diff options
Diffstat (limited to 'sftp-server.c')
| -rw-r--r-- | sftp-server.c | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/sftp-server.c b/sftp-server.c index 359204fa7..55386fa9a 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sftp-server.c,v 1.117 2019/07/05 04:55:40 djm Exp $ */ | 1 | /* $OpenBSD: sftp-server.c,v 1.119 2020/07/17 03:51:32 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -74,7 +74,7 @@ static int init_done; | |||
| 74 | static int readonly; | 74 | static int readonly; |
| 75 | 75 | ||
| 76 | /* Requests that are allowed/denied */ | 76 | /* Requests that are allowed/denied */ |
| 77 | static char *request_whitelist, *request_blacklist; | 77 | static char *request_allowlist, *request_denylist; |
| 78 | 78 | ||
| 79 | /* portable attributes, etc. */ | 79 | /* portable attributes, etc. */ |
| 80 | typedef struct Stat Stat; | 80 | typedef struct Stat Stat; |
| @@ -164,20 +164,20 @@ request_permitted(const struct sftp_handler *h) | |||
| 164 | verbose("Refusing %s request in read-only mode", h->name); | 164 | verbose("Refusing %s request in read-only mode", h->name); |
| 165 | return 0; | 165 | return 0; |
| 166 | } | 166 | } |
| 167 | if (request_blacklist != NULL && | 167 | if (request_denylist != NULL && |
| 168 | ((result = match_list(h->name, request_blacklist, NULL))) != NULL) { | 168 | ((result = match_list(h->name, request_denylist, NULL))) != NULL) { |
| 169 | free(result); | 169 | free(result); |
| 170 | verbose("Refusing blacklisted %s request", h->name); | 170 | verbose("Refusing denylisted %s request", h->name); |
| 171 | return 0; | 171 | return 0; |
| 172 | } | 172 | } |
| 173 | if (request_whitelist != NULL && | 173 | if (request_allowlist != NULL && |
| 174 | ((result = match_list(h->name, request_whitelist, NULL))) != NULL) { | 174 | ((result = match_list(h->name, request_allowlist, NULL))) != NULL) { |
| 175 | free(result); | 175 | free(result); |
| 176 | debug2("Permitting whitelisted %s request", h->name); | 176 | debug2("Permitting allowlisted %s request", h->name); |
| 177 | return 1; | 177 | return 1; |
| 178 | } | 178 | } |
| 179 | if (request_whitelist != NULL) { | 179 | if (request_allowlist != NULL) { |
| 180 | verbose("Refusing non-whitelisted %s request", h->name); | 180 | verbose("Refusing non-allowlisted %s request", h->name); |
| 181 | return 0; | 181 | return 0; |
| 182 | } | 182 | } |
| 183 | return 1; | 183 | return 1; |
| @@ -799,18 +799,19 @@ process_write(u_int32_t id) | |||
| 799 | if (!(handle_to_flags(handle) & O_APPEND) && | 799 | if (!(handle_to_flags(handle) & O_APPEND) && |
| 800 | lseek(fd, off, SEEK_SET) == -1) { | 800 | lseek(fd, off, SEEK_SET) == -1) { |
| 801 | status = errno_to_portable(errno); | 801 | status = errno_to_portable(errno); |
| 802 | error("process_write: seek failed"); | 802 | error("%s: seek failed", __func__); |
| 803 | } else { | 803 | } else { |
| 804 | /* XXX ATOMICIO ? */ | 804 | /* XXX ATOMICIO ? */ |
| 805 | ret = write(fd, data, len); | 805 | ret = write(fd, data, len); |
| 806 | if (ret == -1) { | 806 | if (ret == -1) { |
| 807 | error("process_write: write failed"); | 807 | error("%s: write: %s", __func__, |
| 808 | strerror(errno)); | ||
| 808 | status = errno_to_portable(errno); | 809 | status = errno_to_portable(errno); |
| 809 | } else if ((size_t)ret == len) { | 810 | } else if ((size_t)ret == len) { |
| 810 | status = SSH2_FX_OK; | 811 | status = SSH2_FX_OK; |
| 811 | handle_update_write(handle, ret); | 812 | handle_update_write(handle, ret); |
| 812 | } else { | 813 | } else { |
| 813 | debug2("nothing at all written"); | 814 | debug2("%s: nothing at all written", __func__); |
| 814 | status = SSH2_FX_FAILURE; | 815 | status = SSH2_FX_FAILURE; |
| 815 | } | 816 | } |
| 816 | } | 817 | } |
| @@ -1556,8 +1557,8 @@ sftp_server_usage(void) | |||
| 1556 | 1557 | ||
| 1557 | fprintf(stderr, | 1558 | fprintf(stderr, |
| 1558 | "usage: %s [-ehR] [-d start_directory] [-f log_facility] " | 1559 | "usage: %s [-ehR] [-d start_directory] [-f log_facility] " |
| 1559 | "[-l log_level]\n\t[-P blacklisted_requests] " | 1560 | "[-l log_level]\n\t[-P denied_requests] " |
| 1560 | "[-p whitelisted_requests] [-u umask]\n" | 1561 | "[-p allowed_requests] [-u umask]\n" |
| 1561 | " %s -Q protocol_feature\n", | 1562 | " %s -Q protocol_feature\n", |
| 1562 | __progname, __progname); | 1563 | __progname, __progname); |
| 1563 | exit(1); | 1564 | exit(1); |
| @@ -1627,14 +1628,14 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) | |||
| 1627 | free(cp); | 1628 | free(cp); |
| 1628 | break; | 1629 | break; |
| 1629 | case 'p': | 1630 | case 'p': |
| 1630 | if (request_whitelist != NULL) | 1631 | if (request_allowlist != NULL) |
| 1631 | fatal("Permitted requests already set"); | 1632 | fatal("Permitted requests already set"); |
| 1632 | request_whitelist = xstrdup(optarg); | 1633 | request_allowlist = xstrdup(optarg); |
| 1633 | break; | 1634 | break; |
| 1634 | case 'P': | 1635 | case 'P': |
| 1635 | if (request_blacklist != NULL) | 1636 | if (request_denylist != NULL) |
| 1636 | fatal("Refused requests already set"); | 1637 | fatal("Refused requests already set"); |
| 1637 | request_blacklist = xstrdup(optarg); | 1638 | request_denylist = xstrdup(optarg); |
| 1638 | break; | 1639 | break; |
| 1639 | case 'u': | 1640 | case 'u': |
| 1640 | errno = 0; | 1641 | errno = 0; |