X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/b0f6943a5dc83eaaaba15ebce897e162c1624033..caba7de7d39b58f9f4fa9f33ca04531e0358e266:/sftp-server.c

diff --git a/sftp-server.c b/sftp-server.c
index 3c254e33..d9549f5b 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.64 2006/07/22 19:08:54 stevesk Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.78 2008/02/27 20:21:15 djm Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -14,22 +14,31 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+
 #include "includes.h"
 
 #include <sys/types.h>
+#include <sys/param.h>
 #include <sys/stat.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
 
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
-#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <pwd.h>
 #include <time.h>
+#include <unistd.h>
+#include <stdarg.h>
 
+#include "xmalloc.h"
 #include "buffer.h"
-#include "bufaux.h"
 #include "log.h"
-#include "xmalloc.h"
 #include "misc.h"
 #include "uidswap.h"
 
@@ -128,7 +137,7 @@ string_from_portable(int pflags)
 #define PAPPEND(str)	{				\
 		if (*ret != '\0')			\
 			strlcat(ret, ",", sizeof(ret));	\
-		strlcat(ret, str, sizeof(ret)); 	\
+		strlcat(ret, str, sizeof(ret));		\
 	}
 
 	if (pflags & SSH2_FXF_READ)
@@ -160,6 +169,7 @@ struct Handle {
 	int fd;
 	char *name;
 	u_int64_t bytes_read, bytes_write;
+	int next_unused;
 };
 
 enum {
@@ -168,40 +178,46 @@ enum {
 	HANDLE_FILE
 };
 
-Handle	handles[100];
+Handle *handles = NULL;
+u_int num_handles = 0;
+int first_unused_handle = -1;
 
-static void
-handle_init(void)
+static void handle_unused(int i)
 {
-	u_int i;
-
-	for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
-		handles[i].use = HANDLE_UNUSED;
+	handles[i].use = HANDLE_UNUSED;
+	handles[i].next_unused = first_unused_handle;
+	first_unused_handle = i;
 }
 
 static int
 handle_new(int use, const char *name, int fd, DIR *dirp)
 {
-	u_int i;
+	int i;
 
-	for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
-		if (handles[i].use == HANDLE_UNUSED) {
-			handles[i].use = use;
-			handles[i].dirp = dirp;
-			handles[i].fd = fd;
-			handles[i].name = xstrdup(name);
-			handles[i].bytes_read = handles[i].bytes_write = 0;
-			return i;
-		}
+	if (first_unused_handle == -1) {
+		if (num_handles + 1 <= num_handles)
+			return -1;
+		num_handles++;
+		handles = xrealloc(handles, num_handles, sizeof(Handle));
+		handle_unused(num_handles - 1);
 	}
-	return -1;
+
+	i = first_unused_handle;
+	first_unused_handle = handles[i].next_unused;
+
+	handles[i].use = use;
+	handles[i].dirp = dirp;
+	handles[i].fd = fd;
+	handles[i].name = xstrdup(name);
+	handles[i].bytes_read = handles[i].bytes_write = 0;
+
+	return i;
 }
 
 static int
 handle_is_ok(int i, int type)
 {
-	return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
-	    handles[i].use == type;
+	return i >= 0 && (u_int)i < num_handles && handles[i].use == type;
 }
 
 static int
@@ -291,12 +307,12 @@ handle_close(int handle)
 
 	if (handle_is_ok(handle, HANDLE_FILE)) {
 		ret = close(handles[handle].fd);
-		handles[handle].use = HANDLE_UNUSED;
 		xfree(handles[handle].name);
+		handle_unused(handle);
 	} else if (handle_is_ok(handle, HANDLE_DIR)) {
 		ret = closedir(handles[handle].dirp);
-		handles[handle].use = HANDLE_UNUSED;
 		xfree(handles[handle].name);
+		handle_unused(handle);
 	} else {
 		errno = ENOENT;
 	}
@@ -310,7 +326,8 @@ handle_log_close(int handle, char *emsg)
 		logit("%s%sclose \"%s\" bytes read %llu written %llu",
 		    emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
 		    handle_to_name(handle),
-		    handle_bytes_read(handle), handle_bytes_write(handle));
+		    (unsigned long long)handle_bytes_read(handle),
+		    (unsigned long long)handle_bytes_write(handle));
 	} else {
 		logit("%s%sclosedir \"%s\"",
 		    emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
@@ -323,7 +340,7 @@ handle_log_exit(void)
 {
 	u_int i;
 
