summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2013-10-09 23:42:18 +0000
committerDamien Miller <djm@cvs.openbsd.org>2013-10-09 23:42:18 +0000
commit4acc60f98b4cb6bcaf3b3df364507f2b55971708 (patch)
tree279bc6f6fdc63405e1930d6b6899ae061d07acbf
parent387a39b5338596257e2bab121decfa21482733c3 (diff)
Add ability to whitelist and/or blacklist sftp protocol requests by name.
Refactor dispatch loop and consolidate read-only mode checks. Make global variables static, since sftp-server is linked into sshd(8). ok dtucker@
-rw-r--r--usr.bin/ssh/sftp-server.838
-rw-r--r--usr.bin/ssh/sftp-server.c403
2 files changed, 249 insertions, 192 deletions
diff --git a/usr.bin/ssh/sftp-server.8 b/usr.bin/ssh/sftp-server.8
index cc925b96ec6..d7604b28d63 100644
--- a/usr.bin/ssh/sftp-server.8
+++ b/usr.bin/ssh/sftp-server.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.23 2013/07/16 00:07:52 schwarze Exp $
+.\" $OpenBSD: sftp-server.8,v 1.24 2013/10/09 23:42:17 djm Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 16 2013 $
+.Dd $Mdocdate: October 9 2013 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
@@ -30,11 +30,15 @@
.Nd SFTP server subsystem
.Sh SYNOPSIS
.Nm sftp-server
+.Bk -words
.Op Fl ehR
.Op Fl d Ar start_directory
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
.Op Fl u Ar umask
+.Ek
+.Nm
+.Fl Q Ar protocol_feature
.Sh DESCRIPTION
.Nm
is a program that speaks the server side of SFTP protocol
@@ -93,6 +97,36 @@ performs on behalf of the client.
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
+.It Fl P Ar blacklisted_requests
+Specify a comma-separated list of sftp protocol requests that are banned by
+the server.
+.Nm
+will reply to any blacklisted request with a failure.
+The
+.Fl Q
+flag allows querying
+.Nm
+to determine the supported request types.
+If both a blacklist and a whitelist are specified, then the blacklist is
+applied before the whitelist.
+.It Fl p Ar whitelisted_requests
+Specify a comma-separated list of sftp protocol requests that are permitted
+by the server.
+All request types that are not on the whitelist will be logged and replied
+to with a failure message.
+.Pp
+Care must be taken when using this feature to ensure that requests made
+implicitly by sftp clients are permitted.
+.It Fl Q Ar protocol_feature
+Query protocol features supported by
+.Nm .
+At present the only feature that may be queried is
+.Dq requests ,
+that may be used for whitelisting or blacklisting (flags
+.Fl p
+and
+.Fl P
+respectively.)
.It Fl R
Places this instance of
.Nm
diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c
index 7e74f9d9fc0..b6c460ef9d7 100644
--- a/usr.bin/ssh/sftp-server.c
+++ b/usr.bin/ssh/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.97 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.98 2013/10/09 23:42:17 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -37,6 +37,7 @@
#include "buffer.h"
#include "log.h"
#include "misc.h"
+#include "match.h"
#include "uidswap.h"
#include "sftp.h"
@@ -48,24 +49,29 @@
#define get_string(lenp) buffer_get_string(&iqueue, lenp);
/* Our verbosity */
-LogLevel log_level = SYSLOG_LEVEL_ERROR;
+static LogLevel log_level = SYSLOG_LEVEL_ERROR;
/* Our client */
-struct passwd *pw = NULL;
-char *client_addr = NULL;
+static struct passwd *pw = NULL;
+static char *client_addr = NULL;
/* input and output queue */
-Buffer iqueue;
-Buffer oqueue;
+static Buffer iqueue;
+static Buffer oqueue;
/* Version of client */
