diff options
author | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
commit | b7e40fa9da0b5491534a429dadb321eab5a77558 (patch) | |
tree | bed1da11e9f829925797aa093e379fc0b5868ecd /sftp.c | |
parent | 4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff) | |
parent | 086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff) |
* New upstream release (closes: #395507, #397961, #420035). Important
changes not previously backported to 4.3p2:
- 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
+ On portable OpenSSH, fix a GSSAPI authentication abort that could be
used to determine the validity of usernames on some platforms.
+ Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of
post-authentication options are supported and more are expected to
be added in future releases.
+ Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
+ Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
+ Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
+ Add optional logging of transactions to sftp-server(8).
+ ssh(1) will now record port numbers for hosts stored in
~/.ssh/known_hosts when a non-standard port has been requested
(closes: #50612).
+ Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
non-zero exit code) when requested port forwardings could not be
established.
+ Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
+ Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
+ Many manpage fixes and improvements.
+ Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
+ Tokens in configuration files may be double-quoted in order to
contain spaces (closes: #319639).
+ Move a debug() call out of a SIGCHLD handler, fixing a hang when the
session exits very quickly (closes: #307890).
+ Fix some incorrect buffer allocation calculations (closes: #410599).
+ ssh-add doesn't ask for a passphrase if key file permissions are too
liberal (closes: #103677).
+ Likewise, ssh doesn't ask either (closes: #99675).
- 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
+ sshd now allows the enabling and disabling of authentication methods
on a per user, group, host and network basis via the Match directive
in sshd_config.
+ Fixed an inconsistent check for a terminal when displaying scp
progress meter (closes: #257524).
+ Fix "hang on exit" when background processes are running at the time
of exit on a ttyful/login session (closes: #88337).
* Update to current GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
install ChangeLog.gssapi.
Diffstat (limited to 'sftp.c')
-rw-r--r-- | sftp.c | 46 |
1 files changed, 35 insertions, 11 deletions
@@ -1,3 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.96 2007/01/03 04:09:15 stevesk Exp $ */ | ||
1 | /* | 2 | /* |
2 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
3 | * | 4 | * |
@@ -16,21 +17,39 @@ | |||
16 | 17 | ||
17 | #include "includes.h" | 18 | #include "includes.h" |
18 | 19 | ||
19 | RCSID("$OpenBSD: sftp.c,v 1.70 2006/01/31 10:19:02 djm Exp $"); | 20 | #include <sys/types.h> |
21 | #include <sys/ioctl.h> | ||
22 | #ifdef HAVE_SYS_STAT_H | ||
23 | # include <sys/stat.h> | ||
24 | #endif | ||
25 | #include <sys/param.h> | ||
26 | #include <sys/socket.h> | ||
27 | #include <sys/wait.h> | ||
28 | |||
29 | #include <errno.h> | ||
20 | 30 | ||
31 | #ifdef HAVE_PATHS_H | ||
32 | # include <paths.h> | ||
33 | #endif | ||
21 | #ifdef USE_LIBEDIT | 34 | #ifdef USE_LIBEDIT |
22 | #include <histedit.h> | 35 | #include <histedit.h> |
23 | #else | 36 | #else |
24 | typedef void EditLine; | 37 | typedef void EditLine; |
