diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | sftp-server.8 | 24 | ||||
| -rw-r--r-- | sftp-server.c | 9 |
3 files changed, 21 insertions, 16 deletions
| @@ -25,6 +25,10 @@ | |||
| 25 | - djm@cvs.openbsd.org 2013/10/11 02:53:45 | 25 | - djm@cvs.openbsd.org 2013/10/11 02:53:45 |
| 26 | [sftp-client.h] | 26 | [sftp-client.h] |
| 27 | obsolete comment | 27 | obsolete comment |
| 28 | - jmc@cvs.openbsd.org 2013/10/14 14:18:56 | ||
| 29 | [sftp-server.8 sftp-server.c] | ||
| 30 | tweak previous; | ||
| 31 | ok djm | ||
| 28 | 32 | ||
| 29 | 20131010 | 33 | 20131010 |
| 30 | - (dtucker) OpenBSD CVS Sync | 34 | - (dtucker) OpenBSD CVS Sync |
diff --git a/sftp-server.8 b/sftp-server.8 index d7604b28d..1e0b277b4 100644 --- a/sftp-server.8 +++ b/sftp-server.8 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: sftp-server.8,v 1.24 2013/10/09 23:42:17 djm Exp $ | 1 | .\" $OpenBSD: sftp-server.8,v 1.25 2013/10/14 14:18:56 jmc Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | .\" | 4 | .\" |
| @@ -22,7 +22,7 @@ | |||
| 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 24 | .\" | 24 | .\" |
| 25 | .Dd $Mdocdate: October 9 2013 $ | 25 | .Dd $Mdocdate: October 14 2013 $ |
| 26 | .Dt SFTP-SERVER 8 | 26 | .Dt SFTP-SERVER 8 |
| 27 | .Os | 27 | .Os |
| 28 | .Sh NAME | 28 | .Sh NAME |
| @@ -35,6 +35,8 @@ | |||
| 35 | .Op Fl d Ar start_directory | 35 | .Op Fl d Ar start_directory |
| 36 | .Op Fl f Ar log_facility | 36 | .Op Fl f Ar log_facility |
| 37 | .Op Fl l Ar log_level | 37 | .Op Fl l Ar log_level |
| 38 | .Op Fl P Ar blacklisted_requests | ||
| 39 | .Op Fl p Ar whitelisted_requests | ||
| 38 | .Op Fl u Ar umask | 40 | .Op Fl u Ar umask |
| 39 | .Ek | 41 | .Ek |
| 40 | .Nm | 42 | .Nm |
| @@ -98,35 +100,33 @@ DEBUG and DEBUG1 are equivalent. | |||
| 98 | DEBUG2 and DEBUG3 each specify higher levels of debugging output. | 100 | DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
| 99 | The default is ERROR. | 101 | The default is ERROR. |
| 100 | .It Fl P Ar blacklisted_requests | 102 | .It Fl P Ar blacklisted_requests |
| 101 | Specify a comma-separated list of sftp protocol requests that are banned by | 103 | Specify a comma-separated list of SFTP protocol requests that are banned by |
| 102 | the server. | 104 | the server. |
| 103 | .Nm | 105 | .Nm |
| 104 | will reply to any blacklisted request with a failure. | 106 | will reply to any blacklisted request with a failure. |
| 105 | The | 107 | The |
| 106 | .Fl Q | 108 | .Fl Q |
| 107 | flag allows querying | 109 | flag can be used to determine the supported request types. |
| 108 | .Nm | ||
| 109 | to determine the supported request types. | ||
| 110 | If both a blacklist and a whitelist are specified, then the blacklist is | 110 | If both a blacklist and a whitelist are specified, then the blacklist is |
| 111 | applied before the whitelist. | 111 | applied before the whitelist. |
| 112 | .It Fl p Ar whitelisted_requests | 112 | .It Fl p Ar whitelisted_requests |
| 113 | Specify a comma-separated list of sftp protocol requests that are permitted | 113 | Specify a comma-separated list of SFTP protocol requests that are permitted |
| 114 | by the server. | 114 | by the server. |
| 115 | All request types that are not on the whitelist will be logged and replied | 115 | All request types that are not on the whitelist will be logged and replied |
| 116 | to with a failure message. | 116 | to with a failure message. |
| 117 | .Pp | 117 | .Pp |
| 118 | Care must be taken when using this feature to ensure that requests made | 118 | Care must be taken when using this feature to ensure that requests made |
| 119 | implicitly by sftp clients are permitted. | 119 | implicitly by SFTP clients are permitted. |
| 120 | .It Fl Q Ar protocol_feature | 120 | .It Fl Q Ar protocol_feature |
| 121 | Query protocol features supported by | 121 | Query protocol features supported by |
| 122 | .Nm . | 122 | .Nm . |
| 123 | At present the only feature that may be queried is | 123 | At present the only feature that may be queried is |
| 124 | .Dq requests , | 124 | .Dq requests , |
| 125 | that may be used for whitelisting or blacklisting (flags | 125 | which may be used for black or whitelisting (flags |
| 126 | .Fl p | ||
| 127 | and | ||
| 128 | .Fl P | 126 | .Fl P |
| 129 | respectively.) | 127 | and |
| 128 | .Fl p | ||
| 129 | respectively). | ||
| 130 | .It Fl R | 130 | .It Fl R |
| 131 | Places this instance of | 131 | Places this instance of |
| 132 | .Nm | 132 | .Nm |
diff --git a/sftp-server.c b/sftp-server.c index 52278148d..b62bd3510 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sftp-server.c,v 1.99 2013/10/10 00:53:25 djm Exp $ */ | 1 | /* $OpenBSD: sftp-server.c,v 1.100 2013/10/14 14:18:56 jmc Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -1392,9 +1392,10 @@ sftp_server_usage(void) | |||
| 1392 | 1392 | ||
| 1393 | fprintf(stderr, | 1393 | fprintf(stderr, |
| 1394 | "usage: %s [-ehR] [-d start_directory] [-f log_facility] " | 1394 | "usage: %s [-ehR] [-d start_directory] [-f log_facility] " |
| 1395 | "[-l log_level]\n\t[-p request_whitelist] [-P request_blacklist] " | 1395 | "[-l log_level]\n\t[-P blacklisted_requests] " |
| 1396 | "[-Q feature] [-u umask]\n", | 1396 | "[-p whitelisted_requests] [-u umask]\n" |
| 1397 | __progname); | 1397 | " %s -Q protocol_feature\n", |
| 1398 | __progname, __progname); | ||
| 1398 | exit(1); | 1399 | exit(1); |
| 1399 | } | 1400 | } |
| 1400 | 1401 | ||