-u_int version;
+static u_int version;
+
+/* SSH2_FXP_INIT received */
+static int init_done;
/* Disable writes */
-int readonly;
+static int readonly;
-/* portable attributes, etc. */
+/* Requests that are allowed/denied */
+static char *request_whitelist, *request_blacklist;
+/* portable attributes, etc. */
typedef struct Stat Stat;
struct Stat {
@@ -74,6 +80,100 @@ struct Stat {
Attrib attrib;
};
+/* Packet handlers */
+static void process_open(u_int32_t id);
+static void process_close(u_int32_t id);
+static void process_read(u_int32_t id);
+static void process_write(u_int32_t id);
+static void process_stat(u_int32_t id);
+static void process_lstat(u_int32_t id);
+static void process_fstat(u_int32_t id);
+static void process_setstat(u_int32_t id);
+static void process_fsetstat(u_int32_t id);
+static void process_opendir(u_int32_t id);
+static void process_readdir(u_int32_t id);
+static void process_remove(u_int32_t id);
+static void process_mkdir(u_int32_t id);
+static void process_rmdir(u_int32_t id);
+static void process_realpath(u_int32_t id);
+static void process_rename(u_int32_t id);
+static void process_readlink(u_int32_t id);
+static void process_symlink(u_int32_t id);
+static void process_extended_posix_rename(u_int32_t id);
+static void process_extended_statvfs(u_int32_t id);
+static void process_extended_fstatvfs(u_int32_t id);
+static void process_extended_hardlink(u_int32_t id);
+static void process_extended(u_int32_t id);
+
+struct sftp_handler {
+ const char *name; /* user-visible name for fine-grained perms */
+ const char *ext_name; /* extended request name */
+ u_int type; /* packet type, for non extended packets */
+ void (*handler)(u_int32_t);
+ int does_write; /* if nonzero, banned for readonly mode */
+};
+
+struct sftp_handler handlers[] = {
+ /* NB. SSH2_FXP_OPEN does the readonly check in the handler itself */
+ { "open", NULL, SSH2_FXP_OPEN, process_open, 0 },
+ { "close", NULL, SSH2_FXP_CLOSE, process_close, 0 },
+ { "read", NULL, SSH2_FXP_READ, process_read, 0 },
+ { "write", NULL, SSH2_FXP_WRITE, process_write, 1 },
+ { "lstat", NULL, SSH2_FXP_LSTAT, process_lstat, 0 },
+ { "fstat", NULL, SSH2_FXP_FSTAT, process_fstat, 0 },
+ { "setstat", NULL, SSH2_FXP_SETSTAT, process_setstat, 1 },
+ { "fsetstat", NULL, SSH2_FXP_FSETSTAT, process_fsetstat, 1 },
+ { "opendir", NULL, SSH2_FXP_OPENDIR, process_opendir, 0 },
+ { "readdir", NULL, SSH2_FXP_READDIR, process_readdir, 0 },
+ { "remove", NULL, SSH2_FXP_REMOVE, process_remove, 1 },
+ { "mkdir", NULL, SSH2_FXP_MKDIR, process_mkdir, 1 },
+ { "rmdir", NULL, SSH2_FXP_RMDIR, process_rmdir, 1 },
+ { "realpath", NULL, SSH2_FXP_REALPATH, process_realpath, 0 },
+ { "stat", NULL, SSH2_FXP_STAT, process_stat, 0 },
+ { "rename", NULL, SSH2_FXP_RENAME, process_rename, 1 },
+ { "readlink", NULL, SSH2_FXP_READLINK, process_readlink, 0 },
+ { "symlink", NULL, SSH2_FXP_SYMLINK, process_symlink, 1 },
+ { NULL, NULL, 0, NULL, 0 }
+};
+
+/* SSH2_FXP_EXTENDED submessages */
+struct sftp_handler extended_handlers[] = {
+ { "posix-rename", "posix-rename@openssh.com", 0,
+ process_extended_posix_rename, 1 },
+ { "statvfs", "statvfs@openssh.com", 0, process_extended_statvfs, 0 },
+ { "fstatvfs", "fstatvfs@openssh.com", 0, process_extended_fstatvfs, 0 },
+ { "hardlink", "hardlink@openssh.com", 0, process_extended_hardlink, 1 },
+ { NULL, NULL, 0, NULL, 0 }
+};
+
+static int
+request_permitted(struct sftp_handler *h)
+{
+ char *result;
+