25 | #endif | 38 | #endif |
39 | #include <signal.h> | ||
40 | #include <stdlib.h> | ||
41 | #include <stdio.h> | ||
42 | #include <string.h> | ||
43 | #include <unistd.h> | ||
44 | #include <stdarg.h> | ||
26 | 45 | ||
27 | #include "buffer.h" | ||
28 | #include "xmalloc.h" | 46 | #include "xmalloc.h" |
29 | #include "log.h" | 47 | #include "log.h" |
30 | #include "pathnames.h" | 48 | #include "pathnames.h" |
31 | #include "misc.h" | 49 | #include "misc.h" |
32 | 50 | ||
33 | #include "sftp.h" | 51 | #include "sftp.h" |
52 | #include "buffer.h" | ||
34 | #include "sftp-common.h" | 53 | #include "sftp-common.h" |
35 | #include "sftp-client.h" | 54 | #include "sftp-client.h" |
36 | 55 | ||
@@ -147,6 +166,7 @@ static const struct CMD cmds[] = { | |||
147 | 166 | ||
148 | int interactive_loop(int fd_in, int fd_out, char *file1, char *file2); | 167 | int interactive_loop(int fd_in, int fd_out, char *file1, char *file2); |
149 | 168 | ||
169 | /* ARGSUSED */ | ||
150 | static void | 170 | static void |
151 | killchild(int signo) | 171 | killchild(int signo) |
152 | { | 172 | { |
@@ -158,6 +178,7 @@ killchild(int signo) | |||
158 | _exit(1); | 178 | _exit(1); |
159 | } | 179 | } |
160 | 180 | ||
181 | /* ARGSUSED */ | ||
161 | static void | 182 | static void |
162 | cmd_interrupt(int signo) | 183 | cmd_interrupt(int signo) |
163 | { | 184 | { |
@@ -235,7 +256,7 @@ local_do_shell(const char *args) | |||
235 | if (errno != EINTR) | 256 | if (errno != EINTR) |
236 | fatal("Couldn't wait for child: %s", strerror(errno)); | 257 | fatal("Couldn't wait for child: %s", strerror(errno)); |
237 | if (!WIFEXITED(status)) | 258 | if (!WIFEXITED(status)) |
238 | error("Shell exited abormally"); | 259 | error("Shell exited abnormally"); |
239 | else if (WEXITSTATUS(status)) | 260 | else if (WEXITSTATUS(status)) |
240 | error("Shell exited with status %d", WEXITSTATUS(status)); | 261 | error("Shell exited with status %d", WEXITSTATUS(status)); |
241 | } | 262 | } |
@@ -279,11 +300,11 @@ static char * | |||
279 | path_append(char *p1, char *p2) | 300 | path_append(char *p1, char *p2) |
280 | { | 301 | { |
281 | char *ret; | 302 | char *ret; |
282 | int len = strlen(p1) + strlen(p2) + 2; | 303 | size_t len = strlen(p1) + strlen(p2) + 2; |
283 | 304 | ||
284 | ret = xmalloc(len); | 305 | ret = xmalloc(len); |
285 | strlcpy(ret, p1, len); | 306 | strlcpy(ret, p1, len); |
286 | if (p1[strlen(p1) - 1] != '/') | 307 | if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/') |
287 | strlcat(ret, "/", len); | 308 | strlcat(ret, "/", len); |
288 | strlcat(ret, p2, len); | 309 | strlcat(ret, p2, len); |
289 | 310 | ||
@@ -474,7 +495,7 @@ is_dir(char *path) | |||
474 | if (stat(path, &sb) == -1) | 495 | if (stat(path, &sb) == -1) |
475 | return(0); | 496 | return(0); |
476 | 497 | ||
477 | return(sb.st_mode & S_IFDIR); | 498 | return(S_ISDIR(sb.st_mode)); |
478 | } | 499 | } |
479 | 500 | ||
480 | static int | 501 | static int |
@@ -498,7 +519,7 @@ remote_is_dir(struct sftp_conn *conn, char *path) | |||
498 | return(0); | 519 | return(0); |
499 | if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) | 520 | if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) |
500 | return(0); | 521 | return(0); |
501 | return(a->perm & S_IFDIR); | 522 | return(S_ISDIR(a->perm)); |
502 | } | 523 | } |
503 | 524 | ||
504 | static int | 525 | static int |
@@ -538,6 +559,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) | |||
538 | 559 | ||