-	for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
+	for (i = 0; i < num_handles; i++)
 		if (handles[i].use != HANDLE_UNUSED)
 			handle_log_close(i, "forced");
 }
@@ -470,6 +487,9 @@ process_init(void)
 	buffer_init(&msg);
 	buffer_put_char(&msg, SSH2_FXP_VERSION);
 	buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
+	/* POSIX rename extension */
+	buffer_put_cstring(&msg, "posix-rename@openssh.com");
+	buffer_put_cstring(&msg, "1"); /* version */
 	send_msg(&msg);
 	buffer_free(&msg);
 }
@@ -654,7 +674,7 @@ process_fstat(void)
 	debug("request %u: fstat \"%s\" (handle %u)",
 	    id, handle_to_name(handle), handle);
 	fd = handle_to_fd(handle);
-	if (fd  >= 0) {
+	if (fd >= 0) {
 		ret = fstat(fd, &st);
 		if (ret < 0) {
 			status = errno_to_portable(errno);
@@ -693,7 +713,8 @@ process_setstat(void)
 	a = get_attrib();
 	debug("request %u: setstat name \"%s\"", id, name);
 	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-		logit("set \"%s\" size %llu", name, a->size);
+		logit("set \"%s\" size %llu",
+		    name, (unsigned long long)a->size);
 		ret = truncate(name, a->size);
 		if (ret == -1)
 			status = errno_to_portable(errno);
@@ -745,7 +766,8 @@ process_fsetstat(void)
 		char *name = handle_to_name(handle);
 
 		if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-			logit("set \"%s\" size %llu", name, a->size);
+			logit("set \"%s\" size %llu",
+			    name, (unsigned long long)a->size);
 			ret = ftruncate(fd, a->size);
 			if (ret == -1)
 				status = errno_to_portable(errno);
@@ -1060,6 +1082,23 @@ process_symlink(void)
 	xfree(newpath);
 }
 
+static void
+process_extended_posix_rename(u_int32_t id)
+{
+	char *oldpath, *newpath;
+
+	oldpath = get_string(NULL);
+	newpath = get_string(NULL);
+	debug3("request %u: posix-rename", id);
+	logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
+	if (rename(oldpath, newpath) == -1)
+		send_status(id, errno_to_portable(errno));
+	else
+		send_status(id, SSH2_FX_OK);
+	xfree(oldpath);
+	xfree(newpath);
+}
+
 static void
 process_extended(void)
 {
@@ -1068,7 +1107,10 @@ process_extended(void)
 
 	id = get_int();
 	request = get_string(NULL);
-	send_status(id, SSH2_FX_OP_UNSUPPORTED);		/* MUST */
+	if (strcmp(request, "posix-rename@openssh.com") == 0)
+		process_extended_posix_rename(id);
+	else
+		send_status(id, SSH2_FX_OP_UNSUPPORTED);	/* MUST */
 	xfree(request);
 }
 
@@ -1091,7 +1133,7 @@ process(void)
 	if (msg_len > SFTP_MAX_MSG_LENGTH) {
 		error("bad message from %s local user %s",
 		    client_addr, pw->pw_name);
-		cleanup_exit(11);
+		sftp_server_cleanup_exit(11);
 	}
 	if (buf_len < msg_len + 4)
 		return;
@@ -1164,18 +1206,22 @@ process(void)
 		break;
 	}
 	/* discard the remaining bytes from the current packet */
-	if (buf_len < buffer_len(&iqueue))
-		fatal("iqueue grew unexpectedly");
+	if (buf_len < buffer_len(&iqueue)) {
+		error("iqueue grew unexpectedly");
+		sftp_server_cleanup_exit(255);
+	}
 	consumed = buf_len - buffer_len(&iqueue);
-	if (msg_len < consumed)
-		fatal("msg_len %d < consumed %d", msg_len, consumed);
+	if (msg_len < consumed) {
+		error("msg_len %d < consumed %d", msg_len, consumed);
+		sftp_server_cleanup_exit(255);
+	}
 	if (msg_len > consumed)
 		buffer_consume(&iqueue, msg_len - consumed);
 }
 
 /* Cleanup handler that logs active handles upon normal exit */
 void
-cleanup_exit(int i)
+sftp_server_cleanup_exit(int i)
 {
 	if (pw != NULL && client_addr != NULL) {
 		handle_log_exit();
@@ -1186,7 +1232,7 @@ cleanup_exit(int i)
 }
 
 static void
-usage(void)
+sftp_server_usage(void)
 {
 	extern char *__progname;
 
