upstream: better terminology for permissions; feedback & ok markus@

OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
author: djm@openbsd.org <djm@openbsd.org> 2020-06-22 05:52:05 +0000
committer: Damien Miller <djm@mindrot.org> 2020-06-22 16:11:14 +1000
commit: fc270baf264248c3ee3050b13a6c8c0919e6559f (patch)
tree: a176e7bd7f63c9b966cd8cb89059586cbe253e5c /sftp-server.c
parent: 00531bb42f1af17ddabea59c3d9c4b0629000d27 (diff)
1 files changed, 16 insertions, 16 deletions
diff --git a/sftp-server.c b/sftp-server.c
index 359204fa7..b1d8c88cb 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.117 2019/07/05 04:55:40 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.118 2020/06/22 05:52:05 djm Exp $ */
 /*
 * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
 *
@@ -74,7 +74,7 @@ static int init_done;
 static int readonly;
 /* Requests that are allowed/denied */
-static char *request_whitelist, *request_blacklist;
+static char *request_allowlist, *request_denylist;
 /* portable attributes, etc. */
 typedef struct Stat Stat;
@@ -164,20 +164,20 @@ request_permitted(const struct sftp_handler *h)
                verbose("Refusing %s request in read-only mode", h->name);
                return 0;
        }
-        if (request_blacklist != NULL &&
+        if (request_denylist != NULL &&
-            ((result = match_list(h->name, request_blacklist, NULL))) != NULL) {
+            ((result = match_list(h->name, request_denylist, NULL))) != NULL) {
                free(result);
-                verbose("Refusing blacklisted %s request", h->name);
+                verbose("Refusing denylisted %s request", h->name);
                return 0;
        }
-        if (request_whitelist != NULL &&
+        if (request_allowlist != NULL &&
-            ((result = match_list(h->name, request_whitelist, NULL))) != NULL) {
+            ((result = match_list(h->name, request_allowlist, NULL))) != NULL) {
                free(result);
-                debug2("Permitting whitelisted %s request", h->name);
+                debug2("Permitting allowlisted %s request", h->name);
                return 1;
        }
-        if (request_whitelist != NULL) {
+        if (request_allowlist != NULL) {
-                verbose("Refusing non-whitelisted %s request", h->name);
+                verbose("Refusing non-allowlisted %s request", h->name);
                return 0;
        }
        return 1;
@@ -1556,8 +1556,8 @@ sftp_server_usage(void)
        fprintf(stderr,
            "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
-            "[-l log_level]\n\t[-P blacklisted_requests] "
+            "[-l log_level]\n\t[-P denied_requests] "
-            "[-p whitelisted_requests] [-u umask]\n"
+            "[-p allowed_requests] [-u umask]\n"
            "       %s -Q protocol_feature\n",
            __progname, __progname);
        exit(1);
@@ -1627,14 +1627,14 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
                        free(cp);
                        break;
                case 'p':
-                        if (request_whitelist != NULL)
+                        if (request_allowlist != NULL)
                                fatal("Permitted requests already set");
-                        request_whitelist = xstrdup(optarg);
+                        request_allowlist = xstrdup(optarg);
                        break;
                case 'P':
-                        if (request_blacklist != NULL)
+                        if (request_denylist != NULL)
                                fatal("Refused requests already set");
-                        request_blacklist = xstrdup(optarg);
+                        request_denylist = xstrdup(optarg);
                        break;
                case 'u':