+ if (readonly && h->does_write) {
+ verbose("Refusing %s request in read-only mode", h->name);
+ return 0;
+ }
+ if (request_blacklist != NULL &&
+ ((result = match_list(h->name, request_blacklist, NULL))) != NULL) {
+ free(result);
+ verbose("Refusing blacklisted %s request", h->name);
+ return 0;
+ }
+ if (request_whitelist != NULL &&
+ ((result = match_list(h->name, request_whitelist, NULL))) != NULL) {
+ free(result);
+ debug2("Permitting whitelisted %s request", h->name);
+ return 1;
+ }
+ if (request_whitelist != NULL) {
+ verbose("Refusing non-whitelisted %s request", h->name);
+ return 0;
+ }
+ return 1;
+}
+
static int
errno_to_portable(int unixerrno)
{
@@ -534,14 +634,13 @@ process_init(void)
}
static void
-process_open(void)
+process_open(u_int32_t id)
{
- u_int32_t id, pflags;
+ u_int32_t pflags;
Attrib *a;
char *name;
int handle, fd, flags, mode, status = SSH2_FX_FAILURE;
- id = get_int();
name = get_string(NULL);
pflags = get_int(); /* portable flags */
debug3("request %u: open flags %d", id, pflags);
@@ -551,9 +650,11 @@ process_open(void)
logit("open \"%s\" flags %s mode 0%o",
name, string_from_portable(pflags), mode);
if (readonly &&
- ((flags & O_ACCMODE) == O_WRONLY || (flags & O_ACCMODE) == O_RDWR))
- status = SSH2_FX_PERMISSION_DENIED;
- else {
+ ((flags & O_ACCMODE) == O_WRONLY ||
+ (flags & O_ACCMODE) == O_RDWR)) {
+ verbose("Refusing open request in read-only mode");
+ status = SSH2_FX_PERMISSION_DENIED;
+ } else {
fd = open(name, flags, mode);
if (fd < 0) {
status = errno_to_portable(errno);
@@ -573,12 +674,10 @@ process_open(void)
}
static void
-process_close(void)
+process_close(u_int32_t id)
{
- u_int32_t id;
int handle, ret, status = SSH2_FX_FAILURE;
- id = get_int();
handle = get_handle();
debug3("request %u: close handle %u", id, handle);
handle_log_close(handle, NULL);
@@ -588,14 +687,13 @@ process_close(void)
}
static void
-process_read(void)
+process_read(u_int32_t id)
{
char buf[64*1024];
- u_int32_t id, len;
+ u_int32_t len;
int handle, fd, ret, status = SSH2_FX_FAILURE;
u_int64_t off;
- id = get_int();
handle = get_handle();
off = get_int64();
len = get_int();
@@ -629,15 +727,13 @@ process_read(void)
}
static void
-process_write(void)
+process_write(u_int32_t id)
{
- u_int32_t id;
u_int64_t off;
u_int len;
int handle, fd, ret, status;
char *data;
- id = get_int();
handle = get_handle();
off = get_int64();
data = get_string(&len);
@@ -648,8 +744,6 @@ process_write(void)
if (fd < 0)
status = SSH2_FX_FAILURE;
- else if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
else {
if (lseek(fd, off, SEEK_SET) < 0) {
status = errno_to_portable(errno);
@@ -674,15 +768,13 @@ process_write(void)
}
static void
-process_do_stat(int do_lstat)
+process_do_stat(u_int32_t id, int do_lstat)
{
Attrib a;
struct stat st;
- u_int32_t id;
char *name;
int ret, status = SSH2_FX_FAILURE;
- id = get_int();
name = get_string(NULL);
debug3("request %u: %sstat", id, do_lstat ? "l" : "");
verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
@@ -700,26 +792,24 @@ process_do_stat(int do_lstat)
}
static void
-process_stat(void)
+process_stat(u_int32_t id)
{
- process_do_stat(0);
+ process_do_stat(id, 0);
}
static void
-process_lstat(void)
+process_lstat(u_int32_t id)
{
- process_do_stat(1);
+ process_do_stat(id, 1);
}
static void
-process_fstat(void)
+process_fstat(u_int32_t id)
{
Attrib a;
struct stat st;
- u_int32_t id;
int fd, ret, handle, status = SSH2_FX_FAILURE;
- id = get_int();
