1 /* $OpenBSD: sftp-client.c,v 1.176 2024/05/17 02:39:11 jsg Exp $ */
2 /*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 /* XXX: memleaks */
19 /* XXX: signed vs unsigned */
20 /* XXX: remove all logging, only return status codes */
21 /* XXX: copy between two remote sites */
22
23 #include <sys/types.h>
24 #include <sys/poll.h>
25 #include <sys/queue.h>
26 #include <sys/stat.h>
27 #include <sys/time.h>
28 #include <sys/statvfs.h>
29 #include <sys/uio.h>
30
31 #include <dirent.h>
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <poll.h>
35 #include <signal.h>
36 #include <stdarg.h>
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <unistd.h>
41
42 #include "xmalloc.h"
43 #include "ssherr.h"
44 #include "sshbuf.h"
45 #include "log.h"
46 #include "atomicio.h"
47 #include "progressmeter.h"
48 #include "misc.h"
49 #include "utf8.h"
50
51 #include "sftp.h"
52 #include "sftp-common.h"
53 #include "sftp-client.h"
54
55 extern volatile sig_atomic_t interrupted;
56 extern int showprogress;
57
58 /* Default size of buffer for up/download (fix sftp.1 scp.1 if changed) */
59 #define DEFAULT_COPY_BUFLEN 32768
60
61 /* Default number of concurrent xfer requests (fix sftp.1 scp.1 if changed) */
62 #define DEFAULT_NUM_REQUESTS 64
63
64 /* Minimum amount of data to read at a time */
65 #define MIN_READ_SIZE 512
66
67 /* Maximum depth to descend in directory trees */
68 #define MAX_DIR_DEPTH 64
69
70 struct sftp_conn {
71 int fd_in;
72 int fd_out;
73 u_int download_buflen;
74 u_int upload_buflen;
75 u_int num_requests;
76 u_int version;
77 u_int msg_id;
78 #define SFTP_EXT_POSIX_RENAME 0x00000001
79 #define SFTP_EXT_STATVFS 0x00000002
80 #define SFTP_EXT_FSTATVFS 0x00000004
81 #define SFTP_EXT_HARDLINK 0x00000008
82 #define SFTP_EXT_FSYNC 0x00000010
83 #define SFTP_EXT_LSETSTAT 0x00000020
84 #define SFTP_EXT_LIMITS 0x00000040
85 #define SFTP_EXT_PATH_EXPAND 0x00000080
86 #define SFTP_EXT_COPY_DATA 0x00000100
87 #define SFTP_EXT_GETUSERSGROUPS_BY_ID 0x00000200
88 u_int exts;
89 u_int64_t limit_kbps;
90 struct bwlimit bwlimit_in, bwlimit_out;
91 };
92
93 /* Tracks in-progress requests during file transfers */
94 struct request {
95 u_int id;
96 size_t len;
97 u_int64_t offset;
98 TAILQ_ENTRY(request) tq;
99 };
100 TAILQ_HEAD(requests, request);
101
102 static u_char *
103 get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
104 const char *errfmt, ...) __attribute__((format(printf, 4, 5)));
105
106 static struct request *
request_enqueue(struct requests * requests,u_int id,size_t len,uint64_t offset)107 request_enqueue(struct requests *requests, u_int id, size_t len,
108 uint64_t offset)
109 {
110 struct request *req;
111
112 req = xcalloc(1, sizeof(*req));
113 req->id = id;
114 req->len = len;
115 req->offset = offset;
116 TAILQ_INSERT_TAIL(requests, req, tq);
117 return req;
118 }
119
120 static struct request *
request_find(struct requests * requests,u_int id)121 request_find(struct requests *requests, u_int id)
122 {
123 struct request *req;
124
125 for (req = TAILQ_FIRST(requests);
126 req != NULL && req->id != id;
127 req = TAILQ_NEXT(req, tq))
128 ;
129 return req;
130 }
131
132 static int
sftpio(void * _bwlimit,size_t amount)133 sftpio(void *_bwlimit, size_t amount)
134 {
135 struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
136
137 refresh_progress_meter(0);
138 if (bwlimit != NULL)
139 bandwidth_limit(bwlimit, amount);
140 return 0;
141 }
142
143 static void
send_msg(struct sftp_conn * conn,struct sshbuf * m)144 send_msg(struct sftp_conn *conn, struct sshbuf *m)
145 {
146 u_char mlen[4];
147 struct iovec iov[2];
148
149 if (sshbuf_len(m) > SFTP_MAX_MSG_LENGTH)
150 fatal("Outbound message too long %zu", sshbuf_len(m));
151
152 /* Send length first */
153 put_u32(mlen, sshbuf_len(m));
154 iov[0].iov_base = mlen;
155 iov[0].iov_len = sizeof(mlen);
156 iov[1].iov_base = (u_char *)sshbuf_ptr(m);
157 iov[1].iov_len = sshbuf_len(m);
158
159 if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio,
160 conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) !=
161 sshbuf_len(m) + sizeof(mlen))
162 fatal("Couldn't send packet: %s", strerror(errno));
163
164 sshbuf_reset(m);
165 }
166
167 static void
get_msg_extended(struct sftp_conn * conn,struct sshbuf * m,int initial)168 get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
169 {
170 u_int msg_len;
171 u_char *p;
172 int r;
173
174 sshbuf_reset(m);
175 if ((r = sshbuf_reserve(m, 4, &p)) != 0)
176 fatal_fr(r, "reserve");
177 if (atomicio6(read, conn->fd_in, p, 4, sftpio,
178 conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
179 if (errno == EPIPE || errno == ECONNRESET)
180 fatal("Connection closed");
181 else
182 fatal("Couldn't read packet: %s", strerror(errno));
183 }
184
185 if ((r = sshbuf_get_u32(m, &msg_len)) != 0)
186 fatal_fr(r, "sshbuf_get_u32");
187 if (msg_len > SFTP_MAX_MSG_LENGTH) {
188 do_log2(initial ? SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_FATAL,
189 "Received message too long %u", msg_len);
190 fatal("Ensure the remote shell produces no output "
191 "for non-interactive sessions.");
192 }
193
