File Manager

003 File Manager

Current Path: /usr/src/crypto/openssh/regress

usr / src / crypto / openssh / regress /

📁 ..
📄 Makefile(6.8 KB)
📄 README.regress(3.91 KB)
📄 addrmatch.sh(2.06 KB)
📄 agent-getpeereid.sh(1.13 KB)
📄 agent-pkcs11.sh(1.86 KB)
📄 agent-ptrace.sh(1.31 KB)
📄 agent-timeout.sh(928 B)
📄 agent.sh(2.96 KB)
📄 allow-deny-users.sh(1.45 KB)
📄 authinfo.sh(574 B)
📄 banner.sh(1.24 KB)
📄 broken-pipe.sh(281 B)
📄 brokenkeys.sh(462 B)
📄 cert-file.sh(5.25 KB)
📄 cert-hostkey.sh(10.34 KB)
📄 cert-userkey.sh(11.95 KB)
📄 cfginclude.sh(4.39 KB)
📄 cfgmatch.sh(3.5 KB)
📄 cfgmatchlisten.sh(6.34 KB)
📄 cfgparse.sh(2.17 KB)
📄 check-perm.c(4.33 KB)
📄 cipher-speed.sh(799 B)
📄 conch-ciphers.sh(796 B)
📄 connect-privsep.sh(1.02 KB)
📄 connect-uri.sh(816 B)
📄 connect.sh(222 B)
📄 dhgex.sh(1.47 KB)
📄 dsa_ssh2.prv(863 B)
📄 dsa_ssh2.pub(732 B)
📄 dynamic-forward.sh(1.48 KB)
📄 envpass.sh(1.54 KB)
📄 exit-status.sh(562 B)
📄 forcecommand.sh(1.1 KB)
📄 forward-control.sh(7.71 KB)
📄 forwarding.sh(4.22 KB)
📄 host-expand.sh(384 B)
📄 hostkey-agent.sh(1.6 KB)
📄 hostkey-rotate.sh(3.86 KB)
📄 integrity.sh(2.33 KB)
📄 kextype.sh(587 B)
📄 key-options.sh(3.22 KB)
📄 keygen-change.sh(581 B)
📄 keygen-convert.sh(1.08 KB)
📄 keygen-knownhosts.sh(6.42 KB)
📄 keygen-moduli.sh(702 B)
📄 keys-command.sh(2.39 KB)
📄 keyscan.sh(403 B)
📄 keytype.sh(1.84 KB)
📄 krl.sh(6.45 KB)
📄 limit-keytype.sh(3.65 KB)
📄 localcommand.sh(351 B)
📄 login-timeout.sh(588 B)
📁 misc
📄 mkdtemp.c(1.53 KB)
📄 modpipe.c(3.81 KB)
📄 moduli.in(1.59 KB)
📄 multiplex.sh(7.09 KB)
📄 multipubkey.sh(2.31 KB)
📄 netcat.c(39.92 KB)
📄 portnum.sh(624 B)
📄 principals-command.sh(5.48 KB)
📄 proto-mismatch.sh(368 B)
📄 proto-version.sh(527 B)
📄 proxy-connect.sh(624 B)
📄 putty-ciphers.sh(678 B)
📄 putty-kex.sh(553 B)
📄 putty-transfer.sh(1021 B)
📄 reconfigure.sh(855 B)
📄 reexec.sh(878 B)
📄 rekey.sh(4.12 KB)
📄 rsa_openssh.prv(883 B)
📄 rsa_openssh.pub(213 B)
📄 rsa_ssh2.prv(924 B)
📄 scp-ssh-wrapper.sh(914 B)
📄 scp-uri.sh(2.01 KB)
📄 scp.sh(3.5 KB)
📄 setuid-allowed.c(1.45 KB)
📄 sftp-badcmds.sh(2.22 KB)
📄 sftp-batch.sh(1.16 KB)
📄 sftp-chroot.sh(845 B)
📄 sftp-cmds.sh(7.29 KB)
📄 sftp-glob.sh(2.47 KB)
📄 sftp-perm.sh(5.23 KB)
📄 sftp-uri.sh(1.59 KB)
📄 sftp.sh(737 B)
📄 ssh-com-client.sh(3.02 KB)
📄 ssh-com-keygen.sh(1.38 KB)
📄 ssh-com-sftp.sh(1.19 KB)
📄 ssh-com.sh(2.71 KB)
📄 ssh2putty.sh(693 B)
📄 sshcfgparse.sh(3.8 KB)
📄 sshd-log-wrapper.sh(285 B)
📄 stderr-after-eof.sh(603 B)
📄 stderr-data.sh(709 B)
📄 t11.ok(51 B)
📄 t4.ok(52 B)
📄 t5.ok(66 B)
📄 test-exec.sh(13.05 KB)
📄 transfer.sh(583 B)
📄 try-ciphers.sh(715 B)
📁 unittests
📄 valgrind-unit.sh(610 B)
📄 yes-head.sh(401 B)