handle = get_handle();
debug("request %u: fstat \"%s\" (handle %u)",
id, handle_to_name(handle), handle);
@@ -751,21 +841,15 @@ attrib_to_tv(const Attrib *a)
}
static void
-process_setstat(void)
+process_setstat(u_int32_t id)
{
Attrib *a;
- u_int32_t id;
char *name;
int status = SSH2_FX_OK, ret;
- id = get_int();
name = get_string(NULL);
a = get_attrib();
debug("request %u: setstat name \"%s\"", id, name);
- if (readonly) {
- status = SSH2_FX_PERMISSION_DENIED;
- a->flags = 0;
- }
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
logit("set \"%s\" size %llu",
name, (unsigned long long)a->size);
@@ -802,22 +886,18 @@ process_setstat(void)
}
static void
-process_fsetstat(void)
+process_fsetstat(u_int32_t id)
{
Attrib *a;
- u_int32_t id;
int handle, fd, ret;
int status = SSH2_FX_OK;
- id = get_int();
handle = get_handle();
a = get_attrib();
debug("request %u: fsetstat handle %d", id, handle);
fd = handle_to_fd(handle);
if (fd < 0)
status = SSH2_FX_FAILURE;
- else if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
else {
char *name = handle_to_name(handle);
@@ -857,14 +937,12 @@ process_fsetstat(void)
}
static void
-process_opendir(void)
+process_opendir(u_int32_t id)
{
DIR *dirp = NULL;
char *path;
int handle, status = SSH2_FX_FAILURE;
- u_int32_t id;
- id = get_int();
path = get_string(NULL);
debug3("request %u: opendir", id);
logit("opendir \"%s\"", path);
@@ -887,15 +965,13 @@ process_opendir(void)
}
static void
-process_readdir(void)
+process_readdir(u_int32_t id)
{
DIR *dirp;
struct dirent *dp;
char *path;
int handle;
- u_int32_t id;
- id = get_int();
handle = get_handle();
debug("request %u: readdir \"%s\" (handle %d)", id,
handle_to_name(handle), handle);
@@ -943,81 +1019,61 @@ process_readdir(void)
}
static void
-process_remove(void)
+process_remove(u_int32_t id)
{
char *name;
- u_int32_t id;
int status = SSH2_FX_FAILURE;
int ret;
- id = get_int();
name = get_string(NULL);
debug3("request %u: remove", id);
logit("remove name \"%s\"", name);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = unlink(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = unlink(name);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(name);
}
static void
-process_mkdir(void)
+process_mkdir(u_int32_t id)
{
Attrib *a;
- u_int32_t id;
char *name;
int ret, mode, status = SSH2_FX_FAILURE;
- id = get_int();
name = get_string(NULL);
a = get_attrib();
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
a->perm & 07777 : 0777;
debug3("request %u: mkdir", id);
logit("mkdir name \"%s\" mode 0%o", name, mode);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = mkdir(name, mode);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = mkdir(name, mode);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(name);
}
static void
-process_rmdir(void)
+process_rmdir(u_int32_t id)
{
- u_int32_t id;
char *name;
int ret, status;
- id = get_int();
name = get_string(NULL);
debug3("request %u: rmdir", id);
logit("rmdir name \"%s\"", name);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = rmdir(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = rmdir(name);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(name);
}
static void
-process_realpath(void)
+process_realpath(u_int32_t id)
{
char resolvedname[MAXPATHLEN];
- u_int32_t id;
char *path;
- id = get_int();
path = get_string(NULL);
if (path[0] == '\0') {
free(path);
@@ -1037,22 +1093,18 @@ process_realpath(void)
}
static void
-process_rename(void)