194 if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
195 fatal_fr(r, "reserve");
196 if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
197 conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
198 != msg_len) {
199 if (errno == EPIPE)
200 fatal("Connection closed");
201 else
202 fatal("Read packet: %s", strerror(errno));
203 }
204 }
205
206 static void
get_msg(struct sftp_conn * conn,struct sshbuf * m)207 get_msg(struct sftp_conn *conn, struct sshbuf *m)
208 {
209 get_msg_extended(conn, m, 0);
210 }
211
212 static void
send_string_request(struct sftp_conn * conn,u_int id,u_int code,const char * s,u_int len)213 send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s,
214 u_int len)
215 {
216 struct sshbuf *msg;
217 int r;
218
219 if ((msg = sshbuf_new()) == NULL)
220 fatal_f("sshbuf_new failed");
221 if ((r = sshbuf_put_u8(msg, code)) != 0 ||
222 (r = sshbuf_put_u32(msg, id)) != 0 ||
223 (r = sshbuf_put_string(msg, s, len)) != 0)
224 fatal_fr(r, "compose");
225 send_msg(conn, msg);
226 debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
227 sshbuf_free(msg);
228 }
229
230 static void
send_string_attrs_request(struct sftp_conn * conn,u_int id,u_int code,const void * s,u_int len,Attrib * a)231 send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code,
232 const void *s, u_int len, Attrib *a)
233 {
234 struct sshbuf *msg;
235 int r;
236
237 if ((msg = sshbuf_new()) == NULL)
238 fatal_f("sshbuf_new failed");
239 if ((r = sshbuf_put_u8(msg, code)) != 0 ||
240 (r = sshbuf_put_u32(msg, id)) != 0 ||
241 (r = sshbuf_put_string(msg, s, len)) != 0 ||
242 (r = encode_attrib(msg, a)) != 0)
243 fatal_fr(r, "compose");
244 send_msg(conn, msg);
245 debug3("Sent message fd %d T:%u I:%u F:0x%04x M:%05o",
246 conn->fd_out, code, id, a->flags, a->perm);
247 sshbuf_free(msg);
248 }
249
250 static u_int
get_status(struct sftp_conn * conn,u_int expected_id)251 get_status(struct sftp_conn *conn, u_int expected_id)
252 {
253 struct sshbuf *msg;
254 u_char type;
255 u_int id, status;
256 int r;
257
258 if ((msg = sshbuf_new()) == NULL)
259 fatal_f("sshbuf_new failed");
260 get_msg(conn, msg);
261 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
262 (r = sshbuf_get_u32(msg, &id)) != 0)
263 fatal_fr(r, "compose");
264
265 if (id != expected_id)
266 fatal("ID mismatch (%u != %u)", id, expected_id);
267 if (type != SSH2_FXP_STATUS)
268 fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
269 SSH2_FXP_STATUS, type);
270
271 if ((r = sshbuf_get_u32(msg, &status)) != 0)
272 fatal_fr(r, "parse");
273 sshbuf_free(msg);
274
275 debug3("SSH2_FXP_STATUS %u", status);
276
277 return status;
278 }
279
280 static u_char *
get_handle(struct sftp_conn * conn,u_int expected_id,size_t * len,const char * errfmt,...)281 get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
282 const char *errfmt, ...)
283 {
284 struct sshbuf *msg;
285 u_int id, status;
286 u_char type;
287 u_char *handle;
288 char errmsg[256];
289 va_list args;
290 int r;
291
292 va_start(args, errfmt);
293 if (errfmt != NULL)
294 vsnprintf(errmsg, sizeof(errmsg), errfmt, args);
295 va_end(args);
296
297 if ((msg = sshbuf_new()) == NULL)
298 fatal_f("sshbuf_new failed");
299 get_msg(conn, msg);
300 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
301 (r = sshbuf_get_u32(msg, &id)) != 0)
302 fatal_fr(r, "parse");
303
304 if (id != expected_id)
305 fatal("%s: ID mismatch (%u != %u)",
306 errfmt == NULL ? __func__ : errmsg, id, expected_id);
307 if (type == SSH2_FXP_STATUS) {
308 if ((r = sshbuf_get_u32(msg, &status)) != 0)
309 fatal_fr(r, "parse status");
310 if (errfmt != NULL)
311 error("%s: %s", errmsg, fx2txt(status));
312 sshbuf_free(msg);
313 return(NULL);
314 } else if (type != SSH2_FXP_HANDLE)
315 fatal("%s: Expected SSH2_FXP_HANDLE(%u) packet, got %u",
316 errfmt == NULL ? __func__ : errmsg, SSH2_FXP_HANDLE, type);
317
318 if ((r = sshbuf_get_string(msg, &handle, len)) != 0)
319 fatal_fr(r, "parse handle");
320 sshbuf_free(msg);
321
322 return handle;
323 }
324
325 static int
get_decode_stat(struct sftp_conn * conn,u_int expected_id,int quiet,Attrib * a)326 get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet, Attrib *a)
327 {
328 struct sshbuf *msg;
329 u_int id;
330 u_char type;
331 int r;
332 Attrib attr;
333
334 if (a != NULL)
335 memset(a, '\0', sizeof(*a));
336 if ((msg = sshbuf_new()) == NULL)
337 fatal_f("sshbuf_new failed");
338 get_msg(conn, msg);
339
340 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
341 (r = sshbuf_get_u32(msg, &id)) != 0)
342 fatal_fr(r, "parse");
343
344 if (id != expected_id)
345 fatal("ID mismatch (%u != %u)", id, expected_id);
346 if (type == SSH2_FXP_STATUS) {
347 u_int status;
348
349 if ((r = sshbuf_get_u32(msg, &status)) != 0)
350 fatal_fr(r, "parse status");
351 if (quiet)
352 debug("stat remote: %s", fx2txt(status));
353 else
354 error("stat remote: %s", fx2txt(status));
355 sshbuf_free(msg);
356 return -1;
357 } else if (type != SSH2_FXP_ATTRS) {
358 fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
359 SSH2_FXP_ATTRS, type);
360 }
361 if ((r = decode_attrib(msg, &attr)) != 0) {
362 error_fr(r, "decode_attrib");
363 sshbuf_free(msg);