@@ -1196,20 +1242,17 @@ usage(void)
 }
 
 int
-main(int argc, char **argv)
+sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 {
 	fd_set *rset, *wset;
 	int in, out, max, ch, skipargs = 0, log_stderr = 0;
 	ssize_t len, olen, set_size;
 	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
-	char *cp;
+	char *cp, buf[4*4096];
 
 	extern char *optarg;
 	extern char *__progname;
 
-	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-	sanitise_stdfd();
-
 	__progname = ssh_get_progname(argv[0]);
 	log_init(__progname, log_level, log_facility, log_stderr);
 
@@ -1218,7 +1261,7 @@ main(int argc, char **argv)
 		case 'c':
 			/*
 			 * Ignore all arguments if we are invoked as a
-			 * shell using "sftp-server -c command" 
+			 * shell using "sftp-server -c command"
 			 */
 			skipargs = 1;
 			break;
@@ -1232,12 +1275,12 @@ main(int argc, char **argv)
 			break;
 		case 'f':
 			log_facility = log_facility_number(optarg);
-			if (log_level == SYSLOG_FACILITY_NOT_SET)
+			if (log_facility == SYSLOG_FACILITY_NOT_SET)
 				error("Invalid log facility \"%s\"", optarg);
 			break;
 		case 'h':
 		default:
-			usage();
+			sftp_server_usage();
 		}
 	}
 
@@ -1245,22 +1288,20 @@ main(int argc, char **argv)
 
 	if ((cp = getenv("SSH_CONNECTION")) != NULL) {
 		client_addr = xstrdup(cp);
-		if ((cp = strchr(client_addr, ' ')) == NULL)
-			fatal("Malformed SSH_CONNECTION variable: \"%s\"",
+		if ((cp = strchr(client_addr, ' ')) == NULL) {
+			error("Malformed SSH_CONNECTION variable: \"%s\"",
 			    getenv("SSH_CONNECTION"));
+			sftp_server_cleanup_exit(255);
+		}
 		*cp = '\0';
 	} else
 		client_addr = xstrdup("UNKNOWN");
 
-	if ((pw = getpwuid(getuid())) == NULL)
-		fatal("No user found for uid %lu", (u_long)getuid());
-	pw = pwcopy(pw);
+	pw = pwcopy(user_pw);
 
 	logit("session opened for local user %s from [%s]",
 	    pw->pw_name, client_addr);
 
-	handle_init();
-
 	in = dup(STDIN_FILENO);
 	out = dup(STDOUT_FILENO);
 
@@ -1286,7 +1327,15 @@ main(int argc, char **argv)
 		memset(rset, 0, set_size);
 		memset(wset, 0, set_size);
 
-		FD_SET(in, rset);
+		/*
+		 * Ensure that we can read a full buffer and handle
+		 * the worst-case length packet it can generate,
+		 * otherwise apply backpressure by stopping reads.
+		 */
+		if (buffer_check_alloc(&iqueue, sizeof(buf)) &&
+		    buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
+			FD_SET(in, rset);
+
 		olen = buffer_len(&oqueue);
 		if (olen > 0)
 			FD_SET(out, wset);
@@ -1295,19 +1344,18 @@ main(int argc, char **argv)
 			if (errno == EINTR)
 				continue;
 			error("select: %s", strerror(errno));
-			cleanup_exit(2);
+			sftp_server_cleanup_exit(2);
 		}
 
 		/* copy stdin to iqueue */
 		if (FD_ISSET(in, rset)) {
-			char buf[4*4096];
 			len = read(in, buf, sizeof buf);
 			if (len == 0) {
 				debug("read eof");
-				cleanup_exit(0);
+				sftp_server_cleanup_exit(0);
 			} else if (len < 0) {
 				error("read: %s", strerror(errno));
-				cleanup_exit(1);
+				sftp_server_cleanup_exit(1);
 			} else {
 				buffer_append(&iqueue, buf, len);
 			}
@@ -1317,12 +1365,18 @@ main(int argc, char **argv)
 			len = write(out, buffer_ptr(&oqueue), olen);
 			if (len < 0) {
 				error("write: %s", strerror(errno));
-				cleanup_exit(1);
+				sftp_server_cleanup_exit(1);
 			} else {
 				buffer_consume(&oqueue, len);
 			}
 		}
-		/* process requests from client */
-		process();
+
+		/*
+		 * Process requests from client if we can fit the results
+		 * into the output buffer, otherwise stop processing input
+		 * and let the output queue drain.
+		 */
+		if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
+			process();
 	}
 }