+process_rename(u_int32_t id)
{
- u_int32_t id;
char *oldpath, *newpath;
int status;
struct stat sb;
- id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
debug3("request %u: rename", id);
logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
status = SSH2_FX_FAILURE;
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else if (lstat(oldpath, &sb) == -1)
+ if (lstat(oldpath, &sb) == -1)
status = errno_to_portable(errno);
else if (S_ISREG(sb.st_mode)) {
/* Race-free rename of regular files */
@@ -1092,14 +1144,12 @@ process_rename(void)
}
static void
-process_readlink(void)
+process_readlink(u_int32_t id)
{
- u_int32_t id;
int len;
char buf[MAXPATHLEN];
char *path;
- id = get_int();
path = get_string(NULL);
debug3("request %u: readlink", id);
verbose("readlink \"%s\"", path);
@@ -1117,24 +1167,18 @@ process_readlink(void)
}
static void
-process_symlink(void)
+process_symlink(u_int32_t id)
{
- u_int32_t id;
char *oldpath, *newpath;
int ret, status;
- id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
debug3("request %u: symlink", id);
logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
/* this will fail if 'newpath' exists */
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = symlink(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = symlink(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(oldpath);
free(newpath);
@@ -1150,12 +1194,8 @@ process_extended_posix_rename(u_int32_t id)
newpath = get_string(NULL);
debug3("request %u: posix-rename", id);
logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = rename(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = rename(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(oldpath);
free(newpath);
@@ -1207,35 +1247,33 @@ process_extended_hardlink(u_int32_t id)
newpath = get_string(NULL);
debug3("request %u: hardlink", id);
logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath);
- if (readonly)
- status = SSH2_FX_PERMISSION_DENIED;
- else {
- ret = link(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ ret = link(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
free(oldpath);
free(newpath);
}
static void
-process_extended(void)
+process_extended(u_int32_t id)
{
- u_int32_t id;
char *request;
+ u_int i;
- id = get_int();
request = get_string(NULL);
- if (strcmp(request, "posix-rename@openssh.com") == 0)
- process_extended_posix_rename(id);
- else if (strcmp(request, "statvfs@openssh.com") == 0)
- process_extended_statvfs(id);
- else if (strcmp(request, "fstatvfs@openssh.com") == 0)
- process_extended_fstatvfs(id);
- else if (strcmp(request, "hardlink@openssh.com") == 0)
- process_extended_hardlink(id);
- else
+ for (i = 0; extended_handlers[i].handler != NULL; i++) {
+ if (strcmp(request, extended_handlers[i].ext_name) == 0) {
+ if (!request_permitted(&extended_handlers[i]))
+ send_status(id, SSH2_FX_PERMISSION_DENIED);
+ else
+ extended_handlers[i].handler(id);
+ break;
+ }
+ }
+ if (extended_handlers[i].handler == NULL) {
+ error("Unknown extended request \"%.100s\"", request);
send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
+ }
free(request);
}
@@ -1244,11 +1282,9 @@ process_extended(void)
static void
process(void)
{
- u_int msg_len;
- u_int buf_len;
- u_int consumed;
- u_int type;
+ u_int msg_len, buf_len, consumed, type, i;
u_char *cp;
+ u_int32_t id;
buf_len = buffer_len(&iqueue);
if (buf_len < 5)
@@ -1265,70 +1301,35 @@ process(void)
buffer_consume(&iqueue, 4);
buf_len -= 4;