364 return -1;
365 }
366 /* success */
367 if (a != NULL)
368 *a = attr;
369 debug3("Received stat reply T:%u I:%u F:0x%04x M:%05o",
370 type, id, attr.flags, attr.perm);
371 sshbuf_free(msg);
372
373 return 0;
374 }
375
376 static int
get_decode_statvfs(struct sftp_conn * conn,struct sftp_statvfs * st,u_int expected_id,int quiet)377 get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st,
378 u_int expected_id, int quiet)
379 {
380 struct sshbuf *msg;
381 u_char type;
382 u_int id;
383 u_int64_t flag;
384 int r;
385
386 if ((msg = sshbuf_new()) == NULL)
387 fatal_f("sshbuf_new failed");
388 get_msg(conn, msg);
389
390 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
391 (r = sshbuf_get_u32(msg, &id)) != 0)
392 fatal_fr(r, "parse");
393
394 debug3("Received statvfs reply T:%u I:%u", type, id);
395 if (id != expected_id)
396 fatal("ID mismatch (%u != %u)", id, expected_id);
397 if (type == SSH2_FXP_STATUS) {
398 u_int status;
399
400 if ((r = sshbuf_get_u32(msg, &status)) != 0)
401 fatal_fr(r, "parse status");
402 if (quiet)
403 debug("remote statvfs: %s", fx2txt(status));
404 else
405 error("remote statvfs: %s", fx2txt(status));
406 sshbuf_free(msg);
407 return -1;
408 } else if (type != SSH2_FXP_EXTENDED_REPLY) {
409 fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
410 SSH2_FXP_EXTENDED_REPLY, type);
411 }
412
413 memset(st, 0, sizeof(*st));
414 if ((r = sshbuf_get_u64(msg, &st->f_bsize)) != 0 ||
415 (r = sshbuf_get_u64(msg, &st->f_frsize)) != 0 ||
416 (r = sshbuf_get_u64(msg, &st->f_blocks)) != 0 ||
417 (r = sshbuf_get_u64(msg, &st->f_bfree)) != 0 ||
418 (r = sshbuf_get_u64(msg, &st->f_bavail)) != 0 ||
419 (r = sshbuf_get_u64(msg, &st->f_files)) != 0 ||
420 (r = sshbuf_get_u64(msg, &st->f_ffree)) != 0 ||
421 (r = sshbuf_get_u64(msg, &st->f_favail)) != 0 ||
422 (r = sshbuf_get_u64(msg, &st->f_fsid)) != 0 ||
423 (r = sshbuf_get_u64(msg, &flag)) != 0 ||
424 (r = sshbuf_get_u64(msg, &st->f_namemax)) != 0)
425 fatal_fr(r, "parse statvfs");
426
427 st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
428 st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
429
430 sshbuf_free(msg);
431
432 return 0;
433 }
434
435 struct sftp_conn *
sftp_init(int fd_in,int fd_out,u_int transfer_buflen,u_int num_requests,u_int64_t limit_kbps)436 sftp_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
437 u_int64_t limit_kbps)
438 {
439 u_char type;
440 struct sshbuf *msg;
441 struct sftp_conn *ret;
442 int r;
443
444 ret = xcalloc(1, sizeof(*ret));
445 ret->msg_id = 1;
446 ret->fd_in = fd_in;
447 ret->fd_out = fd_out;
448 ret->download_buflen = ret->upload_buflen =
449 transfer_buflen ? transfer_buflen : DEFAULT_COPY_BUFLEN;
450 ret->num_requests =
451 num_requests ? num_requests : DEFAULT_NUM_REQUESTS;
452 ret->exts = 0;
453 ret->limit_kbps = 0;
454
455 if ((msg = sshbuf_new()) == NULL)
456 fatal_f("sshbuf_new failed");
457 if ((r = sshbuf_put_u8(msg, SSH2_FXP_INIT)) != 0 ||
458 (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
459 fatal_fr(r, "parse");
460
461 send_msg(ret, msg);
462
463 get_msg_extended(ret, msg, 1);
464
465 /* Expecting a VERSION reply */
466 if ((r = sshbuf_get_u8(msg, &type)) != 0)
467 fatal_fr(r, "parse type");
468 if (type != SSH2_FXP_VERSION) {
469 error("Invalid packet back from SSH2_FXP_INIT (type %u)",
470 type);
471 sshbuf_free(msg);
472 free(ret);
473 return(NULL);
474 }
475 if ((r = sshbuf_get_u32(msg, &ret->version)) != 0)
476 fatal_fr(r, "parse version");
477
478 debug2("Remote version: %u", ret->version);
479
480 /* Check for extensions */
481 while (sshbuf_len(msg) > 0) {
482 char *name;
483 u_char *value;
484 size_t vlen;
485 int known = 0;
486
487 if ((r = sshbuf_get_cstring(msg, &name, NULL)) != 0 ||
488 (r = sshbuf_get_string(msg, &value, &vlen)) != 0)
489 fatal_fr(r, "parse extension");
490 if (strcmp(name, "posix-rename@openssh.com") == 0 &&
491 strcmp((char *)value, "1") == 0) {
492 ret->exts |= SFTP_EXT_POSIX_RENAME;
493 known = 1;
494 } else if (strcmp(name, "statvfs@openssh.com") == 0 &&
495 strcmp((char *)value, "2") == 0) {
496 ret->exts |= SFTP_EXT_STATVFS;
497 known = 1;
498 } else if (strcmp(name, "fstatvfs@openssh.com") == 0 &&
499 strcmp((char *)value, "2") == 0) {
500 ret->exts |= SFTP_EXT_FSTATVFS;
501 known = 1;
502 } else if (strcmp(name, "hardlink@openssh.com") == 0 &&
503 strcmp((char *)value, "1") == 0) {
504 ret->exts |= SFTP_EXT_HARDLINK;
505 known = 1;
506 } else if (strcmp(name, "fsync@openssh.com") == 0 &&
507 strcmp((char *)value, "1") == 0) {
508 ret->exts |= SFTP_EXT_FSYNC;
509 known = 1;
510 } else if (strcmp(name, "lsetstat@openssh.com") == 0 &&
511 strcmp((char *)value, "1") == 0) {
512 ret->exts |= SFTP_EXT_LSETSTAT;
513 known = 1;
514 } else if (strcmp(name, "limits@openssh.com") == 0 &&
515 strcmp((char *)value, "1") == 0) {
516 ret->exts |= SFTP_EXT_LIMITS;
517 known = 1;
518 } else if (strcmp(name, "expand-path@openssh.com") == 0 &&
519 strcmp((char *)value, "1") == 0) {
520 ret->exts |= SFTP_EXT_PATH_EXPAND;
521 known = 1;
522 } else if (strcmp(name, "copy-data") == 0 &&
523 strcmp((char *)value, "1") == 0) {
524 ret->exts |= SFTP_EXT_COPY_DATA;