Editing: check-perm.c

/*
 * Placed in the public domain
 */

/* $OpenBSD: modpipe.c,v 1.6 2013/11/21 03:16:47 djm Exp $ */

#include "includes.h"

#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
#include <errno.h>
#include <pwd.h>
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
#endif

static void
fatal(const char *fmt, ...)
{
	va_list args;

va_start(args, fmt);
	vfprintf(stderr, fmt, args);
	fputc('\n', stderr);
	va_end(args);
	exit(1);
}
/* Based on session.c. NB. keep tests in sync */
static void
safely_chroot(const char *path, uid_t uid)
{
	const char *cp;
	char component[PATH_MAX];
	struct stat st;

if (*path != '/')
		fatal("chroot path does not begin at root");
	if (strlen(path) >= sizeof(component))
		fatal("chroot path too long");

/*
	 * Descend the path, checking that each component is a
	 * root-owned directory with strict permissions.
	 */
	for (cp = path; cp != NULL;) {
		if ((cp = strchr(cp, '/')) == NULL)
			strlcpy(component, path, sizeof(component));
		else {
			cp++;
			memcpy(component, path, cp - path);
			component[cp - path] = '\0';
		}

/* debug3("%s: checking '%s'", __func__, component); */

if (stat(component, &st) != 0)
			fatal("%s: stat(\"%s\"): %s", __func__,
			    component, strerror(errno));
		if (st.st_uid != 0 || (st.st_mode & 022) != 0)
			fatal("bad ownership or modes for chroot "
			    "directory %s\"%s\"",
			    cp == NULL ? "" : "component ", component);
		if (!S_ISDIR(st.st_mode))
			fatal("chroot path %s\"%s\" is not a directory",
			    cp == NULL ? "" : "component ", component);

}

if (chdir(path) == -1)
		fatal("Unable to chdir to chroot path \"%s\": "
		    "%s", path, strerror(errno));
}

/* from platform.c */
int
platform_sys_dir_uid(uid_t uid)
{
	if (uid == 0)
		return 1;
#ifdef PLATFORM_SYS_DIR_UID
	if (uid == PLATFORM_SYS_DIR_UID)
		return 1;
#endif
	return 0;
}

/* from auth.c */
int
auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
    uid_t uid, char *err, size_t errlen)
{
	char buf[PATH_MAX], homedir[PATH_MAX];
	char *cp;
	int comparehome = 0;
	struct stat st;

if (realpath(name, buf) == NULL) {
		snprintf(err, errlen, "realpath %s failed: %s", name,
		    strerror(errno));
		return -1;
	}
	if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL)
		comparehome = 1;

if (!S_ISREG(stp->st_mode)) {
		snprintf(err, errlen, "%s is not a regular file", buf);
		return -1;
	}
	if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
	    (stp->st_mode & 022) != 0) {
		snprintf(err, errlen, "bad ownership or modes for file %s",
		    buf);
		return -1;
	}

/* for each component of the canonical path, walking upwards */
	for (;;) {
		if ((cp = dirname(buf)) == NULL) {
			snprintf(err, errlen, "dirname() failed");
			return -1;
		}
		strlcpy(buf, cp, sizeof(buf));

if (stat(buf, &st) < 0 ||
		    (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
		    (st.st_mode & 022) != 0) {
			snprintf(err, errlen,
			    "bad ownership or modes for directory %s", buf);
			return -1;
		}

/* If are past the homedir then we can stop */
		if (comparehome && strcmp(homedir, buf) == 0)
			break;

/*
		 * dirname should always complete with a "/" path,
		 * but we can be paranoid and check for "." too
		 */
		if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0))
			break;
	}
	return 0;
}

static void
usage(void)
{
	fprintf(stderr, "check-perm -m [chroot | keys-command] [path]\n");
	exit(1);
}

int
main(int argc, char **argv)
{
	const char *path = ".";
	char errmsg[256];
	int ch, mode = -1;
	extern char *optarg;
	extern int optind;
	struct stat st;

while ((ch = getopt(argc, argv, "hm:")) != -1) {
		switch (ch) {
		case 'm':
			if (strcasecmp(optarg, "chroot") == 0)
				mode = 1;
			else if (strcasecmp(optarg, "keys-command") == 0)
				mode = 2;
			else {
				fprintf(stderr, "Invalid -m option\n"),
				usage();
			}
			break;
		default:
			usage();
		}
	}
	argc -= optind;
	argv += optind;

if (argc > 1)
		usage();
	else if (argc == 1)
		path = argv[0];

if (mode == 1)
		safely_chroot(path, getuid());
	else if (mode == 2) {
		if (stat(path, &st) < 0)
			fatal("Could not stat %s: %s", path, strerror(errno));
		if (auth_secure_path(path, &st, NULL, 0,
		    errmsg, sizeof(errmsg)) != 0)
			fatal("Unsafe %s: %s", path, errmsg);
	} else {
		fprintf(stderr, "Invalid mode\n");
		usage();
	}
	return 0;
}

003 File Manager

Editing: check-perm.c

Upload File

Create Folder