2 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 RCSID("$OpenBSD: sftp-server.c,v 1.52 2006/02/20 17:19:54 stevesk Exp $");
19 #include <sys/types.h>
32 #include "sftp-common.h"
35 #define get_int64() buffer_get_int64(&iqueue);
36 #define get_int() buffer_get_int(&iqueue);
37 #define get_string(lenp) buffer_get_string(&iqueue, lenp);
40 extern char *__progname;
42 /* input and output queue */
46 /* Version of client */
49 /* portable attributes, etc. */
51 typedef struct Stat Stat;
60 errno_to_portable(int unixerrno)
72 ret = SSH2_FX_NO_SUCH_FILE;
77 ret = SSH2_FX_PERMISSION_DENIED;
81 ret = SSH2_FX_BAD_MESSAGE;
84 ret = SSH2_FX_FAILURE;
91 flags_from_portable(int pflags)
95 if ((pflags & SSH2_FXF_READ) &&
96 (pflags & SSH2_FXF_WRITE)) {
98 } else if (pflags & SSH2_FXF_READ) {
100 } else if (pflags & SSH2_FXF_WRITE) {
103 if (pflags & SSH2_FXF_CREAT)
105 if (pflags & SSH2_FXF_TRUNC)
107 if (pflags & SSH2_FXF_EXCL)
115 return decode_attrib(&iqueue);
120 typedef struct Handle Handle;
141 for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
142 handles[i].use = HANDLE_UNUSED;
146 handle_new(int use, const char *name, int fd, DIR *dirp)
150 for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
151 if (handles[i].use == HANDLE_UNUSED) {
152 handles[i].use = use;
153 handles[i].dirp = dirp;
155 handles[i].name = xstrdup(name);
163 handle_is_ok(int i, int type)
165 return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
166 handles[i].use == type;
170 handle_to_string(int handle, char **stringp, int *hlenp)
172 if (stringp == NULL || hlenp == NULL)
174 *stringp = xmalloc(sizeof(int32_t));
175 PUT_32BIT(*stringp, handle);
176 *hlenp = sizeof(int32_t);
181 handle_from_string(const char *handle, u_int hlen)
185 if (hlen != sizeof(int32_t))
187 val = GET_32BIT(handle);
188 if (handle_is_ok(val, HANDLE_FILE) ||
189 handle_is_ok(val, HANDLE_DIR))
195 handle_to_name(int handle)
197 if (handle_is_ok(handle, HANDLE_DIR)||
198 handle_is_ok(handle, HANDLE_FILE))
199 return handles[handle].name;
204 handle_to_dir(int handle)
206 if (handle_is_ok(handle, HANDLE_DIR))
207 return handles[handle].dirp;
212 handle_to_fd(int handle)
214 if (handle_is_ok(handle, HANDLE_FILE))
215 return handles[handle].fd;
220 handle_close(int handle)
224 if (handle_is_ok(handle, HANDLE_FILE)) {
225 ret = close(handles[handle].fd);
226 handles[handle].use = HANDLE_UNUSED;
227 xfree(handles[handle].name);
228 } else if (handle_is_ok(handle, HANDLE_DIR)) {
229 ret = closedir(handles[handle].dirp);
230 handles[handle].use = HANDLE_UNUSED;
231 xfree(handles[handle].name);
245 handle = get_string(&hlen);
247 val = handle_from_string(handle, hlen);
257 int mlen = buffer_len(m);
259 buffer_put_int(&oqueue, mlen);
260 buffer_append(&oqueue, buffer_ptr(m), mlen);
261 buffer_consume(m, mlen);
265 send_status(u_int32_t id, u_int32_t status)
268 const char *status_messages[] = {
269 "Success", /* SSH_FX_OK */
270 "End of file", /* SSH_FX_EOF */
271 "No such file", /* SSH_FX_NO_SUCH_FILE */
272 "Permission denied", /* SSH_FX_PERMISSION_DENIED */
273 "Failure", /* SSH_FX_FAILURE */
274 "Bad message", /* SSH_FX_BAD_MESSAGE */
275 "No connection", /* SSH_FX_NO_CONNECTION */
276 "Connection lost", /* SSH_FX_CONNECTION_LOST */
277 "Operation unsupported", /* SSH_FX_OP_UNSUPPORTED */
278 "Unknown error" /* Others */
281 TRACE("sent status id %u error %u", id, status);
283 buffer_put_char(&msg, SSH2_FXP_STATUS);
284 buffer_put_int(&msg, id);
285 buffer_put_int(&msg, status);
287 buffer_put_cstring(&msg,
288 status_messages[MIN(status,SSH2_FX_MAX)]);
289 buffer_put_cstring(&msg, "");
295 send_data_or_handle(char type, u_int32_t id, const char *data, int dlen)
300 buffer_put_char(&msg, type);
301 buffer_put_int(&msg, id);
302 buffer_put_string(&msg, data, dlen);
308 send_data(u_int32_t id, const char *data, int dlen)
310 TRACE("sent data id %u len %d", id, dlen);
311 send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
315 send_handle(u_int32_t id, int handle)
320 handle_to_string(handle, &string, &hlen);
321 TRACE("sent handle id %u handle %d", id, handle);