525 known = 1;
526 } else if (strcmp(name,
527 "users-groups-by-id@openssh.com") == 0 &&
528 strcmp((char *)value, "1") == 0) {
529 ret->exts |= SFTP_EXT_GETUSERSGROUPS_BY_ID;
530 known = 1;
531 }
532 if (known) {
533 debug2("Server supports extension \"%s\" revision %s",
534 name, value);
535 } else {
536 debug2("Unrecognised server extension \"%s\"", name);
537 }
538 free(name);
539 free(value);
540 }
541
542 sshbuf_free(msg);
543
544 /* Query the server for its limits */
545 if (ret->exts & SFTP_EXT_LIMITS) {
546 struct sftp_limits limits;
547 if (sftp_get_limits(ret, &limits) != 0)
548 fatal_f("limits failed");
549
550 /* If the caller did not specify, find a good value */
551 if (transfer_buflen == 0) {
552 ret->download_buflen = MINIMUM(limits.read_length,
553 SFTP_MAX_MSG_LENGTH - 1024);
554 ret->upload_buflen = MINIMUM(limits.write_length,
555 SFTP_MAX_MSG_LENGTH - 1024);
556 ret->download_buflen = MAXIMUM(ret->download_buflen, 64);
557 ret->upload_buflen = MAXIMUM(ret->upload_buflen, 64);
558 debug3("server upload/download buffer sizes "
559 "%llu / %llu; using %u / %u",
560 (unsigned long long)limits.write_length,
561 (unsigned long long)limits.read_length,
562 ret->upload_buflen, ret->download_buflen);
563 }
564
565 /* Use the server limit to scale down our value only */
566 if (num_requests == 0 && limits.open_handles) {
567 ret->num_requests =
568 MINIMUM(DEFAULT_NUM_REQUESTS, limits.open_handles);
569 if (ret->num_requests == 0)
570 ret->num_requests = 1;
571 debug3("server handle limit %llu; using %u",
572 (unsigned long long)limits.open_handles,
573 ret->num_requests);
574 }
575 }
576
577 /* Some filexfer v.0 servers don't support large packets */
578 if (ret->version == 0) {
579 ret->download_buflen = MINIMUM(ret->download_buflen, 20480);
580 ret->upload_buflen = MINIMUM(ret->upload_buflen, 20480);
581 }
582
583 ret->limit_kbps = limit_kbps;
584 if (ret->limit_kbps > 0) {
585 bandwidth_limit_init(&ret->bwlimit_in, ret->limit_kbps,
586 ret->download_buflen);
587 bandwidth_limit_init(&ret->bwlimit_out, ret->limit_kbps,
588 ret->upload_buflen);
589 }
590
591 return ret;
592 }
593
594 u_int
sftp_proto_version(struct sftp_conn * conn)595 sftp_proto_version(struct sftp_conn *conn)
596 {
597 return conn->version;
598 }
599
600 int
sftp_get_limits(struct sftp_conn * conn,struct sftp_limits * limits)601 sftp_get_limits(struct sftp_conn *conn, struct sftp_limits *limits)
602 {
603 u_int id, msg_id;
604 u_char type;
605 struct sshbuf *msg;
606 int r;
607
608 if ((conn->exts & SFTP_EXT_LIMITS) == 0) {
609 error("Server does not support limits@openssh.com extension");
610 return -1;
611 }
612
613 if ((msg = sshbuf_new()) == NULL)
614 fatal_f("sshbuf_new failed");
615
616 id = conn->msg_id++;
617 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
618 (r = sshbuf_put_u32(msg, id)) != 0 ||
619 (r = sshbuf_put_cstring(msg, "limits@openssh.com")) != 0)
620 fatal_fr(r, "compose");
621 send_msg(conn, msg);
622 debug3("Sent message limits@openssh.com I:%u", id);
623
624 get_msg(conn, msg);
625
626 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
627 (r = sshbuf_get_u32(msg, &msg_id)) != 0)
628 fatal_fr(r, "parse");
629
630 debug3("Received limits reply T:%u I:%u", type, msg_id);
631 if (id != msg_id)
632 fatal("ID mismatch (%u != %u)", msg_id, id);
633 if (type != SSH2_FXP_EXTENDED_REPLY) {
634 debug_f("expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
635 SSH2_FXP_EXTENDED_REPLY, type);
636 /* Disable the limits extension */
637 conn->exts &= ~SFTP_EXT_LIMITS;
638 sshbuf_free(msg);
639 return -1;
640 }
641
642 memset(limits, 0, sizeof(*limits));
643 if ((r = sshbuf_get_u64(msg, &limits->packet_length)) != 0 ||
644 (r = sshbuf_get_u64(msg, &limits->read_length)) != 0 ||
645 (r = sshbuf_get_u64(msg, &limits->write_length)) != 0 ||
646 (r = sshbuf_get_u64(msg, &limits->open_handles)) != 0)
647 fatal_fr(r, "parse limits");
648
649 sshbuf_free(msg);
650
651 return 0;
652 }
653
654 int
sftp_close(struct sftp_conn * conn,const u_char * handle,u_int handle_len)655 sftp_close(struct sftp_conn *conn, const u_char *handle, u_int handle_len)
656 {
657 u_int id, status;
658 struct sshbuf *msg;
659 int r;
660
661 if ((msg = sshbuf_new()) == NULL)
662 fatal_f("sshbuf_new failed");
663
664 id = conn->msg_id++;
665 if ((r = sshbuf_put_u8(msg, SSH2_FXP_CLOSE)) != 0 ||
666 (r = sshbuf_put_u32(msg, id)) != 0 ||
667 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
668 fatal_fr(r, "parse");
669 send_msg(conn, msg);
670 debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
671
672 status = get_status(conn, id);
673 if (status != SSH2_FX_OK)
674 error("close remote: %s", fx2txt(status));
675
676 sshbuf_free(msg);
677
678 return status == SSH2_FX_OK ? 0 : -1;
679 }
680
681
682 static int
sftp_lsreaddir(struct sftp_conn * conn,const char * path,int print_flag,SFTP_DIRENT *** dir)683 sftp_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
684 SFTP_DIRENT ***dir)
685 {
686 struct sshbuf *msg;
687 u_int count, id, i, expected_id, ents = 0;
688 size_t handle_len;
689 u_char type, *handle;
690 int status = SSH2_FX_FAILURE;
