535af610a4
Excerpts from the release notes: * ssh-agent(1): PKCS#11 modules must now be specified by their full paths. Previously dlopen(3) could search for them in system library directories. * ssh(1): allow forwarding Unix Domain sockets via ssh -W. * ssh(1): add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. * ssh(1): add a "match localnetwork" predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location. * ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules being loaded by checking that the requested module contains the required symbol before loading it. * ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was expicitly set to "none". bz3567 Full release notes at https://www.openssh.com/txt/release-9.4 Relnotes: Yes Sponsored by: The FreeBSD Foundation
266 lines
6.9 KiB
C
266 lines
6.9 KiB
C
/* $OpenBSD: sftp-common.c,v 1.34 2023/03/31 04:00:37 djm Exp $ */
|
|
/*
|
|
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
|
* Copyright (c) 2001 Damien Miller. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
|
|
#include <grp.h>
|
|
#include <pwd.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
#include <stdarg.h>
|
|
#include <unistd.h>
|
|
#ifdef HAVE_UTIL_H
|
|
#include <util.h>
|
|
#endif
|
|
|
|
#include "xmalloc.h"
|
|
#include "ssherr.h"
|
|
#include "sshbuf.h"
|
|
#include "log.h"
|
|
#include "misc.h"
|
|
|
|
#include "sftp.h"
|
|
#include "sftp-common.h"
|
|
|
|
/* Clear contents of attributes structure */
|
|
void
|
|
attrib_clear(Attrib *a)
|
|
{
|
|
a->flags = 0;
|
|
a->size = 0;
|
|
a->uid = 0;
|
|
a->gid = 0;
|
|
a->perm = 0;
|
|
a->atime = 0;
|
|
a->mtime = 0;
|
|
}
|
|
|
|
/* Convert from struct stat to filexfer attribs */
|
|
void
|
|
stat_to_attrib(const struct stat *st, Attrib *a)
|
|
{
|
|
attrib_clear(a);
|
|
a->flags = 0;
|
|
a->flags |= SSH2_FILEXFER_ATTR_SIZE;
|
|
a->size = st->st_size;
|
|
a->flags |= SSH2_FILEXFER_ATTR_UIDGID;
|
|
a->uid = st->st_uid;
|
|
a->gid = st->st_gid;
|
|
a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
|
|
a->perm = st->st_mode;
|
|
a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME;
|
|
a->atime = st->st_atime;
|
|
a->mtime = st->st_mtime;
|
|
}
|
|
|
|
/* Convert from filexfer attribs to struct stat */
|
|
void
|
|
attrib_to_stat(const Attrib *a, struct stat *st)
|
|
{
|
|
memset(st, 0, sizeof(*st));
|
|
|
|
if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
|
|
st->st_size = a->size;
|
|
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
|
|
st->st_uid = a->uid;
|
|
st->st_gid = a->gid;
|
|
}
|
|
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
|
|
st->st_mode = a->perm;
|
|
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
|
|
st->st_atime = a->atime;
|
|
st->st_mtime = a->mtime;
|
|
}
|
|
}
|
|
|
|
/* Decode attributes in buffer */
|
|
int
|
|
decode_attrib(struct sshbuf *b, Attrib *a)
|
|
{
|
|
int r;
|
|
|
|
attrib_clear(a);
|
|
if ((r = sshbuf_get_u32(b, &a->flags)) != 0)
|
|
return r;
|
|
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
|
|
if ((r = sshbuf_get_u64(b, &a->size)) != 0)
|
|
return r;
|
|
}
|
|
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
|
|
if ((r = sshbuf_get_u32(b, &a->uid)) != 0 ||
|
|
(r = sshbuf_get_u32(b, &a->gid)) != 0)
|
|
return r;
|
|
}
|
|
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
|
|
if ((r = sshbuf_get_u32(b, &a->perm)) != 0)
|
|
return r;
|
|
}
|
|
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
|
|
if ((r = sshbuf_get_u32(b, &a->atime)) != 0 ||
|
|
(r = sshbuf_get_u32(b, &a->mtime)) != 0)
|
|
return r;
|
|
}
|
|
/* vendor-specific extensions */
|
|
if (a->flags & SSH2_FILEXFER_ATTR_EXTENDED) {
|
|
char *type;
|
|
u_char *data;
|
|
size_t dlen;
|
|
u_int i, count;
|
|
|
|
if ((r = sshbuf_get_u32(b, &count)) != 0)
|
|
return r;
|
|
if (count > 0x100000)
|
|
return SSH_ERR_INVALID_FORMAT;
|
|
for (i = 0; i < count; i++) {
|
|
if ((r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
|
|
(r = sshbuf_get_string(b, &data, &dlen)) != 0)
|
|
return r;
|
|
debug3("Got file attribute \"%.100s\" len %zu",
|
|
type, dlen);
|
|
free(type);
|
|
free(data);
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/* Encode attributes to buffer */
|
|
int
|
|
encode_attrib(struct sshbuf *b, const Attrib *a)
|
|
{
|
|
int r;
|
|
|
|
if ((r = sshbuf_put_u32(b, a->flags)) != 0)
|
|
return r;
|
|
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
|
|
if ((r = sshbuf_put_u64(b, a->size)) != 0)
|
|
return r;
|
|
}
|
|
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
|
|
if ((r = sshbuf_put_u32(b, a->uid)) != 0 ||
|
|
(r = sshbuf_put_u32(b, a->gid)) != 0)
|
|
return r;
|
|
}
|
|
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
|
|
if ((r = sshbuf_put_u32(b, a->perm)) != 0)
|
|
return r;
|
|
}
|
|
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
|
|
if ((r = sshbuf_put_u32(b, a->atime)) != 0 ||
|
|
(r = sshbuf_put_u32(b, a->mtime)) != 0)
|
|
return r;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/* Convert from SSH2_FX_ status to text error message */
|
|
const char *
|
|
fx2txt(int status)
|
|
{
|
|
switch (status) {
|
|
case SSH2_FX_OK:
|
|
return("No error");
|
|
case SSH2_FX_EOF:
|
|
return("End of file");
|
|
case SSH2_FX_NO_SUCH_FILE:
|
|
return("No such file or directory");
|
|
case SSH2_FX_PERMISSION_DENIED:
|
|
return("Permission denied");
|
|
case SSH2_FX_FAILURE:
|
|
return("Failure");
|
|
case SSH2_FX_BAD_MESSAGE:
|
|
return("Bad message");
|
|
case SSH2_FX_NO_CONNECTION:
|
|
return("No connection");
|
|
case SSH2_FX_CONNECTION_LOST:
|
|
return("Connection lost");
|
|
case SSH2_FX_OP_UNSUPPORTED:
|
|
return("Operation unsupported");
|
|
default:
|
|
return("Unknown status");
|
|
}
|
|
/* NOTREACHED */
|
|
}
|
|
|
|
/*
|
|
* drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh
|
|
*/
|
|
char *
|
|
ls_file(const char *name, const struct stat *st, int remote, int si_units,
|
|
const char *user, const char *group)
|
|
{
|
|
int ulen, glen, sz = 0;
|
|
struct tm *ltime = localtime(&st->st_mtime);
|
|
char buf[1024], lc[8], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
|
|
char sbuf[FMT_SCALED_STRSIZE];
|
|
time_t now;
|
|
|
|
strmode(st->st_mode, mode);
|
|
if (remote) {
|
|
if (user == NULL) {
|
|
snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
|
|
user = ubuf;
|
|
}
|
|
if (group == NULL) {
|
|
snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
|
|
group = gbuf;
|
|
}
|
|
strlcpy(lc, "?", sizeof(lc));
|
|
} else {
|
|
user = user_from_uid(st->st_uid, 0);
|
|
group = group_from_gid(st->st_gid, 0);
|
|
snprintf(lc, sizeof(lc), "%u", (u_int)st->st_nlink);
|
|
}
|
|
if (ltime != NULL) {
|
|
now = time(NULL);
|
|
if (now - (365*24*60*60)/2 < st->st_mtime &&
|
|
now >= st->st_mtime)
|
|
sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime);
|
|
else
|
|
sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime);
|
|
}
|
|
if (sz == 0)
|
|
tbuf[0] = '\0';
|
|
ulen = MAXIMUM(strlen(user), 8);
|
|
glen = MAXIMUM(strlen(group), 8);
|
|
if (si_units) {
|
|
fmt_scaled((long long)st->st_size, sbuf);
|
|
snprintf(buf, sizeof buf, "%s %3s %-*s %-*s %8s %s %s",
|
|
mode, lc, ulen, user, glen, group,
|
|
sbuf, tbuf, name);
|
|
} else {
|
|
snprintf(buf, sizeof buf, "%s %3s %-*s %-*s %8llu %s %s",
|
|
mode, lc, ulen, user, glen, group,
|
|
(unsigned long long)st->st_size, tbuf, name);
|
|
}
|
|
return xstrdup(buf);
|
|
}
|