539 | if (g.gl_matchc == 1 && dst) { | 560 | if (g.gl_matchc == 1 && dst) { |
540 | /* If directory specified, append filename */ | 561 | /* If directory specified, append filename */ |
562 | xfree(tmp); | ||
541 | if (is_dir(dst)) { | 563 | if (is_dir(dst)) { |
542 | if (infer_path(g.gl_pathv[0], &tmp)) { | 564 | if (infer_path(g.gl_pathv[0], &tmp)) { |
543 | err = 1; | 565 | err = 1; |
@@ -562,8 +584,6 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) | |||
562 | 584 | ||
563 | out: | 585 | out: |
564 | xfree(abs_src); | 586 | xfree(abs_src); |
565 | if (abs_dst) | ||
566 | xfree(abs_dst); | ||
567 | globfree(&g); | 587 | globfree(&g); |
568 | return(err); | 588 | return(err); |
569 | } | 589 | } |
@@ -959,6 +979,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, | |||
959 | case I_CHOWN: | 979 | case I_CHOWN: |
960 | case I_CHGRP: | 980 | case I_CHGRP: |
961 | /* Get numeric arg (mandatory) */ | 981 | /* Get numeric arg (mandatory) */ |
982 | errno = 0; | ||
962 | l = strtol(cp, &cp2, base); | 983 | l = strtol(cp, &cp2, base); |
963 | if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) && | 984 | if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) && |
964 | errno == ERANGE) || l < 0) { | 985 | errno == ERANGE) || l < 0) { |
@@ -1280,6 +1301,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | |||
1280 | if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) { | 1301 | if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) { |
1281 | xfree(dir); | 1302 | xfree(dir); |
1282 | xfree(pwd); | 1303 | xfree(pwd); |
1304 | xfree(conn); | ||
1283 | return (-1); | 1305 | return (-1); |
1284 | } | 1306 | } |
1285 | } else { | 1307 | } else { |
@@ -1292,6 +1314,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | |||
1292 | err = parse_dispatch_command(conn, cmd, &pwd, 1); | 1314 | err = parse_dispatch_command(conn, cmd, &pwd, 1); |
1293 | xfree(dir); | 1315 | xfree(dir); |
1294 | xfree(pwd); | 1316 | xfree(pwd); |
1317 | xfree(conn); | ||
1295 | return (err); | 1318 | return (err); |
1296 | } | 1319 | } |
1297 | xfree(dir); | 1320 | xfree(dir); |
@@ -1356,6 +1379,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) | |||
1356 | break; | 1379 | break; |
1357 | } | 1380 | } |
1358 | xfree(pwd); | 1381 | xfree(pwd); |
1382 | xfree(conn); | ||
1359 | 1383 | ||
1360 | #ifdef USE_LIBEDIT | 1384 | #ifdef USE_LIBEDIT |
1361 | if (el != NULL) | 1385 | if (el != NULL) |
@@ -1455,7 +1479,7 @@ main(int argc, char **argv) | |||
1455 | __progname = ssh_get_progname(argv[0]); | 1479 | __progname = ssh_get_progname(argv[0]); |
1456 | memset(&args, '\0', sizeof(args)); | 1480 | memset(&args, '\0', sizeof(args)); |
1457 | args.list = NULL; | 1481 | args.list = NULL; |
1458 | addargs(&args, ssh_program); | 1482 | addargs(&args, "%s", ssh_program); |
1459 | addargs(&args, "-oForwardX11 no"); | 1483 | addargs(&args, "-oForwardX11 no"); |
1460 | addargs(&args, "-oForwardAgent no"); | 1484 | addargs(&args, "-oForwardAgent no"); |
1461 | addargs(&args, "-oPermitLocalCommand no"); | 1485 | addargs(&args, "-oPermitLocalCommand no"); |
@@ -1544,7 +1568,7 @@ main(int argc, char **argv) | |||
1544 | fprintf(stderr, "Missing username\n"); | 1568 | fprintf(stderr, "Missing username\n"); |
1545 | usage(); | 1569 | usage(); |
1546 | } | 1570 | } |
1547 | addargs(&args, "-l%s",userhost); | 1571 | addargs(&args, "-l%s", userhost); |
1548 | } | 1572 | } |
1549 | 1573 | ||
1550 | if ((cp = colon(host)) != NULL) { | 1574 | if ((cp = colon(host)) != NULL) { |