691 int r;
692
693 if (dir)
694 *dir = NULL;
695
696 id = conn->msg_id++;
697
698 if ((msg = sshbuf_new()) == NULL)
699 fatal_f("sshbuf_new failed");
700 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPENDIR)) != 0 ||
701 (r = sshbuf_put_u32(msg, id)) != 0 ||
702 (r = sshbuf_put_cstring(msg, path)) != 0)
703 fatal_fr(r, "compose OPENDIR");
704 send_msg(conn, msg);
705
706 handle = get_handle(conn, id, &handle_len,
707 "remote readdir(\"%s\")", path);
708 if (handle == NULL) {
709 sshbuf_free(msg);
710 return -1;
711 }
712
713 if (dir) {
714 ents = 0;
715 *dir = xcalloc(1, sizeof(**dir));
716 (*dir)[0] = NULL;
717 }
718
719 for (; !interrupted;) {
720 id = expected_id = conn->msg_id++;
721
722 debug3("Sending SSH2_FXP_READDIR I:%u", id);
723
724 sshbuf_reset(msg);
725 if ((r = sshbuf_put_u8(msg, SSH2_FXP_READDIR)) != 0 ||
726 (r = sshbuf_put_u32(msg, id)) != 0 ||
727 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
728 fatal_fr(r, "compose READDIR");
729 send_msg(conn, msg);
730
731 sshbuf_reset(msg);
732
733 get_msg(conn, msg);
734
735 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
736 (r = sshbuf_get_u32(msg, &id)) != 0)
737 fatal_fr(r, "parse");
738
739 debug3("Received reply T:%u I:%u", type, id);
740
741 if (id != expected_id)
742 fatal("ID mismatch (%u != %u)", id, expected_id);
743
744 if (type == SSH2_FXP_STATUS) {
745 u_int rstatus;
746
747 if ((r = sshbuf_get_u32(msg, &rstatus)) != 0)
748 fatal_fr(r, "parse status");
749 debug3("Received SSH2_FXP_STATUS %d", rstatus);
750 if (rstatus == SSH2_FX_EOF)
751 break;
752 error("Couldn't read directory: %s", fx2txt(rstatus));
753 goto out;
754 } else if (type != SSH2_FXP_NAME)
755 fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
756 SSH2_FXP_NAME, type);
757
758 if ((r = sshbuf_get_u32(msg, &count)) != 0)
759 fatal_fr(r, "parse count");
760 if (count > SSHBUF_SIZE_MAX)
761 fatal_f("nonsensical number of entries");
762 if (count == 0)
763 break;
764 debug3("Received %d SSH2_FXP_NAME responses", count);
765 for (i = 0; i < count; i++) {
766 char *filename, *longname;
767 Attrib a;
768
769 if ((r = sshbuf_get_cstring(msg, &filename,
770 NULL)) != 0 ||
771 (r = sshbuf_get_cstring(msg, &longname,
772 NULL)) != 0)
773 fatal_fr(r, "parse filenames");
774 if ((r = decode_attrib(msg, &a)) != 0) {
775 error_fr(r, "couldn't decode attrib");
776 free(filename);
777 free(longname);
778 goto out;
779 }
780
781 if (print_flag)
782 mprintf("%s\n", longname);
783
784 /*
785 * Directory entries should never contain '/'
786 * These can be used to attack recursive ops
787 * (e.g. send '../../../../etc/passwd')
788 */
789 if (strchr(filename, '/') != NULL) {
790 error("Server sent suspect path \"%s\" "
791 "during readdir of \"%s\"", filename, path);
792 } else if (dir) {
793 *dir = xreallocarray(*dir, ents + 2, sizeof(**dir));
794 (*dir)[ents] = xcalloc(1, sizeof(***dir));
795 (*dir)[ents]->filename = xstrdup(filename);
796 (*dir)[ents]->longname = xstrdup(longname);
797 memcpy(&(*dir)[ents]->a, &a, sizeof(a));
798 (*dir)[++ents] = NULL;
799 }
800 free(filename);
801 free(longname);
802 }
803 }
804 status = 0;
805
806 out:
807 sshbuf_free(msg);
808 sftp_close(conn, handle, handle_len);
809 free(handle);
810
811 if (status != 0 && dir != NULL) {
812 /* Don't return results on error */
813 sftp_free_dirents(*dir);
814 *dir = NULL;
815 } else if (interrupted && dir != NULL && *dir != NULL) {
816 /* Don't return partial matches on interrupt */
817 sftp_free_dirents(*dir);
818 *dir = xcalloc(1, sizeof(**dir));
819 **dir = NULL;
820 }
821
822 return status == SSH2_FX_OK ? 0 : -1;
823 }
824
825 int
sftp_readdir(struct sftp_conn * conn,const char * path,SFTP_DIRENT *** dir)826 sftp_readdir(struct sftp_conn *conn, const char *path, SFTP_DIRENT ***dir)
827 {
828 return sftp_lsreaddir(conn, path, 0, dir);
829 }
830
sftp_free_dirents(SFTP_DIRENT ** s)831 void sftp_free_dirents(SFTP_DIRENT **s)
832 {
833 int i;
834
835 if (s == NULL)
836 return;
837 for (i = 0; s[i]; i++) {
838 free(s[i]->filename);
839 free(s[i]->longname);
840 free(s[i]);
841 }
842 free(s);
843 }
844
845 int
sftp_rm(struct sftp_conn * conn,const char * path)846 sftp_rm(struct sftp_conn *conn, const char *path)
847 {
848 u_int status, id;
849
850 debug2("Sending SSH2_FXP_REMOVE \"%s\"", path);
851
852 id = conn->msg_id++;
853 send_string_request(conn, id, SSH2_FXP_REMOVE, path, strlen(path));
854 status = get_status(conn, id);
855 if (status != SSH2_FX_OK)
856 error("remote delete %s: %s", path, fx2txt(status));
857 return status == SSH2_FX_OK ? 0 : -1;
858 }
859
860 int
sftp_mkdir(struct sftp_conn * conn,const char * path,Attrib * a,int print_flag)861 sftp_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int print_flag)
862 {
863 u_int status, id;
864
865 debug2("Sending SSH2_FXP_MKDIR \"%s\"", path);
866
867 id = conn->msg_id++;
868 send_string_attrs_request(conn, id, SSH2_FXP_MKDIR, path,
869 strlen(path), a);
870
871 status = get_status(conn, id);
872 if (status != SSH2_FX_OK && print_flag)
873 error("remote mkdir \"%s\": %s", path, fx2txt(status));
874
875 return status == SSH2_FX_OK ? 0 : -1;
876 }
877
878 int