322 send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
327 send_names(u_int32_t id, int count, const Stat *stats)
333 buffer_put_char(&msg, SSH2_FXP_NAME);
334 buffer_put_int(&msg, id);
335 buffer_put_int(&msg, count);
336 TRACE("sent names id %u count %d", id, count);
337 for (i = 0; i < count; i++) {
338 buffer_put_cstring(&msg, stats[i].name);
339 buffer_put_cstring(&msg, stats[i].long_name);
340 encode_attrib(&msg, &stats[i].attrib);
347 send_attrib(u_int32_t id, const Attrib *a)
351 TRACE("sent attrib id %u have 0x%x", id, a->flags);
353 buffer_put_char(&msg, SSH2_FXP_ATTRS);
354 buffer_put_int(&msg, id);
355 encode_attrib(&msg, a);
368 TRACE("client version %d", version);
370 buffer_put_char(&msg, SSH2_FXP_VERSION);
371 buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
379 u_int32_t id, pflags;
382 int handle, fd, flags, mode, status = SSH2_FX_FAILURE;
385 name = get_string(NULL);
386 pflags = get_int(); /* portable flags */
388 flags = flags_from_portable(pflags);
389 mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
390 TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
391 fd = open(name, flags, mode);
393 status = errno_to_portable(errno);
395 handle = handle_new(HANDLE_FILE, name, fd, NULL);
399 send_handle(id, handle);
403 if (status != SSH2_FX_OK)
404 send_status(id, status);
412 int handle, ret, status = SSH2_FX_FAILURE;
415 handle = get_handle();
416 TRACE("close id %u handle %d", id, handle);
417 ret = handle_close(handle);
418 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
419 send_status(id, status);
427 int handle, fd, ret, status = SSH2_FX_FAILURE;
431 handle = get_handle();
435 TRACE("read id %u handle %d off %llu len %d", id, handle,
436 (unsigned long long)off, len);
437 if (len > sizeof buf) {
439 logit("read change len %d", len);
441 fd = handle_to_fd(handle);
443 if (lseek(fd, off, SEEK_SET) < 0) {
444 error("process_read: seek failed");
445 status = errno_to_portable(errno);
447 ret = read(fd, buf, len);
449 status = errno_to_portable(errno);
450 } else if (ret == 0) {
451 status = SSH2_FX_EOF;
453 send_data(id, buf, ret);
458 if (status != SSH2_FX_OK)
459 send_status(id, status);
468 int handle, fd, ret, status = SSH2_FX_FAILURE;
472 handle = get_handle();
474 data = get_string(&len);
476 TRACE("write id %u handle %d off %llu len %d", id, handle,
477 (unsigned long long)off, len);
478 fd = handle_to_fd(handle);
480 if (lseek(fd, off, SEEK_SET) < 0) {
481 status = errno_to_portable(errno);
482 error("process_write: seek failed");
485 ret = write(fd, data, len);
487 error("process_write: write failed");
488 status = errno_to_portable(errno);
489 } else if ((size_t)ret == len) {
492 logit("nothing at all written");
496 send_status(id, status);
501 process_do_stat(int do_lstat)
507 int ret, status = SSH2_FX_FAILURE;
510 name = get_string(NULL);
511 TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name);
512 ret = do_lstat ? lstat(name, &st) : stat(name, &st);
514 status = errno_to_portable(errno);
516 stat_to_attrib(&st, &a);
520 if (status != SSH2_FX_OK)
521 send_status(id, status);
543 int fd, ret, handle, status = SSH2_FX_FAILURE;
546 handle = get_handle();
547 TRACE("fstat id %u handle %d", id, handle);
548 fd = handle_to_fd(handle);
550 ret = fstat(fd, &st);
552 status = errno_to_portable(errno);
554 stat_to_attrib(&st, &a);
559 if (status != SSH2_FX_OK)
560 send_status(id, status);
563 static struct timeval *
564 attrib_to_tv(const Attrib *a)
566 static struct timeval tv[2];
568 tv[0].tv_sec = a->atime;
570 tv[1].tv_sec = a->mtime;
576 process_setstat(void)
581 int status = SSH2_FX_OK, ret;
584 name = get_string(NULL);
586 TRACE("setstat id %u name %s", id, name);
587 if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
588 ret = truncate(name, a->size);
590 status = errno_to_portable(errno);
592 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
593 ret = chmod(name, a->perm & 0777);
595 status = errno_to_portable(errno);
597 if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
598 ret = utimes(name, attrib_to_tv(a));
