[scponly] scponly and latest cygwin

John M. Lauck john at recaffeinated.com
Sat Feb 12 16:19:20 EST 2005 

Thanks a lot Chad!  

I'll give it a try and post my results.  I have one question though: Are
there specific security issues with leaving WinSCP compatibility enabled?

John

-----Original Message-----
From: scponly-bounces at lists.ccs.neu.edu
[mailto:scponly-bounces at lists.ccs.neu.edu] On Behalf Of Chad Neufeld
Sent: Saturday, February 12, 2005 4:12 PM
To: scponly at lists.ccs.neu.edu
Subject: RE: [scponly] scponly and latest cygwin

On Fri, Feb 04, 2005 at 07:43:49PM -0500, John M. Lauck wrote:
> Has anyone compiled scponly on the latest cygwin release?  I got around
> problems with the config but now I am having trouble with the make file.
> Any ideas would be helpful.


John,

I had a hard time getting scponly to compile and work on cygwin.  I have
attached a patch at the end that will allow you to make scponly and scponlyc
for the two following configure options (maybe others, but I have not
checked).  

1. Copy the patch to the scponly directory,
2. configure with the options you want,
3. run the patch using -p1
4. make
5. make install

   % ./configure --enable-chrooted-binary
   % ./configure --enable-chrooted-binary --disable-scp-compat
--disable-gftp-compat --disable-winscp-compat

Thanks to Christian Weinberger for helping me get option 1 working.
http://cygwin.com/ml/cygwin/2005-02/msg00341.html
http://cygwin.com/ml/cygwin/2005-02/msg00384.html

Thanks to Hideyuki KURASHINA for the patch for option 2.
https://lists.ccs.neu.edu/pipermail/scponly/2004-December/000655.html

Thanks to David Ramsden for the chdir patch for chrooted users.
https://lists.ccs.neu.edu/pipermail/scponly/2004-December/000654.html

I used the default directories for all of the installations.  Xp pro, cygwin
dll 1.5.12-1, scponly 4.0.
I had to add /usr/sbin to the windows path before I configured scponly.

See these for setting up an sftp user.
http://cygwin.com/ml/cygwin/2005-02/msg00394.html
http://cygwin.com/ml/cygwin/2005-02/msg00384.html

Hope this helps,
Chad



diff -Naur scponly-4.0.original/Makefile scponly-4.0/Makefile
--- scponly-4.0.original/Makefile	Sat Feb 12 12:00:00 2005
+++ scponly-4.0/Makefile	Sat Feb 12 13:20:13 2005
@@ -23,7 +23,7 @@
 love: clean all
 
 scponly: scponly.o helper.o
-	${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o
+	${CC} ${CFLAGS} ${DEFS} -o $@ scponly.o helper.o /lib/libiberty.a
 
 groups: groups.c
 	${CC} ${CFLAGS} ${DEFS} -o $@ $<
diff -Naur scponly-4.0.original/helper.c scponly-4.0/helper.c
--- scponly-4.0.original/helper.c	Sat Nov 27 17:53:21 2004
+++ scponly-4.0/helper.c	Sat Feb 12 13:15:00 2005
@@ -9,7 +9,7 @@
 #include <errno.h>	// for debugging
 #include <pwd.h>	// to get username for config parsing
 #include <time.h>	// time
-#include <libgen.h>	// basename
+//#include <libgen.h>	// basename
 #include <stdlib.h>	// realloc
 #include <syslog.h>
 #include "scponly.h"
diff -Naur scponly-4.0.original/scponly.c scponly-4.0/scponly.c
--- scponly-4.0.original/scponly.c	Sat Nov 27 18:16:39 2004
+++ scponly-4.0/scponly.c	Sat Feb 12 13:10:00 2005
@@ -76,7 +76,9 @@
  */
 cmd_arg_t dangerous_args[] =
 {
+#ifdef ENABLE_SCP2
 	{ PROG_SCP, "-S" },
+#endif
 	{ PROG_SFTP_SERVER, "-S" },
 #ifdef UNISON_COMPAT
 	{ PROG_UNISON, "-rshcmd" },
@@ -180,12 +182,15 @@
 	if (chrooted)
 	{
 		char *root_dir = chrootdir;
+		char chdir_path[FILENAME_MAX];
 
+		strcpy(chdir_path, "/");
 		strcpy(chrootdir, homedir);
 		while((root_dir = strchr(root_dir, '/')) != NULL) 
 		{
 			if (strncmp(root_dir, "//", 2) == 0) 
 			{
+				snprintf(chdir_path, FILENAME_MAX, "%s",
root_dir + 1);
 				*root_dir = '\0';
 				break;
 			}
@@ -202,6 +207,20 @@
 			syslog (LOG_ERR, "couldn't chroot to %s [%s]",
chrootdir, logstamp());
 			exit(EXIT_FAILURE);
 		}
+
+		if (debuglevel)
+		{
+			syslog (LOG_DEBUG, "chdiring to dir: \"%s\"",
chdir_path);
+		}
+		if (-1==(chdir(chdir_path)))
+		{
+			if (debuglevel)
+			{
+				syslog (LOG_ERR, "chdir: %m");
+			}
+			syslog (LOG_ERR, "couldn't chdir to %s [%s]", chdir,
logstamp());
+			exit(EXIT_FAILURE);
+		}
 	}
 #endif //CHROOTED_NAME
 
@@ -361,7 +380,7 @@
 {
 	char **av;
 	char *flat_request,*tmpstring, *tmprequest;
-	char bad_winscp3str[] = "test -x /usr/lib/sftp-server && exec
/usr/lib/sftp-server test -x /usr/local/lib/sftp-server && exec
/usr/local/lib/sftp-server exec sftp-server";
+	char bad_winscp3str[] = "test -x /usr/sbin/sftp-server && exec
/usr/sbin/sftp-server test -x /usr/local/lib/sftp-server && exec
/usr/local/lib/sftp-server exec sftp-server";
 	int retval;
 	int reqlen=strlen(request);
 	char *env[2] = { NULL, NULL };


_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/scponly

More information about the scponly mailing list