sftp_rmdir(struct sftp_conn * conn,const char * path)879 sftp_rmdir(struct sftp_conn *conn, const char *path)
880 {
881 u_int status, id;
882
883 debug2("Sending SSH2_FXP_RMDIR \"%s\"", path);
884
885 id = conn->msg_id++;
886 send_string_request(conn, id, SSH2_FXP_RMDIR, path,
887 strlen(path));
888
889 status = get_status(conn, id);
890 if (status != SSH2_FX_OK)
891 error("remote rmdir \"%s\": %s", path, fx2txt(status));
892
893 return status == SSH2_FX_OK ? 0 : -1;
894 }
895
896 int
sftp_stat(struct sftp_conn * conn,const char * path,int quiet,Attrib * a)897 sftp_stat(struct sftp_conn *conn, const char *path, int quiet, Attrib *a)
898 {
899 u_int id;
900
901 debug2("Sending SSH2_FXP_STAT \"%s\"", path);
902
903 id = conn->msg_id++;
904
905 send_string_request(conn, id,
906 conn->version == 0 ? SSH2_FXP_STAT_VERSION_0 : SSH2_FXP_STAT,
907 path, strlen(path));
908
909 return get_decode_stat(conn, id, quiet, a);
910 }
911
912 int
sftp_lstat(struct sftp_conn * conn,const char * path,int quiet,Attrib * a)913 sftp_lstat(struct sftp_conn *conn, const char *path, int quiet, Attrib *a)
914 {
915 u_int id;
916
917 if (conn->version == 0) {
918 do_log2(quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_INFO,
919 "Server version does not support lstat operation");
920 return sftp_stat(conn, path, quiet, a);
921 }
922
923 id = conn->msg_id++;
924 send_string_request(conn, id, SSH2_FXP_LSTAT, path,
925 strlen(path));
926
927 return get_decode_stat(conn, id, quiet, a);
928 }
929
930 #ifdef notyet
931 int
sftp_fstat(struct sftp_conn * conn,const u_char * handle,u_int handle_len,int quiet,Attrib * a)932 sftp_fstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
933 int quiet, Attrib *a)
934 {
935 u_int id;
936
937 debug2("Sending SSH2_FXP_FSTAT \"%s\"");
938
939 id = conn->msg_id++;
940 send_string_request(conn, id, SSH2_FXP_FSTAT, handle,
941 handle_len);
942
943 return get_decode_stat(conn, id, quiet, a);
944 }
945 #endif
946
947 int
sftp_setstat(struct sftp_conn * conn,const char * path,Attrib * a)948 sftp_setstat(struct sftp_conn *conn, const char *path, Attrib *a)
949 {
950 u_int status, id;
951
952 debug2("Sending SSH2_FXP_SETSTAT \"%s\"", path);
953
954 id = conn->msg_id++;
955 send_string_attrs_request(conn, id, SSH2_FXP_SETSTAT, path,
956 strlen(path), a);
957
958 status = get_status(conn, id);
959 if (status != SSH2_FX_OK)
960 error("remote setstat \"%s\": %s", path, fx2txt(status));
961
962 return status == SSH2_FX_OK ? 0 : -1;
963 }
964
965 int
sftp_fsetstat(struct sftp_conn * conn,const u_char * handle,u_int handle_len,Attrib * a)966 sftp_fsetstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
967 Attrib *a)
968 {
969 u_int status, id;
970
971 debug2("Sending SSH2_FXP_FSETSTAT");
972
973 id = conn->msg_id++;
974 send_string_attrs_request(conn, id, SSH2_FXP_FSETSTAT, handle,
975 handle_len, a);
976
977 status = get_status(conn, id);
978 if (status != SSH2_FX_OK)
979 error("remote fsetstat: %s", fx2txt(status));
980
981 return status == SSH2_FX_OK ? 0 : -1;
982 }
983
984 /* Implements both the realpath and expand-path operations */
985 static char *
sftp_realpath_expand(struct sftp_conn * conn,const char * path,int expand)986 sftp_realpath_expand(struct sftp_conn *conn, const char *path, int expand)
987 {
988 struct sshbuf *msg;
989 u_int expected_id, count, id;
990 char *filename, *longname;
991 Attrib a;
992 u_char type;
993 int r;
994 const char *what = "SSH2_FXP_REALPATH";
995
996 if (expand)
997 what = "expand-path@openssh.com";
998 if ((msg = sshbuf_new()) == NULL)
999 fatal_f("sshbuf_new failed");
1000
1001 expected_id = id = conn->msg_id++;
1002 if (expand) {
1003 debug2("Sending SSH2_FXP_EXTENDED(expand-path@openssh.com) "
1004 "\"%s\"", path);
1005 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1006 (r = sshbuf_put_u32(msg, id)) != 0 ||
1007 (r = sshbuf_put_cstring(msg,
1008 "expand-path@openssh.com")) != 0 ||
1009 (r = sshbuf_put_cstring(msg, path)) != 0)
1010 fatal_fr(r, "compose %s", what);
1011 send_msg(conn, msg);
1012 } else {
1013 debug2("Sending SSH2_FXP_REALPATH \"%s\"", path);
1014 send_string_request(conn, id, SSH2_FXP_REALPATH,
1015 path, strlen(path));
1016 }
1017 get_msg(conn, msg);
1018 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
1019 (r = sshbuf_get_u32(msg, &id)) != 0)
1020 fatal_fr(r, "parse");
1021
1022 if (id != expected_id)
1023 fatal("ID mismatch (%u != %u)", id, expected_id);
1024
1025 if (type == SSH2_FXP_STATUS) {
1026 u_int status;
1027 char *errmsg;
1028
1029 if ((r = sshbuf_get_u32(msg, &status)) != 0 ||
1030 (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0)
1031 fatal_fr(r, "parse status");
1032 error("%s %s: %s", expand ? "expand" : "realpath",
1033 path, *errmsg == '\0' ? fx2txt(status) : errmsg);
1034 free(errmsg);
1035 sshbuf_free(msg);
1036 return NULL;
1037 } else if (type != SSH2_FXP_NAME)
1038 fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
1039 SSH2_FXP_NAME, type);
1040
1041 if ((r = sshbuf_get_u32(msg, &count)) != 0)
1042 fatal_fr(r, "parse count");
1043 if (count != 1)
1044 fatal("Got multiple names (%d) from %s", count, what);
1045