600 status = errno_to_portable(errno);
602 if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
603 ret = chown(name, a->uid, a->gid);
605 status = errno_to_portable(errno);
607 send_status(id, status);
612 process_fsetstat(void)
617 int status = SSH2_FX_OK;
621 handle = get_handle();
623 TRACE("fsetstat id %u handle %d", id, handle);
624 fd = handle_to_fd(handle);
625 name = handle_to_name(handle);
626 if (fd < 0 || name == NULL) {
627 status = SSH2_FX_FAILURE;
629 if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
630 ret = ftruncate(fd, a->size);
632 status = errno_to_portable(errno);
634 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
636 ret = fchmod(fd, a->perm & 0777);
638 ret = chmod(name, a->perm & 0777);
641 status = errno_to_portable(errno);
643 if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
645 ret = futimes(fd, attrib_to_tv(a));
647 ret = utimes(name, attrib_to_tv(a));
650 status = errno_to_portable(errno);
652 if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
654 ret = fchown(fd, a->uid, a->gid);
656 ret = chown(name, a->uid, a->gid);
659 status = errno_to_portable(errno);
662 send_status(id, status);
666 process_opendir(void)
670 int handle, status = SSH2_FX_FAILURE;
674 path = get_string(NULL);
675 TRACE("opendir id %u path %s", id, path);
676 dirp = opendir(path);
678 status = errno_to_portable(errno);
680 handle = handle_new(HANDLE_DIR, path, 0, dirp);
684 send_handle(id, handle);
689 if (status != SSH2_FX_OK)
690 send_status(id, status);
695 process_readdir(void)
704 handle = get_handle();
705 TRACE("readdir id %u handle %d", id, handle);
706 dirp = handle_to_dir(handle);
707 path = handle_to_name(handle);
708 if (dirp == NULL || path == NULL) {
709 send_status(id, SSH2_FX_FAILURE);
714 int nstats = 10, count = 0, i;
716 stats = xmalloc(nstats * sizeof(Stat));
717 while ((dp = readdir(dirp)) != NULL) {
718 if (count >= nstats) {
720 stats = xrealloc(stats, nstats * sizeof(Stat));
723 snprintf(pathname, sizeof pathname, "%s%s%s", path,
724 strcmp(path, "/") ? "/" : "", dp->d_name);
725 if (lstat(pathname, &st) < 0)
727 stat_to_attrib(&st, &(stats[count].attrib));
728 stats[count].name = xstrdup(dp->d_name);
729 stats[count].long_name = ls_file(dp->d_name, &st, 0);
731 /* send up to 100 entries in one message */
732 /* XXX check packet size instead */
737 send_names(id, count, stats);
738 for (i = 0; i < count; i++) {
739 xfree(stats[i].name);
740 xfree(stats[i].long_name);
743 send_status(id, SSH2_FX_EOF);
754 int status = SSH2_FX_FAILURE;
758 name = get_string(NULL);
759 TRACE("remove id %u name %s", id, name);
761 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
762 send_status(id, status);
772 int ret, mode, status = SSH2_FX_FAILURE;
775 name = get_string(NULL);
777 mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
778 a->perm & 0777 : 0777;
779 TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
780 ret = mkdir(name, mode);
781 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
782 send_status(id, status);
794 name = get_string(NULL);
795 TRACE("rmdir id %u name %s", id, name);
797 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
798 send_status(id, status);
803 process_realpath(void)
805 char resolvedname[MAXPATHLEN];
810 path = get_string(NULL);
811 if (path[0] == '\0') {
815 TRACE("realpath id %u path %s", id, path);
816 if (realpath(path, resolvedname) == NULL) {
817 send_status(id, errno_to_portable(errno));
820 attrib_clear(&s.attrib);
821 s.name = s.long_name = resolvedname;
822 send_names(id, 1, &s);
831 char *oldpath, *newpath;
836 oldpath = get_string(NULL);
837 newpath = get_string(NULL);
838 TRACE("rename id %u old %s new %s", id, oldpath, newpath);
839 status = SSH2_FX_FAILURE;
840 if (lstat(oldpath, &sb) == -1)
841 status = errno_to_portable(errno);
842 else if (S_ISREG(sb.st_mode)) {
843 /* Race-free rename of regular files */
844 if (link(oldpath, newpath) == -1) {
845 if (errno == EOPNOTSUPP
846 #ifdef LINK_OPNOTSUPP_ERRNO
847 || errno == LINK_OPNOTSUPP_ERRNO
853 * fs doesn't support links, so fall back to
854 * stat+rename. This is racy.
