0 : fprintf(stderr, "Usage: pkg ssh\n\n"); 49 : 0 : fprintf(stderr, "For more information see 'pkg help ssh'.\n"); 50 : 0 : } 51 : : 52 : : int 53 : 0 : exec_ssh(int argc, char **argv __unused) 54 : : { 55 : 0 : int fd = -1; 56 : 0 : const char *restricted = NULL; 57 : : 58 : : #ifdef HAVE_CAPSICUM 59 : : cap_rights_t rights; 60 : : #endif 61 : : 62 [ # # ]: 0 : if (argc > 1) { 63 : 0 : usage_ssh(); 64 : 0 : return (EXIT_FAILURE); 65 : : } 66 : : 67 : 0 : restricted = pkg_object_string(pkg_config_get("SSH_RESTRICT_DIR")); 68 [ # # ]: 0 : if (restricted == NULL) 69 : 0 : restricted = "/"; 70 : : 71 [ # # ]: 0 : if ((fd = open(restricted, O_DIRECTORY|O_RDONLY|O_CLOEXEC)) < 0) { 72 : 0 : warn("Impossible to open the restricted directory"); 73 : 0 : return (EXIT_FAILURE); 74 : : } 75 : : 76 : : #ifdef HAVE_CAPSICUM 77 : : cap_rights_init(&rights, CAP_READ, CAP_FSTATAT, CAP_FCNTL); 78 : : if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS ) { 79 : : warn("cap_rights_limit() failed"); 80 : : close(fd); 81 : : return (EXIT_FAILURE); 82 : : } 83 : : 84 : : #ifndef PKG_COVERAGE 85 : : if (cap_enter() < 0 && errno != ENOSYS) { 86 : : warn("cap_enter() failed"); 87 : : close(fd); 88 : : return (EXIT_FAILURE); 89 : : } 90 : : #endif 91 : : 92 : : #endif 93 [ # # ]: 0 : if (pkg_sshserve(fd) != EPKG_OK) { 94 : 0 : close(fd); 95 : 0 : return (EXIT_FAILURE); 96 : : } 97 : : 98 : 0 : close(fd); 99 : 0 : return (EXIT_SUCCESS); 100 : 0 : }