diff options
author | lns <matzeton@googlemail.com> | 2018-05-15 22:59:34 +0200 |
---|---|---|
committer | lns <matzeton@googlemail.com> | 2018-05-15 22:59:34 +0200 |
commit | ffdf43212d29d38e51e067c04891c600f5318c01 (patch) | |
tree | d88af2881ff786214e0fe9b77765e163e568904b | |
parent | 813b4e3e5fc16a69c35bfcd1c4eba248c11f3e7c (diff) |
POTD skeleton #56.
Signed-off-by: lns <matzeton@googlemail.com>
-rw-r--r-- | src/jail.c | 3 | ||||
-rw-r--r-- | src/protocol_ssh.c | 23 |
2 files changed, 23 insertions, 3 deletions
@@ -233,6 +233,7 @@ static int jail_childfn(prisoner_process *ctx) int s, master_fd; int unshare_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC| CLONE_NEWNS|CLONE_NEWNET/*|CLONE_NEWUSER*/; + unsigned int ug_map[3] = { 0, 10000, 65535 }; pid_t self_pid, child_pid; assert(ctx); @@ -249,6 +250,8 @@ static int jail_childfn(prisoner_process *ctx) D2("Unshare prisoner %d", self_pid); if (unshare(unshare_flags)) FATAL("Unshare prisoner %d", self_pid); + if (update_uid_map(getpid(), ug_map)) + FATAL("UID mapping for %d", getpid()); D2("Safe change root to: '%s'", ctx->newroot); if (safe_chroot(ctx->newroot)) diff --git a/src/protocol_ssh.c b/src/protocol_ssh.c index 91f2a43..abed82a 100644 --- a/src/protocol_ssh.c +++ b/src/protocol_ssh.c @@ -262,7 +262,7 @@ static void ssh_log_cb(int priority, const char *function, static void ssh_mainloop(ssh_data *arg) { - int s, auth = 0, shell = 0; + int s, auth = 0, shell = 0, is_child; ssh_session ses; ssh_message message; ssh_channel chan = NULL; @@ -283,6 +283,24 @@ static void ssh_mainloop(ssh_data *arg) goto failed; } + switch (fork()) { + case -1: + is_child = 0; + W_STRERR("%s", "Fork for SSH Client"); + break; + case 0: + set_procname("[potd] ssh-client"); + assert( set_child_sighandler() == 0 ); + is_child = 1; + break; + default: + ssh_free(ses); + is_child = 0; + break; + } + if (!is_child) + continue; + if (ssh_handle_key_exchange(ses)) { W("SSH key exchange failed: %s", ssh_get_error(ses)); goto failed; @@ -359,9 +377,8 @@ static void ssh_mainloop(ssh_data *arg) failed: ssh_disconnect(ses); ssh_free(ses); + exit(EXIT_SUCCESS); } - - exit(EXIT_FAILURE); } static int authenticate(ssh_session session) |