1046 if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
1047 (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
1048 (r = decode_attrib(msg, &a)) != 0)
1049 fatal_fr(r, "parse filename/attrib");
1050
1051 debug3("%s %s -> %s", what, path, filename);
1052
1053 free(longname);
1054
1055 sshbuf_free(msg);
1056
1057 return(filename);
1058 }
1059
1060 char *
sftp_realpath(struct sftp_conn * conn,const char * path)1061 sftp_realpath(struct sftp_conn *conn, const char *path)
1062 {
1063 return sftp_realpath_expand(conn, path, 0);
1064 }
1065
1066 int
sftp_can_expand_path(struct sftp_conn * conn)1067 sftp_can_expand_path(struct sftp_conn *conn)
1068 {
1069 return (conn->exts & SFTP_EXT_PATH_EXPAND) != 0;
1070 }
1071
1072 char *
sftp_expand_path(struct sftp_conn * conn,const char * path)1073 sftp_expand_path(struct sftp_conn *conn, const char *path)
1074 {
1075 if (!sftp_can_expand_path(conn)) {
1076 debug3_f("no server support, fallback to realpath");
1077 return sftp_realpath_expand(conn, path, 0);
1078 }
1079 return sftp_realpath_expand(conn, path, 1);
1080 }
1081
1082 int
sftp_copy(struct sftp_conn * conn,const char * oldpath,const char * newpath)1083 sftp_copy(struct sftp_conn *conn, const char *oldpath, const char *newpath)
1084 {
1085 Attrib junk, attr;
1086 struct sshbuf *msg;
1087 u_char *old_handle, *new_handle;
1088 u_int mode, status, id;
1089 size_t old_handle_len, new_handle_len;
1090 int r;
1091
1092 /* Return if the extension is not supported */
1093 if ((conn->exts & SFTP_EXT_COPY_DATA) == 0) {
1094 error("Server does not support copy-data extension");
1095 return -1;
1096 }
1097
1098 /* Make sure the file exists, and we can copy its perms */
1099 if (sftp_stat(conn, oldpath, 0, &attr) != 0)
1100 return -1;
1101
1102 /* Do not preserve set[ug]id here, as we do not preserve ownership */
1103 if (attr.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
1104 mode = attr.perm & 0777;
1105
1106 if (!S_ISREG(attr.perm)) {
1107 error("Cannot copy non-regular file: %s", oldpath);
1108 return -1;
1109 }
1110 } else {
1111 /* NB: The user's umask will apply to this */
1112 mode = 0666;
1113 }
1114
1115 /* Set up the new perms for the new file */
1116 attrib_clear(&attr);
1117 attr.perm = mode;
1118 attr.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
1119
1120 if ((msg = sshbuf_new()) == NULL)
1121 fatal("%s: sshbuf_new failed", __func__);
1122
1123 attrib_clear(&junk); /* Send empty attributes */
1124
1125 /* Open the old file for reading */
1126 id = conn->msg_id++;
1127 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
1128 (r = sshbuf_put_u32(msg, id)) != 0 ||
1129 (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1130 (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 ||
1131 (r = encode_attrib(msg, &junk)) != 0)
1132 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1133 send_msg(conn, msg);
1134 debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, oldpath);
1135
1136 sshbuf_reset(msg);
1137
1138 old_handle = get_handle(conn, id, &old_handle_len,
1139 "remote open(\"%s\")", oldpath);
1140 if (old_handle == NULL) {
1141 sshbuf_free(msg);
1142 return -1;
1143 }
1144
1145 /* Open the new file for writing */
1146 id = conn->msg_id++;
1147 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
1148 (r = sshbuf_put_u32(msg, id)) != 0 ||
1149 (r = sshbuf_put_cstring(msg, newpath)) != 0 ||
1150 (r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|
1151 SSH2_FXF_TRUNC)) != 0 ||
1152 (r = encode_attrib(msg, &attr)) != 0)
1153 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1154 send_msg(conn, msg);
1155 debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, newpath);
1156
1157 sshbuf_reset(msg);
1158
1159 new_handle = get_handle(conn, id, &new_handle_len,
1160 "remote open(\"%s\")", newpath);
1161 if (new_handle == NULL) {
1162 sshbuf_free(msg);
1163 free(old_handle);
1164 return -1;
1165 }
1166
1167 /* Copy the file data */
1168 id = conn->msg_id++;
1169 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1170 (r = sshbuf_put_u32(msg, id)) != 0 ||
1171 (r = sshbuf_put_cstring(msg, "copy-data")) != 0 ||
1172 (r = sshbuf_put_string(msg, old_handle, old_handle_len)) != 0 ||
1173 (r = sshbuf_put_u64(msg, 0)) != 0 ||
1174 (r = sshbuf_put_u64(msg, 0)) != 0 ||
1175 (r = sshbuf_put_string(msg, new_handle, new_handle_len)) != 0 ||
1176 (r = sshbuf_put_u64(msg, 0)) != 0)
1177 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1178 send_msg(conn, msg);
1179 debug3("Sent message copy-data \"%s\" 0 0 -> \"%s\" 0",
1180 oldpath, newpath);
1181
1182 status = get_status(conn, id);
1183 if (status != SSH2_FX_OK)
1184 error("Couldn't copy file \"%s\" to \"%s\": %s", oldpath,
1185 newpath, fx2txt(status));
1186
1187 /* Clean up everything */
1188 sshbuf_free(msg);
1189 sftp_close(conn, old_handle, old_handle_len);
1190 sftp_close(conn, new_handle, new_handle_len);
1191 free(old_handle);
1192 free(new_handle);
1193
1194 return status == SSH2_FX_OK ? 0 : -1;
1195 }
1196
1197 int
sftp_rename(struct sftp_conn * conn,const char * oldpath,const char * newpath,int force_legacy)1198 sftp_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath,