type = buffer_get_char(&iqueue);
+
switch (type) {
case SSH2_FXP_INIT:
process_init();
- break;
- case SSH2_FXP_OPEN:
- process_open();
- break;
- case SSH2_FXP_CLOSE:
- process_close();
- break;
- case SSH2_FXP_READ:
- process_read();
- break;
- case SSH2_FXP_WRITE:
- process_write();
- break;
- case SSH2_FXP_LSTAT:
- process_lstat();
- break;
- case SSH2_FXP_FSTAT:
- process_fstat();
- break;
- case SSH2_FXP_SETSTAT:
- process_setstat();
- break;
- case SSH2_FXP_FSETSTAT:
- process_fsetstat();
- break;
- case SSH2_FXP_OPENDIR:
- process_opendir();
- break;
- case SSH2_FXP_READDIR:
- process_readdir();
- break;
- case SSH2_FXP_REMOVE:
- process_remove();
- break;
- case SSH2_FXP_MKDIR:
- process_mkdir();
- break;
- case SSH2_FXP_RMDIR:
- process_rmdir();
- break;
- case SSH2_FXP_REALPATH:
- process_realpath();
- break;
- case SSH2_FXP_STAT:
- process_stat();
- break;
- case SSH2_FXP_RENAME:
- process_rename();
- break;
- case SSH2_FXP_READLINK:
- process_readlink();
- break;
- case SSH2_FXP_SYMLINK:
- process_symlink();
+ init_done = 1;
break;
case SSH2_FXP_EXTENDED:
- process_extended();
+ if (!init_done)
+ fatal("Received extended request before init");
+ id = get_int();
+ process_extended(id);
break;
default:
- error("Unknown message %d", type);
- break;
+ if (!init_done)
+ fatal("Received %u request before init", type);
+ id = get_int();
+ for (i = 0; handlers[i].handler != NULL; i++) {
+ if (type == handlers[i].type) {
+ if (!request_permitted(&handlers[i])) {
+ send_status(id,
+ SSH2_FX_PERMISSION_DENIED);
+ } else {
+ handlers[i].handler(id);
+ }
+ break;
+ }
+ }
+ if (handlers[i].handler == NULL)
+ error("Unknown message %u", type);
}
/* discard the remaining bytes from the current packet */
if (buf_len < buffer_len(&iqueue)) {
@@ -1337,7 +1338,7 @@ process(void)
}
consumed = buf_len - buffer_len(&iqueue);
if (msg_len < consumed) {
- error("msg_len %d < consumed %d", msg_len, consumed);
+ error("msg_len %u < consumed %u", msg_len, consumed);
sftp_server_cleanup_exit(255);
}
if (msg_len > consumed)
@@ -1372,7 +1373,7 @@ int
sftp_server_main(int argc, char **argv, struct passwd *user_pw)
{
fd_set *rset, *wset;
- int in, out, max, ch, skipargs = 0, log_stderr = 0;
+ int i, in, out, max, ch, skipargs = 0, log_stderr = 0;
ssize_t len, olen, set_size;
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
char *cp, *homedir = NULL, buf[4*4096];
@@ -1385,8 +1386,20 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
pw = pwcopy(user_pw);
- while (!skipargs && (ch = getopt(argc, argv, "d:f:l:u:cehR")) != -1) {
+ while (!skipargs && (ch = getopt(argc, argv,
+ "d:f:l:P:p:Q:u:cehR")) != -1) {
switch (ch) {
+ case 'Q':
+ if (strcasecmp(optarg, "requests") != 0) {
+ fprintf(stderr, "Invalid query type\n");
+ exit(1);
+ }
+ for (i = 0; handlers[i].handler != NULL; i++)
+ printf("%s\n", handlers[i].name);
+ for (i = 0; extended_handlers[i].handler != NULL; i++)
+ printf("%s\n", extended_handlers[i].name);
+ exit(0);
+ break;
case 'R':
readonly = 1;
break;
@@ -1416,6 +1429,16 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
"u", user_pw->pw_name, (char *)NULL);
free(cp);
break;
+ case 'p':
+ if (request_whitelist != NULL)
+ fatal("Permitted requests already set");
+ request_whitelist = xstrdup(optarg);
+ break;
+ case 'P':
+ if (request_blacklist != NULL)
+ fatal("Refused requests already set");
+ request_blacklist = xstrdup(optarg);
+ break;
case 'u':
errno = 0;
mask = strtol(optarg, &cp, 8);