/*-1* Copyright (c) 2011-2013 Baptiste Daroussin <[email protected]>2* All rights reserved.3*4* Redistribution and use in source and binary forms, with or without5* modification, are permitted provided that the following conditions6* are met:7* 1. Redistributions of source code must retain the above copyright8* notice, this list of conditions and the following disclaimer9* in this position and unchanged.10* 2. Redistributions in binary form must reproduce the above copyright11* notice, this list of conditions and the following disclaimer in the12* documentation and/or other materials provided with the distribution.13*14* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR15* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES16* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.17* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,18* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT19* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,20* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY21* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT22* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF23* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.24*/2526#ifdef HAVE_CONFIG_H27#include "pkg_config.h"28#endif2930#ifdef HAVE_CAPSICUM31#include <sys/capsicum.h>32#endif3334#include <stdio.h>35#include <unistd.h>36#include <fcntl.h>37#include <err.h>38#include <errno.h>3940#include <pkg.h>4142#include "pkgcli.h"4344void45usage_ssh(void)46{47fprintf(stderr, "Usage: pkg ssh\n\n");48fprintf(stderr, "For more information see 'pkg help ssh'.\n");49}5051int52exec_ssh(int argc, char **argv __unused)53{54int fd = -1;55const char *restricted = NULL;5657#ifdef HAVE_CAPSICUM58cap_rights_t rights;59#endif6061if (argc > 1) {62usage_ssh();63return (EXIT_FAILURE);64}6566restricted = pkg_object_string(pkg_config_get("SSH_RESTRICT_DIR"));67if (restricted == NULL)68restricted = "/";6970if ((fd = open(restricted, O_DIRECTORY|O_RDONLY|O_CLOEXEC)) < 0) {71warn("Impossible to open the restricted directory");72return (EXIT_FAILURE);73}7475#ifdef HAVE_CAPSICUM76cap_rights_init(&rights, CAP_READ, CAP_FSTATAT, CAP_FCNTL);77if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS ) {78warn("cap_rights_limit() failed");79close(fd);80return (EXIT_FAILURE);81}8283#ifndef PKG_COVERAGE84if (cap_enter() < 0 && errno != ENOSYS) {85warn("cap_enter() failed");86close(fd);87return (EXIT_FAILURE);88}89#endif9091#endif92if (pkg_sshserve(fd) != EPKG_OK) {93close(fd);94return (EXIT_FAILURE);95}9697close(fd);98return (EXIT_SUCCESS);99}100101102