I am hoping to filter on that file name so I can reject certain files
(ideally, configurable file patterns). Suppose I wish for all files
named
"kitten.txt" to be rejected, I would simply compare the incoming file
name
to that and, if a match, end the transfer and session.
Look at the okname() function in scp.c.
You'd have to think about how to implement this so you can:
1) Not expose yourself to unnecessarily risky code and functionality.
2) Provide for a (scalable) way to configure the list of "blacklisted"
filenames so that it doesn't require undue -HUP (or worse,
recompilation) of
the SSH services.
3) Resist the tempation to use risky libraries to expand the
flexibility of
your "blacklisting" specifications, i.e., PCRE & friends.
Well, I'd suggest to just pass that decision making to an external
process.
Ie. at the place doing an fopen() do a popen() instead (or fork()/exec()
if not using stdio there), passing the filename in as an argument.
The called executable can then read data from STDIN, and can at any time
(parsing the filename, the first few magic bytes, or the whole content)
do an exit(1), signifying that the data was inappropriate.
Precedence case is the "AuthorizedKeysCommand".
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev