Commit Graph

155 Commits

Author SHA1 Message Date
djm@openbsd.org
2ab864010e upstream: SFTP protocol extension to allow the server to expand
~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.

prompted by and much discussion deraadt@
ok markus@

OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392
2021-08-10 12:47:46 +10:00
Darren Tucker
1e11fb2406 Check for RLIMIT_NOFILE before trying to use it. 2021-08-02 18:56:29 +10:00
djm@openbsd.org
d345d5811a upstream: the limits@openssh.com extension was incorrectly marked
as an operation that writes to the filesystem, which made it unavailable in
sftp-server read-only mode. Spotted by Hector Martin via bz3318

OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067
2021-06-06 13:24:38 +10:00
Damien Miller
e7d0a285db wrap struct rlimit in HAVE_GETRLIMIT too 2021-04-07 08:50:38 +10:00
Damien Miller
f283a6c2e0 wrap getrlimit call in HAVE_GETRLIMIT; bz3291 2021-04-07 08:20:59 +10:00
djm@openbsd.org
31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
djm@openbsd.org
464ebc82aa upstream: unused variable
OpenBSD-Commit-ID: 85f6a394c8e0f60d15ecddda75176f112007b205
2021-04-03 16:30:17 +11:00
djm@openbsd.org
6653c61202 upstream: do not advertise protocol extensions that have been
disallowed by the command-line options (e.g. -p/-P/-R); ok dtucker@

OpenBSD-Commit-ID: 3a8a76b3f5131741aca4b41bfab8d101c9926205
2021-04-01 09:19:36 +11:00
djm@openbsd.org
1269b8a686 upstream: increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are borderline nonsensical
but not explicitly banned by the spec. Based on patch from Mike Frysinger,
feedback deraadt@ ok dtucker@

OpenBSD-Commit-ID: 4e67d60d81bde7b84a742b4ee5a34001bdf80d9c
2021-03-19 13:20:32 +11:00
djm@openbsd.org
860b676044 upstream: don't let logging clobber errno before use
OpenBSD-Commit-ID: ce6cca370005c270c277c51c111bb6911e1680ec
2021-03-19 13:20:32 +11:00
djm@openbsd.org
788cbc5b74 upstream: sftp-server: implement limits@openssh.com extension
This is a simple extension that allows the server to clearly
communicate transfer limits it is imposing so the client doesn't
have to guess, or force the user to manually tune.  This is
particularly useful when an attempt to use too large of a value
causes the server to abort the connection.

Patch from Mike Frysinger; ok dtucker@

OpenBSD-Commit-ID: f96293221e5aa24102d9bf30e4f4ef04d5f4fb51
2021-02-18 13:17:43 +11:00
djm@openbsd.org
16eacdb016 upstream: sftp: add missing lsetstat@openssh.com documentation
patch from Mike Frysinger

OpenBSD-Commit-ID: 9c114db88d505864075bfe7888b7c8745549715b
2021-02-17 15:03:41 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
287dc6396e upstream: log error message for process_write() write failures
OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851
2020-07-17 13:52:46 +10:00
djm@openbsd.org
fc270baf26 upstream: better terminology for permissions; feedback & ok markus@
OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
2020-06-22 16:11:14 +10:00
djm@openbsd.org
569b650f93 upstream: add a local implementation of BSD realpath() for
sftp-server use ahead of OpenBSD's realpath changing to match POSIX;

ok deraadt@ (thanks for snaps testing)

OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
2019-07-08 11:44:49 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
otto@openbsd.org
0323d9b619 upstream: Replace calls to ssh_malloc_init() by a static init of
malloc_options. Prepares for changes in the way malloc is initialized.  ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-06-08 00:25:42 +10:00
djm@openbsd.org
dbbc7e0eab upstream: add support for a "lsetstat@openssh.com" extension. This
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but
does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but
with more attribute modifications supported.

ok markus@ dtucker@

OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
2019-01-17 11:08:13 +11:00
djm@openbsd.org
5bed70afce upstream: static on global vars, const on handler tables that contain
function pointers; from Mike Frysinger

OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
2019-01-03 10:25:37 +11:00
djm@openbsd.org
9c935dd9bf upstream: make UID available as a %-expansion everywhere that the
username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@

OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
2018-06-01 13:35:59 +10:00
djm@openbsd.org
4d827f0d75 upstream commit
disallow creation (of empty files) in read-only mode;
reported by Michal Zalewski, feedback & ok deraadt@

Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
2017-04-04 10:26:01 +10:00
deraadt@openbsd.org
9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
Darren Tucker
0fb7f59853 Move prctl PR_SET_DUMPABLE into platform.c.
This should make it easier to add additional platform support such as
Solaris (bz#2584).
2016-06-09 16:23:07 +10:00
dtucker@openbsd.org
ffb1e7e896 upstream commit
Add a function to enable security-related malloc_options.
  With and ok deraadt@, something similar has been in the snaps for a while.

Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
Damien Miller
4626cbaf78 Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
2016-01-08 14:29:12 +11:00
logan@openbsd.org
db6f8dc5dd upstream commit
1) Use xcalloc() instead of xmalloc() to check for
 potential overflow.    (Feedback from both mmcc@ and djm@) 2) move set_size
 just before the for loop. (suggested by djm@)

OK djm@

Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
2015-11-17 11:15:20 +11:00
deraadt@openbsd.org
ce445b0ed9 upstream commit
Do not cast result of malloc/calloc/realloc* if stdlib.h
 is in scope ok krw millert

Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
2015-08-21 13:43:25 +10:00
deraadt@openbsd.org
657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
Darren Tucker
202d443eed Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits. 2015-04-15 15:59:49 +10:00
deraadt@openbsd.org
087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
Damien Miller
83b9678a62 fix merge botch 2015-01-15 02:35:50 +11:00
djm@openbsd.org
7d845f4a0b upstream commit
update sftp client and server to new buffer API. pretty
 much just mechanical changes; with & ok markus
2015-01-15 02:22:18 +11:00
Damien Miller
9c1dede005 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
2014-08-24 03:01:06 +10:00
Damien Miller
14928b7492 - (djm) On platforms that support it, use prctl() to prevent sftp-server
from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
2014-04-01 14:38:07 +11:00
Darren Tucker
2aca159d05 - dtucker@cvs.openbsd.org 2014/01/17 06:23:24
[sftp-server.c]
     fix log message statvfs.  ok djm
2014-01-19 15:25:34 +11:00
Damien Miller
f29238e674 - djm@cvs.openbsd.org 2013/10/17 00:30:13
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
     fsync@openssh.com protocol extension for sftp-server
     client support to allow calling fsync() faster successful transfer
     patch mostly by imorgan AT nas.nasa.gov; bz#1798
     "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 11:48:52 +11:00
Damien Miller
e9fc72edd6 - djm@cvs.openbsd.org 2013/10/14 23:28:23
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
     refactor client config code a little:
     add multistate option partsing to readconf.c, similar to servconf.c's
     existing code.
     move checking of options that accept "none" as an argument to readconf.c
     add a lowercase() function and use it instead of explicit tolower() in
     loops
     part of a larger diff that was ok markus@
2013-10-15 12:14:12 +11:00
Damien Miller
6efab27109 - jmc@cvs.openbsd.org 2013/10/14 14:18:56
[sftp-server.8 sftp-server.c]
     tweak previous;
     ok djm
2013-10-15 12:07:05 +11:00
Damien Miller
73600e51af - djm@cvs.openbsd.org 2013/10/10 00:53:25
[sftp-server.c]
     add -Q, -P and -p to usage() before jmc@ catches me
2013-10-15 11:56:25 +11:00
Damien Miller
6eaeebf27d - djm@cvs.openbsd.org 2013/10/09 23:42:17
[sftp-server.8 sftp-server.c]
     Add ability to whitelist and/or blacklist sftp protocol requests by name.
     Refactor dispatch loop and consolidate read-only mode checks.
     Make global variables static, since sftp-server is linked into sshd(8).
     ok dtucker@
2013-10-15 11:55:57 +11:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller
aa7ad3039c - jmc@cvs.openbsd.org 2013/01/04 19:26:38
[sftp-server.8 sftp-server.c]
     sftp-server.8: add argument name to -d
     sftp-server.c: add -d to usage()
     ok djm
2013-01-09 15:58:21 +11:00
Damien Miller
502ab0eff1 - djm@cvs.openbsd.org 2013/01/03 12:54:49
[sftp-server.8 sftp-server.c]
     allow specification of an alternate start directory for sftp-server(8)
     "I like this" markus@
2013-01-09 15:57:36 +11:00
Damien Miller
f145a5be1c - djm@cvs.openbsd.org 2011/06/17 21:46:16
[sftp-server.c]
     the protocol version should be unsigned; bz#1913 reported by mb AT
     smartftp.com
2011-06-20 14:42:51 +10:00
Darren Tucker
af1f909254 - djm@cvs.openbsd.org 2010/12/04 00:18:01
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
     add a protocol extension to support a hard link operation. It is
     available through the "ln" command in the client. The old "ln"
     behaviour of creating a symlink is available using its "-s" option
     or through the preexisting "symlink" command; based on a patch from
     miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Damien Miller
0733121194 - djm@cvs.openbsd.org 2010/11/04 02:45:34
[sftp-server.c]
     umask should be parsed as octal. reported by candland AT xmission.com;
     ok markus@
2010-11-05 10:20:31 +11:00
Darren Tucker
2901e2daeb - djm@cvs.openbsd.org 2010/01/13 01:40:16
[sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h]
     support '-h' (human-readable units) for sftp's ls command, just like
     ls(1); ok dtucker@
2010-01-13 22:44:06 +11:00
Darren Tucker
db7bf82544 - djm@cvs.openbsd.org 2010/01/09 00:20:26
[sftp-server.c sftp-server.8]
     add a 'read-only' mode to sftp-server(8) that disables open in write mode
     and all other fs-modifying protocol methods. bz#430 ok dtucker@
2010-01-09 22:24:33 +11:00
Darren Tucker
aaf51d2d5b - djm@cvs.openbsd.org 2010/01/04 02:25:15
[sftp-server.c]
     bz#1566 don't unnecessarily dup() in and out fds for sftp-server;
     ok markus@
2010-01-08 19:04:49 +11:00