856 if (stat(newpath, &st) == -1) {
857 if (rename(oldpath, newpath) == -1)
859 errno_to_portable(errno);
864 status = errno_to_portable(errno);
866 } else if (unlink(oldpath) == -1) {
867 status = errno_to_portable(errno);
868 /* clean spare link */
872 } else if (stat(newpath, &sb) == -1) {
873 if (rename(oldpath, newpath) == -1)
874 status = errno_to_portable(errno);
878 send_status(id, status);
884 process_readlink(void)
888 char buf[MAXPATHLEN];
892 path = get_string(NULL);
893 TRACE("readlink id %u path %s", id, path);
894 if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
895 send_status(id, errno_to_portable(errno));
900 attrib_clear(&s.attrib);
901 s.name = s.long_name = buf;
902 send_names(id, 1, &s);
908 process_symlink(void)
911 char *oldpath, *newpath;
915 oldpath = get_string(NULL);
916 newpath = get_string(NULL);
917 TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
918 /* this will fail if 'newpath' exists */
919 ret = symlink(oldpath, newpath);
920 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
921 send_status(id, status);
927 process_extended(void)
933 request = get_string(NULL);
934 send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
938 /* stolen from ssh-agent */
949 buf_len = buffer_len(&iqueue);
951 return; /* Incomplete message. */
952 cp = buffer_ptr(&iqueue);
953 msg_len = GET_32BIT(cp);
954 if (msg_len > SFTP_MAX_MSG_LENGTH) {
955 error("bad message ");
958 if (buf_len < msg_len + 4)
960 buffer_consume(&iqueue, 4);
962 type = buffer_get_char(&iqueue);
985 case SSH2_FXP_SETSTAT:
988 case SSH2_FXP_FSETSTAT:
991 case SSH2_FXP_OPENDIR:
994 case SSH2_FXP_READDIR:
997 case SSH2_FXP_REMOVE:
1000 case SSH2_FXP_MKDIR:
1003 case SSH2_FXP_RMDIR:
1006 case SSH2_FXP_REALPATH:
1012 case SSH2_FXP_RENAME:
1015 case SSH2_FXP_READLINK:
1018 case SSH2_FXP_SYMLINK:
1021 case SSH2_FXP_EXTENDED:
1025 error("Unknown message %d", type);
1028 /* discard the remaining bytes from the current packet */
1029 if (buf_len < buffer_len(&iqueue))
1030 fatal("iqueue grows");
1031 consumed = buf_len - buffer_len(&iqueue);
1032 if (msg_len < consumed)
1033 fatal("msg_len %d < consumed %d", msg_len, consumed);
1034 if (msg_len > consumed)
1035 buffer_consume(&iqueue, msg_len - consumed);
1039 main(int ac, char **av)
1041 fd_set *rset, *wset;
1043 ssize_t len, olen, set_size;
1045 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1048 /* XXX should use getopt */
1050 __progname = ssh_get_progname(av[0]);
1053 #ifdef DEBUG_SFTP_SERVER
1054 log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
1057 in = dup(STDIN_FILENO);
1058 out = dup(STDOUT_FILENO);
1061 setmode(in, O_BINARY);
1062 setmode(out, O_BINARY);
1071 buffer_init(&iqueue);
1072 buffer_init(&oqueue);
1074 set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
1075 rset = (fd_set *)xmalloc(set_size);
1076 wset = (fd_set *)xmalloc(set_size);
1079 memset(rset, 0, set_size);
1080 memset(wset, 0, set_size);
1083 olen = buffer_len(&oqueue);
1087 if (select(max+1, rset, wset, NULL, NULL) < 0) {
1093 /* copy stdin to iqueue */
1094 if (FD_ISSET(in, rset)) {
1096 len = read(in, buf, sizeof buf);
1100 } else if (len < 0) {
1101 error("read error");
1104 buffer_append(&iqueue, buf, len);
1107 /* send oqueue to stdout */
1108 if (FD_ISSET(out, wset)) {
1109 len = write(out, buffer_ptr(&oqueue), olen);
1111 error("write error");
1114 buffer_consume(&oqueue, len);
1117 /* process requests from client */