upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to

request they do not follow symlinks. Requires recently-committed
lsetstat@openssh.com extension on the server side.

ok markus@ dtucker@

OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
This commit is contained in:
djm@openbsd.org 2019-01-16 23:23:45 +00:00 committed by Damien Miller
parent dbbc7e0eab
commit 60d8c84e08
4 changed files with 103 additions and 18 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.c,v 1.130 2018/07/31 03:07:24 djm Exp $ */ /* $OpenBSD: sftp-client.c,v 1.131 2019/01/16 23:23:45 djm Exp $ */
/* /*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
* *
@ -86,6 +86,7 @@ struct sftp_conn {
#define SFTP_EXT_FSTATVFS 0x00000004 #define SFTP_EXT_FSTATVFS 0x00000004
#define SFTP_EXT_HARDLINK 0x00000008 #define SFTP_EXT_HARDLINK 0x00000008
#define SFTP_EXT_FSYNC 0x00000010 #define SFTP_EXT_FSYNC 0x00000010
#define SFTP_EXT_LSETSTAT 0x00000020
u_int exts; u_int exts;
u_int64_t limit_kbps; u_int64_t limit_kbps;
struct bwlimit bwlimit_in, bwlimit_out; struct bwlimit bwlimit_in, bwlimit_out;
@ -463,6 +464,10 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
strcmp((char *)value, "1") == 0) { strcmp((char *)value, "1") == 0) {
ret->exts |= SFTP_EXT_FSYNC; ret->exts |= SFTP_EXT_FSYNC;
known = 1; known = 1;
} else if (strcmp(name, "lsetstat@openssh.com") == 0 &&
strcmp((char *)value, "1") == 0) {
ret->exts |= SFTP_EXT_LSETSTAT;
known = 1;
} }
if (known) { if (known) {
debug2("Server supports extension \"%s\" revision %s", debug2("Server supports extension \"%s\" revision %s",
@ -1096,7 +1101,6 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st,
if ((msg = sshbuf_new()) == NULL) if ((msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__); fatal("%s: sshbuf_new failed", __func__);
sshbuf_reset(msg);
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
(r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 ||
(r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 || (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
@ -1125,7 +1129,6 @@ do_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
if ((msg = sshbuf_new()) == NULL) if ((msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__); fatal("%s: sshbuf_new failed", __func__);
sshbuf_reset(msg);
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
(r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 ||
(r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 || (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
@ -1138,6 +1141,38 @@ do_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
} }
#endif #endif
int
do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a)
{
struct sshbuf *msg;
u_int status, id;
int r;
if ((conn->exts & SFTP_EXT_LSETSTAT) == 0) {
error("Server does not support lsetstat@openssh.com extension");
return -1;
}
id = conn->msg_id++;
if ((msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
(r = sshbuf_put_u32(msg, id)) != 0 ||
(r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
(r = sshbuf_put_cstring(msg, path)) != 0 ||
(r = encode_attrib(msg, a)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
send_msg(conn, msg);
sshbuf_free(msg);
status = get_status(conn, id);
if (status != SSH2_FX_OK)
error("Couldn't setstat on \"%s\": %s", path,
fx2txt(status));
return status == SSH2_FX_OK ? 0 : -1;
}
static void static void
send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
u_int len, const u_char *handle, u_int handle_len) u_int len, const u_char *handle, u_int handle_len)
@ -1147,7 +1182,6 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
if ((msg = sshbuf_new()) == NULL) if ((msg = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__); fatal("%s: sshbuf_new failed", __func__);
sshbuf_reset(msg);
if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 || if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 ||
(r = sshbuf_put_u32(msg, id)) != 0 || (r = sshbuf_put_u32(msg, id)) != 0 ||
(r = sshbuf_put_string(msg, handle, handle_len)) != 0 || (r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp-client.h,v 1.27 2015/05/08 06:45:13 djm Exp $ */ /* $OpenBSD: sftp-client.h,v 1.28 2019/01/16 23:23:45 djm Exp $ */
/* /*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@ -91,6 +91,9 @@ int do_setstat(struct sftp_conn *, const char *, Attrib *);
/* Set file attributes of open file 'handle' */ /* Set file attributes of open file 'handle' */
int do_fsetstat(struct sftp_conn *, const u_char *, u_int, Attrib *); int do_fsetstat(struct sftp_conn *, const u_char *, u_int, Attrib *);
/* Set file attributes of 'path', not following symlinks */
int do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a);
/* Canonicalise 'path' - caller must free result */ /* Canonicalise 'path' - caller must free result */
char *do_realpath(struct sftp_conn *, const char *); char *do_realpath(struct sftp_conn *, const char *);

