Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplication of VRootAliases #42

Open
techerati opened this issue Jan 26, 2023 · 0 comments
Open

Duplication of VRootAliases #42

techerati opened this issue Jan 26, 2023 · 0 comments
Assignees
@Castaglia

Comments

@techerati
Copy link

Related to testing on #41

The file system in use has to carry forward a directory structure layout to maintain a legacy standard. Aliases are in use to map the chroot env to the real paths and directory limits are in place to control inadvertent destruction of that structure, protecting the user environment. This system only runs in SFTP mode.

The implementation of these VRootAlias' has worked as shown without issues. However, in these newer versions of mod_vroot, I believe >0.9.5 I'm seeing this duplication bug which lists an extra entry for every number of times there's an alias defined.

I created a test instance and have tried to comment out all of the aliases and then one at a time to prove my duplicate multiplier theory.

Here's my sample proftpd.conf VRootAlias config:

<IfGroup ftpuser>
  VRootAlias /bizcorp/us-west-1/SHARED public
  VRootAlias /bizcorp/us-west-1/config ~/home/ftp/config
  VRootAlias /bizcorp/us-west-1/SHARED ~/home/ftp/public
  VRootAlias /bizcorp/us-west-1/SHARED ~/home/ftp/PUBLIC
  VRootAlias /bizcorp/us-west-1/authorized_keys/%u .ssh/%u
</IfGroup>

Here's output from the sftp client:

sftp -i .\testuser_rsa -o Port=8822 [email protected]
Connected to 10.0.2.15.
sftp> ls
inbound   outbound  public
sftp> cd /
sftp> ls
home  home  home  home  home
sftp> cd home
sftp> ls
ftp  ftp  ftp  ftp  ftp
sftp> cd ftp
sftp> ls
PUBLIC    config    public    testuser  testuser
sftp> cd testuser
sftp> ls
inbound   outbound  public
sftp> cd inbound

Here's a patch but more so a hack to make it work and not a "true" fix as to what is the problem in the code:

diff -Naur proftpd.orig/contrib/mod_vroot/fsio.c proftpd/contrib/mod_vroot/fsio.c
--- proftpd.orig/contrib/mod_vroot/fsio.c       2023-01-26 18:30:42.294759353 +0000
+++ proftpd/contrib/mod_vroot/fsio.c    2023-01-26 20:05:32.461892080 +0000
@@ -922,6 +922,21 @@

       memset(vroot_dent, 0, vroot_dentsz);

+      /* Multiple aliases under the legacy parent directory is
+       * creating a problem that causes the elts to have duplicate
+       * entries.  When the listing is returned to the client there
+       * are dups, which are problematic if automation is walking
+       * the directory structure tree.
+       */
+
+      if (vroot_dir_idx > 0 &&
+          strcmp(elts[vroot_dir_idx], elts[vroot_dir_idx - 1]) == 0) {
+        (void) pr_log_writefile(vroot_logfd, MOD_VROOT_VERSION,
+          "Duplicate listing bug match, skipping the duplicate.");
+        vroot_dir_idx++;
+        goto next_dent;
+      }
+
       if (vroot_dent_namesz == 0) {
         sstrncpy(vroot_dent->d_name, elts[vroot_dir_idx++],
           sizeof(vroot_dent->d_name));

From a client perspective this fixes the duplicates.

sftp -i .\testuser_rsa -o Port=8822 [email protected]
Connected to 10.0.2.15.
sftp> ls /
/home
sftp> ls /home
/home/ftp
sftp> cd /home/
sftp> ls
ftp
sftp> cd ftp
sftp> ls
PUBLIC    config    public    testuser
@Castaglia Castaglia self-assigned this Feb 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Castaglia Castaglia

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Castaglia @techerati