1 /* $OpenBSD: sftp-server.c,v 1.114 2019/01/16 23:22:10 djm Exp $ */
3 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/types.h>
22 #ifdef HAVE_SYS_TIME_H
23 # include <sys/time.h>
25 #ifdef HAVE_SYS_MOUNT_H
26 #include <sys/mount.h>
28 #ifdef HAVE_SYS_STATVFS_H
29 #include <sys/statvfs.h>
52 #include "sftp-common.h"
55 static LogLevel log_level = SYSLOG_LEVEL_ERROR;
58 static struct passwd *pw = NULL;
59 static char *client_addr = NULL;
61 /* input and output queue */
62 struct sshbuf *iqueue;
63 struct sshbuf *oqueue;
65 /* Version of client */
68 /* SSH2_FXP_INIT received */
74 /* Requests that are allowed/denied */
75 static char *request_whitelist, *request_blacklist;
77 /* portable attributes, etc. */
78 typedef struct Stat Stat;
87 static void process_open(u_int32_t id);
88 static void process_close(u_int32_t id);
89 static void process_read(u_int32_t id);
90 static void process_write(u_int32_t id);
91 static void process_stat(u_int32_t id);
92 static void process_lstat(u_int32_t id);
93 static void process_fstat(u_int32_t id);
94 static void process_setstat(u_int32_t id);
95 static void process_fsetstat(u_int32_t id);
96 static void process_opendir(u_int32_t id);
97 static void process_readdir(u_int32_t id);
98 static void process_remove(u_int32_t id);
99 static void process_mkdir(u_int32_t id);
100 static void process_rmdir(u_int32_t id);
101 static void process_realpath(u_int32_t id);
102 static void process_rename(u_int32_t id);
103 static void process_readlink(u_int32_t id);
104 static void process_symlink(u_int32_t id);
105 static void process_extended_posix_rename(u_int32_t id);
106 static void process_extended_statvfs(u_int32_t id);
107 static void process_extended_fstatvfs(u_int32_t id);
108 static void process_extended_hardlink(u_int32_t id);
109 static void process_extended_fsync(u_int32_t id);
110 static void process_extended_lsetstat(u_int32_t id);
111 static void process_extended(u_int32_t id);
113 struct sftp_handler {
114 const char *name; /* user-visible name for fine-grained perms */
115 const char *ext_name; /* extended request name */
116 u_int type; /* packet type, for non extended packets */
117 void (*handler)(u_int32_t);
118 int does_write; /* if nonzero, banned for readonly mode */
121 static const struct sftp_handler handlers[] = {
122 /* NB. SSH2_FXP_OPEN does the readonly check in the handler itself */
123 { "open", NULL, SSH2_FXP_OPEN, process_open, 0 },
124 { "close", NULL, SSH2_FXP_CLOSE, process_close, 0 },
125 { "read", NULL, SSH2_FXP_READ, process_read, 0 },
126 { "write", NULL, SSH2_FXP_WRITE, process_write, 1 },
127 { "lstat", NULL, SSH2_FXP_LSTAT, process_lstat, 0 },
128 { "fstat", NULL, SSH2_FXP_FSTAT, process_fstat, 0 },
129 { "setstat", NULL, SSH2_FXP_SETSTAT, process_setstat, 1 },
130 { "fsetstat", NULL, SSH2_FXP_FSETSTAT, process_fsetstat, 1 },
131 { "opendir", NULL, SSH2_FXP_OPENDIR, process_opendir, 0 },
132 { "readdir", NULL, SSH2_FXP_READDIR, process_readdir, 0 },
133 { "remove", NULL, SSH2_FXP_REMOVE, process_remove, 1 },
134 { "mkdir", NULL, SSH2_FXP_MKDIR, process_mkdir, 1 },
135 { "rmdir", NULL, SSH2_FXP_RMDIR, process_rmdir, 1 },
136 { "realpath", NULL, SSH2_FXP_REALPATH, process_realpath, 0 },
137 { "stat", NULL, SSH2_FXP_STAT, process_stat, 0 },
138 { "rename", NULL, SSH2_FXP_RENAME, process_rename, 1 },
139 { "readlink", NULL, SSH2_FXP_READLINK, process_readlink, 0 },
140 { "symlink", NULL, SSH2_FXP_SYMLINK, process_symlink, 1 },
141 { NULL, NULL, 0, NULL, 0 }
144 /* SSH2_FXP_EXTENDED submessages */
145 static const struct sftp_handler extended_handlers[] = {
146 { "posix-rename", "posix-rename@openssh.com", 0,
147 process_extended_posix_rename, 1 },
148 { "statvfs", "statvfs@openssh.com", 0, process_extended_statvfs, 0 },
149 { "fstatvfs", "fstatvfs@openssh.com", 0, process_extended_fstatvfs, 0 },
150 { "hardlink", "hardlink@openssh.com", 0, process_extended_hardlink, 1 },
151 { "fsync", "fsync@openssh.com", 0, process_extended_fsync, 1 },
152 { "lsetstat", "lsetstat@openssh.com", 0, process_extended_lsetstat, 1 },
153 { NULL, NULL, 0, NULL, 0 }
157 request_permitted(const struct sftp_handler *h)
161 if (readonly && h->does_write) {
162 verbose("Refusing %s request in read-only mode", h->name);
165 if (request_blacklist != NULL &&
166 ((result = match_list(h->name, request_blacklist, NULL))) != NULL) {
168 verbose("Refusing blacklisted %s request", h->name);
171 if (request_whitelist != NULL &&
172 ((result = match_list(h->name, request_whitelist, NULL))) != NULL) {
174 debug2("Permitting whitelisted %s request", h->name);
177 if (request_whitelist != NULL) {
178 verbose("Refusing non-whitelisted %s request", h->name);
185 errno_to_portable(int unixerrno)
197 ret = SSH2_FX_NO_SUCH_FILE;
202 ret = SSH2_FX_PERMISSION_DENIED;
206 ret = SSH2_FX_BAD_MESSAGE;
209 ret = SSH2_FX_OP_UNSUPPORTED;
212 ret = SSH2_FX_FAILURE;
219 flags_from_portable(int pflags)
223 if ((pflags & SSH2_FXF_READ) &&
224 (pflags & SSH2_FXF_WRITE)) {
226 } else if (pflags & SSH2_FXF_READ) {
228 } else if (pflags & SSH2_FXF_WRITE) {
231 if (pflags & SSH2_FXF_APPEND)
233 if (pflags & SSH2_FXF_CREAT)
235 if (pflags & SSH2_FXF_TRUNC)
237 if (pflags & SSH2_FXF_EXCL)
243 string_from_portable(int pflags)
245 static char ret[128];
249 #define PAPPEND(str) { \
251 strlcat(ret, ",", sizeof(ret)); \
252 strlcat(ret, str, sizeof(ret)); \
255 if (pflags & SSH2_FXF_READ)
257 if (pflags & SSH2_FXF_WRITE)
259 if (pflags & SSH2_FXF_APPEND)
261 if (pflags & SSH2_FXF_CREAT)
263 if (pflags & SSH2_FXF_TRUNC)
265 if (pflags & SSH2_FXF_EXCL)
273 typedef struct Handle Handle;
280 u_int64_t bytes_read, bytes_write;
290 static Handle *handles = NULL;
291 static u_int num_handles = 0;
292 static int first_unused_handle = -1;
294 static void handle_unused(int i)
296 handles[i].use = HANDLE_UNUSED;
297 handles[i].next_unused = first_unused_handle;
298 first_unused_handle = i;
302 handle_new(int use, const char *name, int fd, int flags, DIR *dirp)
306 if (first_unused_handle == -1) {
307 if (num_handles + 1 <= num_handles)
310 handles = xreallocarray(handles, num_handles, sizeof(Handle));
311 handle_unused(num_handles - 1);
314 i = first_unused_handle;
315 first_unused_handle = handles[i].next_unused;
317 handles[i].use = use;
318 handles[i].dirp = dirp;
320 handles[i].flags = flags;
321 handles[i].name = xstrdup(name);
322 handles[i].bytes_read = handles[i].bytes_write = 0;
328 handle_is_ok(int i, int type)
330 return i >= 0 && (u_int)i < num_handles && handles[i].use == type;
334 handle_to_string(int handle, u_char **stringp, int *hlenp)
336 if (stringp == NULL || hlenp == NULL)
338 *stringp = xmalloc(sizeof(int32_t));
339 put_u32(*stringp, handle);
340 *hlenp = sizeof(int32_t);
345 handle_from_string(const u_char *handle, u_int hlen)
349 if (hlen != sizeof(int32_t))
351 val = get_u32(handle);
352 if (handle_is_ok(val, HANDLE_FILE) ||
353 handle_is_ok(val, HANDLE_DIR))
359 handle_to_name(int handle)
361 if (handle_is_ok(handle, HANDLE_DIR)||
362 handle_is_ok(handle, HANDLE_FILE))
363 return handles[handle].name;
368 handle_to_dir(int handle)
370 if (handle_is_ok(handle, HANDLE_DIR))
371 return handles[handle].dirp;
376 handle_to_fd(int handle)
378 if (handle_is_ok(handle, HANDLE_FILE))
379 return handles[handle].fd;
384 handle_to_flags(int handle)
386 if (handle_is_ok(handle, HANDLE_FILE))
387 return handles[handle].flags;
392 handle_update_read(int handle, ssize_t bytes)
394 if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0)
395 handles[handle].bytes_read += bytes;
399 handle_update_write(int handle, ssize_t bytes)
401 if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0)
402 handles[handle].bytes_write += bytes;
406 handle_bytes_read(int handle)
408 if (handle_is_ok(handle, HANDLE_FILE))
409 return (handles[handle].bytes_read);
414 handle_bytes_write(int handle)
416 if (handle_is_ok(handle, HANDLE_FILE))
417 return (handles[handle].bytes_write);
422 handle_close(int handle)
426 if (handle_is_ok(handle, HANDLE_FILE)) {
427 ret = close(handles[handle].fd);
428 free(handles[handle].name);
429 handle_unused(handle);
430 } else if (handle_is_ok(handle, HANDLE_DIR)) {
431 ret = closedir(handles[handle].dirp);
432 free(handles[handle].name);
433 handle_unused(handle);
441 handle_log_close(int handle, char *emsg)
443 if (handle_is_ok(handle, HANDLE_FILE)) {
444 logit("%s%sclose \"%s\" bytes read %llu written %llu",
445 emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
446 handle_to_name(handle),
447 (unsigned long long)handle_bytes_read(handle),
448 (unsigned long long)handle_bytes_write(handle));
450 logit("%s%sclosedir \"%s\"",
451 emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
452 handle_to_name(handle));
457 handle_log_exit(void)
461 for (i = 0; i < num_handles; i++)
462 if (handles[i].use != HANDLE_UNUSED)
463 handle_log_close(i, "forced");
467 get_handle(struct sshbuf *queue, int *hp)
474 if ((r = sshbuf_get_string(queue, &handle, &hlen)) != 0)
477 *hp = handle_from_string(handle, hlen);
485 send_msg(struct sshbuf *m)
489 if ((r = sshbuf_put_stringb(oqueue, m)) != 0)
490 fatal("%s: buffer error: %s", __func__, ssh_err(r));
495 status_to_message(u_int32_t status)
497 const char *status_messages[] = {
498 "Success", /* SSH_FX_OK */
499 "End of file", /* SSH_FX_EOF */
500 "No such file", /* SSH_FX_NO_SUCH_FILE */
501 "Permission denied", /* SSH_FX_PERMISSION_DENIED */
502 "Failure", /* SSH_FX_FAILURE */
503 "Bad message", /* SSH_FX_BAD_MESSAGE */
504 "No connection", /* SSH_FX_NO_CONNECTION */
505 "Connection lost", /* SSH_FX_CONNECTION_LOST */
506 "Operation unsupported", /* SSH_FX_OP_UNSUPPORTED */
507 "Unknown error" /* Others */
509 return (status_messages[MINIMUM(status,SSH2_FX_MAX)]);
513 send_status(u_int32_t id, u_int32_t status)
518 debug3("request %u: sent status %u", id, status);
519 if (log_level > SYSLOG_LEVEL_VERBOSE ||
520 (status != SSH2_FX_OK && status != SSH2_FX_EOF))
521 logit("sent status %s", status_to_message(status));
522 if ((msg = sshbuf_new()) == NULL)
523 fatal("%s: sshbuf_new failed", __func__);
524 if ((r = sshbuf_put_u8(msg, SSH2_FXP_STATUS)) != 0 ||
525 (r = sshbuf_put_u32(msg, id)) != 0 ||
526 (r = sshbuf_put_u32(msg, status)) != 0)
527 fatal("%s: buffer error: %s", __func__, ssh_err(r));
529 if ((r = sshbuf_put_cstring(msg,
530 status_to_message(status))) != 0 ||
531 (r = sshbuf_put_cstring(msg, "")) != 0)
532 fatal("%s: buffer error: %s", __func__, ssh_err(r));
538 send_data_or_handle(char type, u_int32_t id, const u_char *data, int dlen)
543 if ((msg = sshbuf_new()) == NULL)
544 fatal("%s: sshbuf_new failed", __func__);
545 if ((r = sshbuf_put_u8(msg, type)) != 0 ||
546 (r = sshbuf_put_u32(msg, id)) != 0 ||
547 (r = sshbuf_put_string(msg, data, dlen)) != 0)
548 fatal("%s: buffer error: %s", __func__, ssh_err(r));
554 send_data(u_int32_t id, const u_char *data, int dlen)
556 debug("request %u: sent data len %d", id, dlen);
557 send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
561 send_handle(u_int32_t id, int handle)
566 handle_to_string(handle, &string, &hlen);
567 debug("request %u: sent handle handle %d", id, handle);
568 send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
573 send_names(u_int32_t id, int count, const Stat *stats)
578 if ((msg = sshbuf_new()) == NULL)
579 fatal("%s: sshbuf_new failed", __func__);
580 if ((r = sshbuf_put_u8(msg, SSH2_FXP_NAME)) != 0 ||
581 (r = sshbuf_put_u32(msg, id)) != 0 ||
582 (r = sshbuf_put_u32(msg, count)) != 0)
583 fatal("%s: buffer error: %s", __func__, ssh_err(r));
584 debug("request %u: sent names count %d", id, count);
585 for (i = 0; i < count; i++) {
586 if ((r = sshbuf_put_cstring(msg, stats[i].name)) != 0 ||
587 (r = sshbuf_put_cstring(msg, stats[i].long_name)) != 0 ||
588 (r = encode_attrib(msg, &stats[i].attrib)) != 0)
589 fatal("%s: buffer error: %s", __func__, ssh_err(r));
596 send_attrib(u_int32_t id, const Attrib *a)
601 debug("request %u: sent attrib have 0x%x", id, a->flags);
602 if ((msg = sshbuf_new()) == NULL)
603 fatal("%s: sshbuf_new failed", __func__);
604 if ((r = sshbuf_put_u8(msg, SSH2_FXP_ATTRS)) != 0 ||
605 (r = sshbuf_put_u32(msg, id)) != 0 ||
606 (r = encode_attrib(msg, a)) != 0)
607 fatal("%s: buffer error: %s", __func__, ssh_err(r));
613 send_statvfs(u_int32_t id, struct statvfs *st)
619 flag = (st->f_flag & ST_RDONLY) ? SSH2_FXE_STATVFS_ST_RDONLY : 0;
620 flag |= (st->f_flag & ST_NOSUID) ? SSH2_FXE_STATVFS_ST_NOSUID : 0;
622 if ((msg = sshbuf_new()) == NULL)
623 fatal("%s: sshbuf_new failed", __func__);
624 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 ||
625 (r = sshbuf_put_u32(msg, id)) != 0 ||
626 (r = sshbuf_put_u64(msg, st->f_bsize)) != 0 ||
627 (r = sshbuf_put_u64(msg, st->f_frsize)) != 0 ||
628 (r = sshbuf_put_u64(msg, st->f_blocks)) != 0 ||
629 (r = sshbuf_put_u64(msg, st->f_bfree)) != 0 ||
630 (r = sshbuf_put_u64(msg, st->f_bavail)) != 0 ||
631 (r = sshbuf_put_u64(msg, st->f_files)) != 0 ||
632 (r = sshbuf_put_u64(msg, st->f_ffree)) != 0 ||
633 (r = sshbuf_put_u64(msg, st->f_favail)) != 0 ||
634 (r = sshbuf_put_u64(msg, FSID_TO_ULONG(st->f_fsid))) != 0 ||
635 (r = sshbuf_put_u64(msg, flag)) != 0 ||
636 (r = sshbuf_put_u64(msg, st->f_namemax)) != 0)
637 fatal("%s: buffer error: %s", __func__, ssh_err(r));
650 if ((r = sshbuf_get_u32(iqueue, &version)) != 0)
651 fatal("%s: buffer error: %s", __func__, ssh_err(r));
652 verbose("received client version %u", version);
653 if ((msg = sshbuf_new()) == NULL)
654 fatal("%s: sshbuf_new failed", __func__);
655 if ((r = sshbuf_put_u8(msg, SSH2_FXP_VERSION)) != 0 ||
656 (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0 ||
657 /* POSIX rename extension */
658 (r = sshbuf_put_cstring(msg, "posix-rename@openssh.com")) != 0 ||
659 (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
660 /* statvfs extension */
661 (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
662 (r = sshbuf_put_cstring(msg, "2")) != 0 || /* version */
663 /* fstatvfs extension */
664 (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
665 (r = sshbuf_put_cstring(msg, "2")) != 0 || /* version */
666 /* hardlink extension */
667 (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 ||
668 (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
669 /* fsync extension */
670 (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
671 (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
672 (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
673 (r = sshbuf_put_cstring(msg, "1")) != 0) /* version */
674 fatal("%s: buffer error: %s", __func__, ssh_err(r));
680 process_open(u_int32_t id)
685 int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE;
687 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
688 (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
689 (r = decode_attrib(iqueue, &a)) != 0)
690 fatal("%s: buffer error: %s", __func__, ssh_err(r));
692 debug3("request %u: open flags %d", id, pflags);
693 flags = flags_from_portable(pflags);
694 mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
695 logit("open \"%s\" flags %s mode 0%o",
696 name, string_from_portable(pflags), mode);
698 ((flags & O_ACCMODE) != O_RDONLY ||
699 (flags & (O_CREAT|O_TRUNC)) != 0)) {
700 verbose("Refusing open request in read-only mode");
701 status = SSH2_FX_PERMISSION_DENIED;
703 fd = open(name, flags, mode);
705 status = errno_to_portable(errno);
707 handle = handle_new(HANDLE_FILE, name, fd, flags, NULL);
711 send_handle(id, handle);
716 if (status != SSH2_FX_OK)
717 send_status(id, status);
722 process_close(u_int32_t id)
724 int r, handle, ret, status = SSH2_FX_FAILURE;
726 if ((r = get_handle(iqueue, &handle)) != 0)
727 fatal("%s: buffer error: %s", __func__, ssh_err(r));
729 debug3("request %u: close handle %u", id, handle);
730 handle_log_close(handle, NULL);
731 ret = handle_close(handle);
732 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
733 send_status(id, status);
737 process_read(u_int32_t id)
741 int r, handle, fd, ret, status = SSH2_FX_FAILURE;
744 if ((r = get_handle(iqueue, &handle)) != 0 ||
745 (r = sshbuf_get_u64(iqueue, &off)) != 0 ||
746 (r = sshbuf_get_u32(iqueue, &len)) != 0)
747 fatal("%s: buffer error: %s", __func__, ssh_err(r));
749 debug("request %u: read \"%s\" (handle %d) off %llu len %d",
750 id, handle_to_name(handle), handle, (unsigned long long)off, len);
751 if (len > sizeof buf) {
753 debug2("read change len %d", len);
755 fd = handle_to_fd(handle);
757 if (lseek(fd, off, SEEK_SET) < 0) {
758 error("process_read: seek failed");
759 status = errno_to_portable(errno);
761 ret = read(fd, buf, len);
763 status = errno_to_portable(errno);
764 } else if (ret == 0) {
765 status = SSH2_FX_EOF;
767 send_data(id, buf, ret);
769 handle_update_read(handle, ret);
773 if (status != SSH2_FX_OK)
774 send_status(id, status);
778 process_write(u_int32_t id)
782 int r, handle, fd, ret, status;
785 if ((r = get_handle(iqueue, &handle)) != 0 ||
786 (r = sshbuf_get_u64(iqueue, &off)) != 0 ||
787 (r = sshbuf_get_string(iqueue, &data, &len)) != 0)
788 fatal("%s: buffer error: %s", __func__, ssh_err(r));
790 debug("request %u: write \"%s\" (handle %d) off %llu len %zu",
791 id, handle_to_name(handle), handle, (unsigned long long)off, len);
792 fd = handle_to_fd(handle);
795 status = SSH2_FX_FAILURE;
797 if (!(handle_to_flags(handle) & O_APPEND) &&
798 lseek(fd, off, SEEK_SET) < 0) {
799 status = errno_to_portable(errno);
800 error("process_write: seek failed");
803 ret = write(fd, data, len);
805 error("process_write: write failed");
806 status = errno_to_portable(errno);
807 } else if ((size_t)ret == len) {
809 handle_update_write(handle, ret);
811 debug2("nothing at all written");
812 status = SSH2_FX_FAILURE;
816 send_status(id, status);
821 process_do_stat(u_int32_t id, int do_lstat)
826 int r, status = SSH2_FX_FAILURE;
828 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
829 fatal("%s: buffer error: %s", __func__, ssh_err(r));
831 debug3("request %u: %sstat", id, do_lstat ? "l" : "");
832 verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
833 r = do_lstat ? lstat(name, &st) : stat(name, &st);
835 status = errno_to_portable(errno);
837 stat_to_attrib(&st, &a);
841 if (status != SSH2_FX_OK)
842 send_status(id, status);
847 process_stat(u_int32_t id)
849 process_do_stat(id, 0);
853 process_lstat(u_int32_t id)
855 process_do_stat(id, 1);
859 process_fstat(u_int32_t id)
863 int fd, r, handle, status = SSH2_FX_FAILURE;
865 if ((r = get_handle(iqueue, &handle)) != 0)
866 fatal("%s: buffer error: %s", __func__, ssh_err(r));
867 debug("request %u: fstat \"%s\" (handle %u)",
868 id, handle_to_name(handle), handle);
869 fd = handle_to_fd(handle);
873 status = errno_to_portable(errno);
875 stat_to_attrib(&st, &a);
880 if (status != SSH2_FX_OK)
881 send_status(id, status);
884 static struct timeval *
885 attrib_to_tv(const Attrib *a)
887 static struct timeval tv[2];
889 tv[0].tv_sec = a->atime;
891 tv[1].tv_sec = a->mtime;
896 static struct timespec *
897 attrib_to_ts(const Attrib *a)
899 static struct timespec ts[2];
901 ts[0].tv_sec = a->atime;
903 ts[1].tv_sec = a->mtime;
909 process_setstat(u_int32_t id)
913 int r, status = SSH2_FX_OK;
915 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
916 (r = decode_attrib(iqueue, &a)) != 0)
917 fatal("%s: buffer error: %s", __func__, ssh_err(r));
919 debug("request %u: setstat name \"%s\"", id, name);
920 if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
921 logit("set \"%s\" size %llu",
922 name, (unsigned long long)a.size);
923 r = truncate(name, a.size);
925 status = errno_to_portable(errno);
927 if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
928 logit("set \"%s\" mode %04o", name, a.perm);
929 r = chmod(name, a.perm & 07777);
931 status = errno_to_portable(errno);
933 if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
937 strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S",
939 logit("set \"%s\" modtime %s", name, buf);
940 r = utimes(name, attrib_to_tv(&a));
942 status = errno_to_portable(errno);
944 if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) {
945 logit("set \"%s\" owner %lu group %lu", name,
946 (u_long)a.uid, (u_long)a.gid);
947 r = chown(name, a.uid, a.gid);
949 status = errno_to_portable(errno);
951 send_status(id, status);
956 process_fsetstat(u_int32_t id)
960 int status = SSH2_FX_OK;
962 if ((r = get_handle(iqueue, &handle)) != 0 ||
963 (r = decode_attrib(iqueue, &a)) != 0)
964 fatal("%s: buffer error: %s", __func__, ssh_err(r));
966 debug("request %u: fsetstat handle %d", id, handle);
967 fd = handle_to_fd(handle);
969 status = SSH2_FX_FAILURE;
971 char *name = handle_to_name(handle);
973 if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
974 logit("set \"%s\" size %llu",
975 name, (unsigned long long)a.size);
976 r = ftruncate(fd, a.size);
978 status = errno_to_portable(errno);
980 if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
981 logit("set \"%s\" mode %04o", name, a.perm);
983 r = fchmod(fd, a.perm & 07777);
985 r = chmod(name, a.perm & 07777);
988 status = errno_to_portable(errno);
990 if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
994 strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S",
996 logit("set \"%s\" modtime %s", name, buf);
998 r = futimes(fd, attrib_to_tv(&a));
1000 r = utimes(name, attrib_to_tv(&a));
1003 status = errno_to_portable(errno);
1005 if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) {
1006 logit("set \"%s\" owner %lu group %lu", name,
1007 (u_long)a.uid, (u_long)a.gid);
1009 r = fchown(fd, a.uid, a.gid);
1011 r = chown(name, a.uid, a.gid);
1014 status = errno_to_portable(errno);
1017 send_status(id, status);
1021 process_opendir(u_int32_t id)
1025 int r, handle, status = SSH2_FX_FAILURE;
1027 if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
1028 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1030 debug3("request %u: opendir", id);
1031 logit("opendir \"%s\"", path);
1032 dirp = opendir(path);
1034 status = errno_to_portable(errno);
1036 handle = handle_new(HANDLE_DIR, path, 0, 0, dirp);
1040 send_handle(id, handle);
1041 status = SSH2_FX_OK;
1045 if (status != SSH2_FX_OK)
1046 send_status(id, status);
1051 process_readdir(u_int32_t id)
1058 if ((r = get_handle(iqueue, &handle)) != 0)
1059 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1061 debug("request %u: readdir \"%s\" (handle %d)", id,
1062 handle_to_name(handle), handle);
1063 dirp = handle_to_dir(handle);
1064 path = handle_to_name(handle);
1065 if (dirp == NULL || path == NULL) {
1066 send_status(id, SSH2_FX_FAILURE);
1069 char pathname[PATH_MAX];
1071 int nstats = 10, count = 0, i;
1073 stats = xcalloc(nstats, sizeof(Stat));
1074 while ((dp = readdir(dirp)) != NULL) {
1075 if (count >= nstats) {
1077 stats = xreallocarray(stats, nstats, sizeof(Stat));
1079 /* XXX OVERFLOW ? */
1080 snprintf(pathname, sizeof pathname, "%s%s%s", path,
1081 strcmp(path, "/") ? "/" : "", dp->d_name);
1082 if (lstat(pathname, &st) < 0)
1084 stat_to_attrib(&st, &(stats[count].attrib));
1085 stats[count].name = xstrdup(dp->d_name);
1086 stats[count].long_name = ls_file(dp->d_name, &st, 0, 0);
1088 /* send up to 100 entries in one message */
1089 /* XXX check packet size instead */
1094 send_names(id, count, stats);
1095 for (i = 0; i < count; i++) {
1096 free(stats[i].name);
1097 free(stats[i].long_name);
1100 send_status(id, SSH2_FX_EOF);
1107 process_remove(u_int32_t id)
1110 int r, status = SSH2_FX_FAILURE;
1112 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
1113 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1115 debug3("request %u: remove", id);
1116 logit("remove name \"%s\"", name);
1118 status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1119 send_status(id, status);
1124 process_mkdir(u_int32_t id)
1128 int r, mode, status = SSH2_FX_FAILURE;
1130 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
1131 (r = decode_attrib(iqueue, &a)) != 0)
1132 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1134 mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
1135 a.perm & 07777 : 0777;
1136 debug3("request %u: mkdir", id);
1137 logit("mkdir name \"%s\" mode 0%o", name, mode);
1138 r = mkdir(name, mode);
1139 status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1140 send_status(id, status);
1145 process_rmdir(u_int32_t id)
1150 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
1151 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1153 debug3("request %u: rmdir", id);
1154 logit("rmdir name \"%s\"", name);
1156 status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1157 send_status(id, status);
1162 process_realpath(u_int32_t id)
1164 char resolvedname[PATH_MAX];
1168 if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
1169 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1171 if (path[0] == '\0') {
1173 path = xstrdup(".");
1175 debug3("request %u: realpath", id);
1176 verbose("realpath \"%s\"", path);
1177 if (realpath(path, resolvedname) == NULL) {
1178 send_status(id, errno_to_portable(errno));
1181 attrib_clear(&s.attrib);
1182 s.name = s.long_name = resolvedname;
1183 send_names(id, 1, &s);
1189 process_rename(u_int32_t id)
1191 char *oldpath, *newpath;
1195 if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
1196 (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
1197 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1199 debug3("request %u: rename", id);
1200 logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
1201 status = SSH2_FX_FAILURE;
1202 if (lstat(oldpath, &sb) == -1)
1203 status = errno_to_portable(errno);
1204 else if (S_ISREG(sb.st_mode)) {
1205 /* Race-free rename of regular files */
1206 if (link(oldpath, newpath) == -1) {
1207 if (errno == EOPNOTSUPP || errno == ENOSYS
1211 #ifdef LINK_OPNOTSUPP_ERRNO
1212 || errno == LINK_OPNOTSUPP_ERRNO
1218 * fs doesn't support links, so fall back to
1219 * stat+rename. This is racy.
1221 if (stat(newpath, &st) == -1) {
1222 if (rename(oldpath, newpath) == -1)
1224 errno_to_portable(errno);
1226 status = SSH2_FX_OK;
1229 status = errno_to_portable(errno);
1231 } else if (unlink(oldpath) == -1) {
1232 status = errno_to_portable(errno);
1233 /* clean spare link */
1236 status = SSH2_FX_OK;
1237 } else if (stat(newpath, &sb) == -1) {
1238 if (rename(oldpath, newpath) == -1)
1239 status = errno_to_portable(errno);
1241 status = SSH2_FX_OK;
1243 send_status(id, status);
1249 process_readlink(u_int32_t id)
1255 if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
1256 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1258 debug3("request %u: readlink", id);
1259 verbose("readlink \"%s\"", path);
1260 if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
1261 send_status(id, errno_to_portable(errno));
1266 attrib_clear(&s.attrib);
1267 s.name = s.long_name = buf;
1268 send_names(id, 1, &s);
1274 process_symlink(u_int32_t id)
1276 char *oldpath, *newpath;
1279 if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
1280 (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
1281 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1283 debug3("request %u: symlink", id);
1284 logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
1285 /* this will fail if 'newpath' exists */
1286 r = symlink(oldpath, newpath);
1287 status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1288 send_status(id, status);
1294 process_extended_posix_rename(u_int32_t id)
1296 char *oldpath, *newpath;
1299 if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
1300 (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
1301 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1303 debug3("request %u: posix-rename", id);
1304 logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
1305 r = rename(oldpath, newpath);
1306 status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1307 send_status(id, status);
1313 process_extended_statvfs(u_int32_t id)
1319 if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
1320 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1321 debug3("request %u: statvfs", id);
1322 logit("statvfs \"%s\"", path);
1324 if (statvfs(path, &st) != 0)
1325 send_status(id, errno_to_portable(errno));
1327 send_statvfs(id, &st);
1332 process_extended_fstatvfs(u_int32_t id)
1337 if ((r = get_handle(iqueue, &handle)) != 0)
1338 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1339 debug("request %u: fstatvfs \"%s\" (handle %u)",
1340 id, handle_to_name(handle), handle);
1341 if ((fd = handle_to_fd(handle)) < 0) {
1342 send_status(id, SSH2_FX_FAILURE);
1345 if (fstatvfs(fd, &st) != 0)
1346 send_status(id, errno_to_portable(errno));
1348 send_statvfs(id, &st);
1352 process_extended_hardlink(u_int32_t id)
1354 char *oldpath, *newpath;
1357 if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
1358 (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
1359 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1361 debug3("request %u: hardlink", id);
1362 logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath);
1363 r = link(oldpath, newpath);
1364 status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1365 send_status(id, status);
1371 process_extended_fsync(u_int32_t id)
1373 int handle, fd, r, status = SSH2_FX_OP_UNSUPPORTED;
1375 if ((r = get_handle(iqueue, &handle)) != 0)
1376 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1377 debug3("request %u: fsync (handle %u)", id, handle);
1378 verbose("fsync \"%s\"", handle_to_name(handle));
1379 if ((fd = handle_to_fd(handle)) < 0)
1380 status = SSH2_FX_NO_SUCH_FILE;
1381 else if (handle_is_ok(handle, HANDLE_FILE)) {
1383 status = (r == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
1385 send_status(id, status);
1389 process_extended_lsetstat(u_int32_t id)
1393 int r, status = SSH2_FX_OK;
1395 if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
1396 (r = decode_attrib(iqueue, &a)) != 0)
1397 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1399 debug("request %u: lsetstat name \"%s\"", id, name);
1400 if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
1401 /* nonsensical for links */
1402 status = SSH2_FX_BAD_MESSAGE;
1405 if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
1406 logit("set \"%s\" mode %04o", name, a.perm);
1407 r = fchmodat(AT_FDCWD, name,
1408 a.perm & 07777, AT_SYMLINK_NOFOLLOW);
1410 status = errno_to_portable(errno);
1412 if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
1416 strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S",
1418 logit("set \"%s\" modtime %s", name, buf);
1419 r = utimensat(AT_FDCWD, name,
1420 attrib_to_ts(&a), AT_SYMLINK_NOFOLLOW);
1422 status = errno_to_portable(errno);
1424 if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) {
1425 logit("set \"%s\" owner %lu group %lu", name,
1426 (u_long)a.uid, (u_long)a.gid);
1427 r = fchownat(AT_FDCWD, name, a.uid, a.gid,
1428 AT_SYMLINK_NOFOLLOW);
1430 status = errno_to_portable(errno);
1433 send_status(id, status);
1438 process_extended(u_int32_t id)
1443 if ((r = sshbuf_get_cstring(iqueue, &request, NULL)) != 0)
1444 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1445 for (i = 0; extended_handlers[i].handler != NULL; i++) {
1446 if (strcmp(request, extended_handlers[i].ext_name) == 0) {
1447 if (!request_permitted(&extended_handlers[i]))
1448 send_status(id, SSH2_FX_PERMISSION_DENIED);
1450 extended_handlers[i].handler(id);
1454 if (extended_handlers[i].handler == NULL) {
1455 error("Unknown extended request \"%.100s\"", request);
1456 send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
1461 /* stolen from ssh-agent */
1474 buf_len = sshbuf_len(iqueue);
1476 return; /* Incomplete message. */
1477 cp = sshbuf_ptr(iqueue);
1478 msg_len = get_u32(cp);
1479 if (msg_len > SFTP_MAX_MSG_LENGTH) {
1480 error("bad message from %s local user %s",
1481 client_addr, pw->pw_name);
1482 sftp_server_cleanup_exit(11);
1484 if (buf_len < msg_len + 4)
1486 if ((r = sshbuf_consume(iqueue, 4)) != 0)
1487 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1489 if ((r = sshbuf_get_u8(iqueue, &type)) != 0)
1490 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1497 case SSH2_FXP_EXTENDED:
1499 fatal("Received extended request before init");
1500 if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
1501 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1502 process_extended(id);
1506 fatal("Received %u request before init", type);
1507 if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
1508 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1509 for (i = 0; handlers[i].handler != NULL; i++) {
1510 if (type == handlers[i].type) {
1511 if (!request_permitted(&handlers[i])) {
1513 SSH2_FX_PERMISSION_DENIED);
1515 handlers[i].handler(id);
1520 if (handlers[i].handler == NULL)
1521 error("Unknown message %u", type);
1523 /* discard the remaining bytes from the current packet */
1524 if (buf_len < sshbuf_len(iqueue)) {
1525 error("iqueue grew unexpectedly");
1526 sftp_server_cleanup_exit(255);
1528 consumed = buf_len - sshbuf_len(iqueue);
1529 if (msg_len < consumed) {
1530 error("msg_len %u < consumed %u", msg_len, consumed);
1531 sftp_server_cleanup_exit(255);
1533 if (msg_len > consumed &&
1534 (r = sshbuf_consume(iqueue, msg_len - consumed)) != 0)
1535 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1538 /* Cleanup handler that logs active handles upon normal exit */
1540 sftp_server_cleanup_exit(int i)
1542 if (pw != NULL && client_addr != NULL) {
1544 logit("session closed for local user %s from [%s]",
1545 pw->pw_name, client_addr);
1551 sftp_server_usage(void)
1553 extern char *__progname;
1556 "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
1557 "[-l log_level]\n\t[-P blacklisted_requests] "
1558 "[-p whitelisted_requests] [-u umask]\n"
1559 " %s -Q protocol_feature\n",
1560 __progname, __progname);
1565 sftp_server_main(int argc, char **argv, struct passwd *user_pw)
1567 fd_set *rset, *wset;
1568 int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
1569 ssize_t len, olen, set_size;
1570 SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1571 char *cp, *homedir = NULL, uidstr[32], buf[4*4096];
1574 extern char *optarg;
1575 extern char *__progname;
1577 ssh_malloc_init(); /* must be called before any mallocs */
1578 __progname = ssh_get_progname(argv[0]);
1579 log_init(__progname, log_level, log_facility, log_stderr);
1581 pw = pwcopy(user_pw);
1583 while (!skipargs && (ch = getopt(argc, argv,
1584 "d:f:l:P:p:Q:u:cehR")) != -1) {
1587 if (strcasecmp(optarg, "requests") != 0) {
1588 fprintf(stderr, "Invalid query type\n");
1591 for (i = 0; handlers[i].handler != NULL; i++)
1592 printf("%s\n", handlers[i].name);
1593 for (i = 0; extended_handlers[i].handler != NULL; i++)
1594 printf("%s\n", extended_handlers[i].name);
1602 * Ignore all arguments if we are invoked as a
1603 * shell using "sftp-server -c command"
1611 log_level = log_level_number(optarg);
1612 if (log_level == SYSLOG_LEVEL_NOT_SET)
1613 error("Invalid log level \"%s\"", optarg);
1616 log_facility = log_facility_number(optarg);
1617 if (log_facility == SYSLOG_FACILITY_NOT_SET)
1618 error("Invalid log facility \"%s\"", optarg);
1621 cp = tilde_expand_filename(optarg, user_pw->pw_uid);
1622 snprintf(uidstr, sizeof(uidstr), "%llu",
1623 (unsigned long long)pw->pw_uid);
1624 homedir = percent_expand(cp, "d", user_pw->pw_dir,
1625 "u", user_pw->pw_name, "U", uidstr, (char *)NULL);
1629 if (request_whitelist != NULL)
1630 fatal("Permitted requests already set");
1631 request_whitelist = xstrdup(optarg);
1634 if (request_blacklist != NULL)
1635 fatal("Refused requests already set");
1636 request_blacklist = xstrdup(optarg);
1640 mask = strtol(optarg, &cp, 8);
1641 if (mask < 0 || mask > 0777 || *cp != '\0' ||
1642 cp == optarg || (mask == 0 && errno != 0))
1643 fatal("Invalid umask \"%s\"", optarg);
1644 (void)umask((mode_t)mask);
1648 sftp_server_usage();
1652 log_init(__progname, log_level, log_facility, log_stderr);
1655 * On platforms where we can, avoid making /proc/self/{mem,maps}
1656 * available to the user so that sftp access doesn't automatically
1657 * imply arbitrary code execution access that will break
1658 * restricted configurations.
1660 platform_disable_tracing(1); /* strict */
1662 /* Drop any fine-grained privileges we don't need */
1663 platform_pledge_sftp_server();
1665 if ((cp = getenv("SSH_CONNECTION")) != NULL) {
1666 client_addr = xstrdup(cp);
1667 if ((cp = strchr(client_addr, ' ')) == NULL) {
1668 error("Malformed SSH_CONNECTION variable: \"%s\"",
1669 getenv("SSH_CONNECTION"));
1670 sftp_server_cleanup_exit(255);
1674 client_addr = xstrdup("UNKNOWN");
1676 logit("session opened for local user %s from [%s]",
1677 pw->pw_name, client_addr);
1680 out = STDOUT_FILENO;
1683 setmode(in, O_BINARY);
1684 setmode(out, O_BINARY);
1693 if ((iqueue = sshbuf_new()) == NULL)
1694 fatal("%s: sshbuf_new failed", __func__);
1695 if ((oqueue = sshbuf_new()) == NULL)
1696 fatal("%s: sshbuf_new failed", __func__);
1698 rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
1699 wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
1701 if (homedir != NULL) {
1702 if (chdir(homedir) != 0) {
1703 error("chdir to \"%s\" failed: %s", homedir,
1708 set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
1710 memset(rset, 0, set_size);
1711 memset(wset, 0, set_size);
1714 * Ensure that we can read a full buffer and handle
1715 * the worst-case length packet it can generate,
1716 * otherwise apply backpressure by stopping reads.
1718 if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 &&
1719 (r = sshbuf_check_reserve(oqueue,
1720 SFTP_MAX_MSG_LENGTH)) == 0)
1722 else if (r != SSH_ERR_NO_BUFFER_SPACE)
1723 fatal("%s: sshbuf_check_reserve failed: %s",
1724 __func__, ssh_err(r));
1726 olen = sshbuf_len(oqueue);
1730 if (select(max+1, rset, wset, NULL, NULL) < 0) {
1733 error("select: %s", strerror(errno));
1734 sftp_server_cleanup_exit(2);
1737 /* copy stdin to iqueue */
1738 if (FD_ISSET(in, rset)) {
1739 len = read(in, buf, sizeof buf);
1742 sftp_server_cleanup_exit(0);
1743 } else if (len < 0) {
1744 error("read: %s", strerror(errno));
1745 sftp_server_cleanup_exit(1);
1746 } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
1747 fatal("%s: buffer error: %s",
1748 __func__, ssh_err(r));
1751 /* send oqueue to stdout */
1752 if (FD_ISSET(out, wset)) {
1753 len = write(out, sshbuf_ptr(oqueue), olen);
1755 error("write: %s", strerror(errno));
1756 sftp_server_cleanup_exit(1);
1757 } else if ((r = sshbuf_consume(oqueue, len)) != 0) {
1758 fatal("%s: buffer error: %s",
1759 __func__, ssh_err(r));
1764 * Process requests from client if we can fit the results
1765 * into the output buffer, otherwise stop processing input
1766 * and let the output queue drain.
1768 r = sshbuf_check_reserve(oqueue, SFTP_MAX_MSG_LENGTH);
1771 else if (r != SSH_ERR_NO_BUFFER_SPACE)
1772 fatal("%s: sshbuf_check_reserve: %s",
1773 __func__, ssh_err(r));
projects / dragonfly.git / blob