31
sftp.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: sftp.1,v 1.122 2018/11/16 02:30:20 djm Exp $ .\" $OpenBSD: sftp.1,v 1.123 2019/01/16 23:23:45 djm Exp $
.\" .\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\" .\"
@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: November 16 2018 $ .Dd $Mdocdate: January 16 2019 $
.Dt SFTP 1 .Dt SFTP 1
.Os .Os
.Sh NAME .Sh NAME
@ -316,31 +316,52 @@ Change remote directory to
If If
.Ar path .Ar path
is not specified, then change directory to the one the session started in. is not specified, then change directory to the one the session started in.
.It Ic chgrp Ar grp Ar path .It Xo Ic chgrp
.Op Fl h
.Ar grp
.Ar path
.Xc
Change group of file Change group of file
.Ar path .Ar path
to to
.Ar grp . .Ar grp .
If the
.Fl h
flag is specified, then symlinks will not be followed.
.Ar path .Ar path
may contain may contain
.Xr glob 7 .Xr glob 7
characters and may match multiple files. characters and may match multiple files.
.Ar grp .Ar grp
must be a numeric GID. must be a numeric GID.
.It Ic chmod Ar mode Ar path .It Xo Ic chmod
.Op Fl h
.Ar mode
.Ar path
.Xc
Change permissions of file Change permissions of file
.Ar path .Ar path
to to
.Ar mode . .Ar mode .
If the
.Fl h
flag is specified, then symlinks will not be followed.
.Ar path .Ar path
may contain may contain
.Xr glob 7 .Xr glob 7
characters and may match multiple files. characters and may match multiple files.
.It Ic chown Ar own Ar path .It Xo Ic chown
.Op Fl h
.Ar own
.Ar path
.Xc
Change owner of file Change owner of file
.Ar path .Ar path
to to
.Ar own . .Ar own .
If the
.Fl h
flag is specified, then symlinks will not be followed.
.Ar path .Ar path
may contain may contain
.Xr glob 7 .Xr glob 7

43
sftp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sftp.c,v 1.188 2018/11/16 03:26:01 djm Exp $ */ /* $OpenBSD: sftp.c,v 1.189 2019/01/16 23:23:45 djm Exp $ */
/* /*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
* *
@ -278,9 +278,9 @@ help(void)
printf("Available commands:\n" printf("Available commands:\n"
"bye Quit sftp\n" "bye Quit sftp\n"
"cd path Change remote directory to 'path'\n" "cd path Change remote directory to 'path'\n"
"chgrp grp path Change group of file 'path' to 'grp'\n" "chgrp [-h] grp path Change group of file 'path' to 'grp'\n"
"chmod mode path Change permissions of file 'path' to 'mode'\n" "chmod [-h] mode path Change permissions of file 'path' to 'mode'\n"
"chown own path Change owner of file 'path' to 'own'\n" "chown [-h] own path Change owner of file 'path' to 'own'\n"
"df [-hi] [path] Display statistics for current directory or\n" "df [-hi] [path] Display statistics for current directory or\n"
" filesystem containing 'path'\n" " filesystem containing 'path'\n"
"exit Quit sftp\n" "exit Quit sftp\n"
@ -561,6 +561,30 @@ parse_df_flags(const char *cmd, char **argv, int argc, int *hflag, int *iflag)
return optind; return optind;
} }
static int
parse_ch_flags(const char *cmd, char **argv, int argc, int *hflag)
{
extern int opterr, optind, optopt, optreset;
int ch;
optind = optreset = 1;
opterr = 0;
*hflag = 0;
while ((ch = getopt(argc, argv, "h")) != -1) {
switch (ch) {
case 'h':
*hflag = 1;
break;
default:
error("%s: Invalid flag -%c", cmd, optopt);
return -1;
}
}
return optind;
}
static int static int
parse_no_flags(const char *cmd, char **argv, int argc) parse_no_flags(const char *cmd, char **argv, int argc)
{ {
@ -1456,7 +1480,7 @@ parse_args(const char **cpp, int *ignore_errors, int *disable_echo, int *aflag,
/* FALLTHROUGH */ /* FALLTHROUGH */
case I_CHOWN: case I_CHOWN:
case I_CHGRP: case I_CHGRP:
if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) if ((optidx = parse_ch_flags(cmd, argv, argc, hflag)) == -1)
return -1; return -1;
/* Get numeric arg (mandatory) */ /* Get numeric arg (mandatory) */
if (argc - optidx < 1) if (argc - optidx < 1)
@ -1675,7 +1699,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
if (!quiet) if (!quiet)
mprintf("Changing mode on %s\n", mprintf("Changing mode on %s\n",
g.gl_pathv[i]); g.gl_pathv[i]);
err = do_setstat(conn, g.gl_pathv[i], &a); err = (hflag ? do_lsetstat : do_setstat)(conn,
g.gl_pathv[i], &a);
if (err != 0 && err_abort) if (err != 0 && err_abort)
break; break;
} }
@ -1685,7 +1710,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
path1 = make_absolute(path1, *pwd); path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i] && !interrupted; i++) { for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) { if (!(aa = (hflag ? do_lstat : do_stat)(conn,
g.gl_pathv[i], 0))) {
if (err_abort) { if (err_abort) {
err = -1; err = -1;
break; break;
@ -1713,7 +1739,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
g.gl_pathv[i]); g.gl_pathv[i]);
aa->gid = n_arg; aa->gid = n_arg;
} }
err = do_setstat(conn, g.gl_pathv[i], aa); err = (hflag ? do_lsetstat : do_setstat)(conn,
g.gl_pathv[i], aa);
if (err != 0 && err_abort) if (err != 0 && err_abort)
break; break;
} }