                        errno = 0;
author	djm@openbsd.org <djm@openbsd.org>	2020-06-22 05:52:05 +0000
committer	Damien Miller <djm@mindrot.org>	2020-06-22 16:11:14 +1000
commit	fc270baf264248c3ee3050b13a6c8c0919e6559f (patch)
tree	a176e7bd7f63c9b966cd8cb89059586cbe253e5c /sftp-server.c
parent	00531bb42f1af17ddabea59c3d9c4b0629000d27 (diff)

diff --git a/sftp-server.c b/sftp-server.c index 359204fa7..b1d8c88cb 100644 --- a/sftp-server.c +++ b/sftp-server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sftp-server.c,v 1.117 2019/07/05 04:55:40 djm Exp $ */	1	/* $OpenBSD: sftp-server.c,v 1.118 2020/06/22 05:52:05 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
4	*	4	*
@@ -74,7 +74,7 @@ static int init_done;
74	static int readonly;	74	static int readonly;
75		75
76	/* Requests that are allowed/denied */	76	/* Requests that are allowed/denied */
77	static char request_whitelist, request_blacklist;	77	static char request_allowlist, request_denylist;
78		78
79	/* portable attributes, etc. */	79	/* portable attributes, etc. */
80	typedef struct Stat Stat;	80	typedef struct Stat Stat;
@@ -164,20 +164,20 @@ request_permitted(const struct sftp_handler *h)
164	verbose("Refusing %s request in read-only mode", h->name);	164	verbose("Refusing %s request in read-only mode", h->name);
165	return 0;	165	return 0;
166	}	166	}
167	if (request_blacklist != NULL &&	167	if (request_denylist != NULL &&
168	((result = match_list(h->name, request_blacklist, NULL))) != NULL) {	168	((result = match_list(h->name, request_denylist, NULL))) != NULL) {
169	free(result);	169	free(result);
170	verbose("Refusing blacklisted %s request", h->name);	170	verbose("Refusing denylisted %s request", h->name);
171	return 0;	171	return 0;
172	}	172	}
173	if (request_whitelist != NULL &&	173	if (request_allowlist != NULL &&
174	((result = match_list(h->name, request_whitelist, NULL))) != NULL) {	174	((result = match_list(h->name, request_allowlist, NULL))) != NULL) {
175	free(result);	175	free(result);
176	debug2("Permitting whitelisted %s request", h->name);	176	debug2("Permitting allowlisted %s request", h->name);
177	return 1;	177	return 1;
178	}	178	}
179	if (request_whitelist != NULL) {	179	if (request_allowlist != NULL) {
180	verbose("Refusing non-whitelisted %s request", h->name);	180	verbose("Refusing non-allowlisted %s request", h->name);
181	return 0;	181	return 0;
182	}	182	}
183	return 1;	183	return 1;
@@ -1556,8 +1556,8 @@ sftp_server_usage(void)
1556		1556
1557	fprintf(stderr,	1557	fprintf(stderr,
1558	"usage: %s [-ehR] [-d start_directory] [-f log_facility] "	1558	"usage: %s [-ehR] [-d start_directory] [-f log_facility] "
1559	"[-l log_level]\n\t[-P blacklisted_requests] "	1559	"[-l log_level]\n\t[-P denied_requests] "
1560	"[-p whitelisted_requests] [-u umask]\n"	1560	"[-p allowed_requests] [-u umask]\n"
1561	" %s -Q protocol_feature\n",	1561	" %s -Q protocol_feature\n",
1562	__progname, __progname);	1562	__progname, __progname);
1563	exit(1);	1563	exit(1);
@@ -1627,14 +1627,14 @@ sftp_server_main(int argc, char *argv, struct passwd user_pw)
1627	free(cp);	1627	free(cp);
1628	break;	1628	break;
1629	case 'p':	1629	case 'p':
1630	if (request_whitelist != NULL)	1630	if (request_allowlist != NULL)
1631	fatal("Permitted requests already set");	1631	fatal("Permitted requests already set");
1632	request_whitelist = xstrdup(optarg);	1632	request_allowlist = xstrdup(optarg);
1633	break;	1633	break;
1634	case 'P':	1634	case 'P':
1635	if (request_blacklist != NULL)	1635	if (request_denylist != NULL)
1636	fatal("Refused requests already set");	1636	fatal("Refused requests already set");
1637	request_blacklist = xstrdup(optarg);	1637	request_denylist = xstrdup(optarg);
1638	break;	1638	break;
1639	case 'u':	1639	case 'u':
1640	errno = 0;	1640	errno = 0;