Skip to content

Instantly share code, notes, and snippets.

@ssimpson89
Created January 19, 2016 21:34
Show Gist options
  • Save ssimpson89/a2a0a333b231ef6c7ec6 to your computer and use it in GitHub Desktop.
Save ssimpson89/a2a0a333b231ef6c7ec6 to your computer and use it in GitHub Desktop.
Restrict Shell To Rsync SFTP and SCP
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
/*
*** Original by Patric Draper <http://www.pdrap.org/about/>
***
*** Changes on 13-Mar-2004 by Msquared <http://www.msquared.id.au/>
***
*** * fixed bug in args to realloc()
*** * fixed bug in parameter checks (validates entire command name)
*** * Modified to work with OpenSSH SFTP
*** * Added rsync support
***
*** This code is in the public domain. No warranty. If it breaks,
*** you can dispose of it as you see fit.
***
*** Build with DEBUG to save calling arguments to /tmp/scpshell.log
*** This is useful to add new protocols, debug existing calls, etc.
***
*** Put the new scpsftprsynconly shell in /etc/shells for ftp to work
**/
char * restrictmsg = "\nThis account is currently not allowed to login"
" using this method.\nPlease contact the server admin with any questions.\n\n";
int main (int argc, char *argv []) {
char **newargs = NULL;
char *newbuff = NULL;
int i;
char *s;
#ifdef DEBUG
FILE * log = fopen("/tmp/scpshell.log","a+");
if ( log ) {
char **par = argv;
while ( *par )
fprintf ( log, "[%s] ", *par++ );
fprintf ( log, "\n" );
fclose(log);
}
#endif
if (argc < 3) {
printf (restrictmsg);
return 1;
}
if ((strncmp (argv [2], "scp ", 4) != 0) &&
(strncmp (argv [2], "/usr/libexec/openssh/sftp-server", 33) != 0) &&
(strncmp (argv [2], "rsync ", 6) != 0)) {
printf (restrictmsg);
return 2;
}
i = 0;
newbuff = strdup(argv[2]);
s = strtok (newbuff, " ");
do {
newargs = (char **) realloc (newargs, ++i*sizeof(*newargs));
newargs [i - 1] = strdup (s);
} while ((s = strtok (NULL, " ")) != NULL);
newargs = (char **) realloc (newargs, ++i*sizeof(*newargs));
newargs [i - 1] = NULL;
execvp (newargs [0], newargs);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment