path: root/sftp-server.c
AgeCommit message (Collapse)Author
2020-07-17upstream: log error message for process_write() write
OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851
2020-06-22upstream: better terminology for permissions; feedback & ok
OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
2019-07-08upstream: add a local implementation of BSD realpath()
sftp-server use ahead of OpenBSD's realpath changing to match POSIX; ok deraadt@ (thanks for snaps testing) OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
2019-07-05upstream: When system calls indicate an error they return -1,
some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-06-08upstream: Replace calls to ssh_malloc_init() by a static init
malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-01-17upstream: add support for a "" extension.
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but with more attribute modifications supported. ok markus@ dtucker@ OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
2019-01-03upstream: static on global vars, const on handler tables that
function pointers; from Mike Frysinger OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
2018-06-01upstream: make UID available as a %-expansion everywhere that
username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
disallow creation (of empty files) in read-only mode; reported by Michal Zalewski, feedback & ok deraadt@ Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-06-09Move prctl PR_SET_DUMPABLE into platform.c.Darren Tucker
This should make it easier to add additional platform support such as Solaris (bz#2584).
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while. Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-01-08Support Illumos/Solaris fine-grained privilegesDamien Miller
Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
1) Use xcalloc() instead of xmalloc() to check for potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size just before the for loop. (suggested by djm@) OK djm@ Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
rename xrealloc() to xreallocarray() since it follows that form. ok djm
2015-04-15Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits.Darren Tucker
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
2015-01-15fix merge botchDamien Miller
update sftp client and server to new buffer API. pretty much just mechanical changes; with & ok markus
2014-08-24 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but notDamien Miller
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
2014-04-01 - (djm) On platforms that support it, use prctl() to prevent sftp-serverDamien Miller
from accessing /proc/self/{mem,maps}; patch from jann AT
2014-01-19 - 2014/01/17 06:23:24Darren Tucker
[sftp-server.c] fix log message statvfs. ok djm
2013-10-17 - 2013/10/17 00:30:13Damien Miller
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c] protocol extension for sftp-server client support to allow calling fsync() faster successful transfer patch mostly by imorgan AT; bz#1798 "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-15 - 2013/10/14 23:28:23Damien Miller
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
2013-10-15 - 2013/10/14 14:18:56Damien Miller
[sftp-server.8 sftp-server.c] tweak previous; ok djm
2013-10-15 - 2013/10/10 00:53:25Damien Miller
[sftp-server.c] add -Q, -P and -p to usage() before jmc@ catches me
2013-10-15 - 2013/10/09 23:42:17Damien Miller
[sftp-server.8 sftp-server.c] Add ability to whitelist and/or blacklist sftp protocol requests by name. Refactor dispatch loop and consolidate read-only mode checks. Make global variables static, since sftp-server is linked into sshd(8). ok dtucker@
2013-06-02 - 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-01-09 - 2013/01/04 19:26:38Damien Miller
[sftp-server.8 sftp-server.c] sftp-server.8: add argument name to -d sftp-server.c: add -d to usage() ok djm
2013-01-09 - 2013/01/03 12:54:49Damien Miller
[sftp-server.8 sftp-server.c] allow specification of an alternate start directory for sftp-server(8) "I like this" markus@
2011-06-20 - 2011/06/17 21:46:16Damien Miller
[sftp-server.c] the protocol version should be unsigned; bz#1913 reported by mb AT
2010-12-05 - 2010/12/04 00:18:01Darren Tucker
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command; based on a patch from miklos AT in bz#1555; ok markus@
2010-11-05 - 2010/11/04 02:45:34Damien Miller
[sftp-server.c] umask should be parsed as octal. reported by candland AT; ok markus@
2010-01-13 - 2010/01/13 01:40:16Darren Tucker
[sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h] support '-h' (human-readable units) for sftp's ls command, just like ls(1); ok dtucker@
2010-01-09 - 2010/01/09 00:20:26Darren Tucker
[sftp-server.c sftp-server.8] add a 'read-only' mode to sftp-server(8) that disables open in write mode and all other fs-modifying protocol methods. bz#430 ok dtucker@
2010-01-08 - 2010/01/04 02:25:15Darren Tucker
[sftp-server.c] bz#1566 don't unnecessarily dup() in and out fds for sftp-server; ok markus@
2009-10-24 - 2009/10/17 12:10:39Darren Tucker
[sftp-server.c] sort flags.
2009-10-07 - 2009/08/31 20:56:02Darren Tucker
[sftp-server.c] check correct variable for error message, spotted by martynas@
2009-10-07 - 2009/08/27 17:28:52Darren Tucker
[sftp-server.c] allow setting an explicit umask on the commandline to override whatever default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-08-28- (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error whenDamien Miller
attempting atomic rename(); ok dtucker@
2009-06-21 - 2009/04/14 16:33:42Darren Tucker
[sftp-server.c] remove unused option character from getopt() optstring; ok markus@
2008-07-04 - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if linkDarren Tucker
returns EXDEV. Patch from Mike Garrison, ok djm@
2008-06-29 - 2008/06/26 06:10:09Damien Miller
[sftp-client.c sftp-server.c] allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky bits. Note that this only affects explicit setting of modes (e.g. via sftp(1)'s chmod command) and not file transfers. (bz#1310) ok deraadt@ at c2k8
2008-06-09 - 2008/06/09 13:02:39Darren Tucker
Extend 32bit -> 64bit values for statvfs extension missed in previous commit.
2008-06-09 - 2008/06/08 17:04:41Darren Tucker
[sftp-server.c] Add case for ENOSYS in errno_to_portable; ok deraadt
2008-06-09 - (dtucker) [ defines.h sftp-client.c M sftp-server.c] Add aDarren Tucker
macro to convert fsid to unsigned long for platforms where fsid is a 2-member array.
2008-06-09 - (dtucker) [ defines.h sftp-client.c sftp-server.c sftp.cDarren Tucker
openbsd-compat/ openbsd-compat/openbsd-compat.h openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and fstatvfs and remove #defines around statvfs code. ok djm@
2008-06-08 - 2008/06/07 21:52:46Darren Tucker
[sftp-server.c sftp-client.c] statvfs member fsid needs to be wider, increase it to 64 bits and crank extension revision number to 2; prodded and ok dtucker@
2008-06-08 - (dtucker) [ defines.h sftp-client.c sftp-server.c sftp.c] Do ↵Darren Tucker
not enable statvfs extensions on platforms that do not have statvfs. ok djm@