1199 int force_legacy)
1200 {
1201 struct sshbuf *msg;
1202 u_int status, id;
1203 int r, use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy;
1204
1205 if ((msg = sshbuf_new()) == NULL)
1206 fatal_f("sshbuf_new failed");
1207
1208 /* Send rename request */
1209 id = conn->msg_id++;
1210 if (use_ext) {
1211 debug2("Sending SSH2_FXP_EXTENDED(posix-rename@openssh.com) "
1212 "\"%s\" to \"%s\"", oldpath, newpath);
1213 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1214 (r = sshbuf_put_u32(msg, id)) != 0 ||
1215 (r = sshbuf_put_cstring(msg,
1216 "posix-rename@openssh.com")) != 0)
1217 fatal_fr(r, "compose posix-rename");
1218 } else {
1219 debug2("Sending SSH2_FXP_RENAME \"%s\" to \"%s\"",
1220 oldpath, newpath);
1221 if ((r = sshbuf_put_u8(msg, SSH2_FXP_RENAME)) != 0 ||
1222 (r = sshbuf_put_u32(msg, id)) != 0)
1223 fatal_fr(r, "compose rename");
1224 }
1225 if ((r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1226 (r = sshbuf_put_cstring(msg, newpath)) != 0)
1227 fatal_fr(r, "compose paths");
1228 send_msg(conn, msg);
1229 debug3("Sent message %s \"%s\" -> \"%s\"",
1230 use_ext ? "posix-rename@openssh.com" :
1231 "SSH2_FXP_RENAME", oldpath, newpath);
1232 sshbuf_free(msg);
1233
1234 status = get_status(conn, id);
1235 if (status != SSH2_FX_OK)
1236 error("remote rename \"%s\" to \"%s\": %s", oldpath,
1237 newpath, fx2txt(status));
1238
1239 return status == SSH2_FX_OK ? 0 : -1;
1240 }
1241
1242 int
sftp_hardlink(struct sftp_conn * conn,const char * oldpath,const char * newpath)1243 sftp_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
1244 {
1245 struct sshbuf *msg;
1246 u_int status, id;
1247 int r;
1248
1249 if ((conn->exts & SFTP_EXT_HARDLINK) == 0) {
1250 error("Server does not support hardlink@openssh.com extension");
1251 return -1;
1252 }
1253 debug2("Sending SSH2_FXP_EXTENDED(hardlink@openssh.com) "
1254 "\"%s\" to \"%s\"", oldpath, newpath);
1255
1256 if ((msg = sshbuf_new()) == NULL)
1257 fatal_f("sshbuf_new failed");
1258
1259 /* Send link request */
1260 id = conn->msg_id++;
1261 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1262 (r = sshbuf_put_u32(msg, id)) != 0 ||
1263 (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 ||
1264 (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1265 (r = sshbuf_put_cstring(msg, newpath)) != 0)
1266 fatal_fr(r, "compose");
1267 send_msg(conn, msg);
1268 debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"",
1269 oldpath, newpath);
1270 sshbuf_free(msg);
1271
1272 status = get_status(conn, id);
1273 if (status != SSH2_FX_OK)
1274 error("remote link \"%s\" to \"%s\": %s", oldpath,
1275 newpath, fx2txt(status));
1276
1277 return status == SSH2_FX_OK ? 0 : -1;
1278 }
1279
1280 int
sftp_symlink(struct sftp_conn * conn,const char * oldpath,const char * newpath)1281 sftp_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
1282 {
1283 struct sshbuf *msg;
1284 u_int status, id;
1285 int r;
1286
1287 if (conn->version < 3) {
1288 error("This server does not support the symlink operation");
1289 return(SSH2_FX_OP_UNSUPPORTED);
1290 }
1291 debug2("Sending SSH2_FXP_SYMLINK \"%s\" to \"%s\"", oldpath, newpath);
1292
1293 if ((msg = sshbuf_new()) == NULL)
1294 fatal_f("sshbuf_new failed");
1295
1296 /* Send symlink request */
1297 id = conn->msg_id++;
1298 if ((r = sshbuf_put_u8(msg, SSH2_FXP_SYMLINK)) != 0 ||
1299 (r = sshbuf_put_u32(msg, id)) != 0 ||
1300 (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1301 (r = sshbuf_put_cstring(msg, newpath)) != 0)
1302 fatal_fr(r, "compose");
1303 send_msg(conn, msg);
1304 debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath,
1305 newpath);
1306 sshbuf_free(msg);
1307
1308 status = get_status(conn, id);
1309 if (status != SSH2_FX_OK)
1310 error("remote symlink file \"%s\" to \"%s\": %s", oldpath,
1311 newpath, fx2txt(status));
1312
1313 return status == SSH2_FX_OK ? 0 : -1;
1314 }
1315
1316 int
sftp_fsync(struct sftp_conn * conn,u_char * handle,u_int handle_len)1317 sftp_fsync(struct sftp_conn *conn, u_char *handle, u_int handle_len)
1318 {
1319 struct sshbuf *msg;
1320 u_int status, id;
1321 int r;
1322
1323 /* Silently return if the extension is not supported */
1324 if ((conn->exts & SFTP_EXT_FSYNC) == 0)
1325 return -1;
1326 debug2("Sending SSH2_FXP_EXTENDED(fsync@openssh.com)");
1327
1328 /* Send fsync request */
1329 if ((msg = sshbuf_new()) == NULL)
1330 fatal_f("sshbuf_new failed");
1331 id = conn->msg_id++;
1332 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1333 (r = sshbuf_put_u32(msg, id)) != 0 ||
1334 (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
1335 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
1336 fatal_fr(r, "compose");
1337 send_msg(conn, msg);
1338 debug3("Sent message fsync@openssh.com I:%u", id);
1339 sshbuf_free(msg);
1340
1341 status = get_status(conn, id);
1342 if (status != SSH2_FX_OK)
1343 error("remote fsync: %s", fx2txt(status));
1344
1345 return status == SSH2_FX_OK ? 0 : -1;
1346 }
1347
1348 #ifdef notyet
1349 char *
sftp_readlink(struct sftp_conn * conn,const char * path)1350 sftp_readlink(struct sftp_conn *conn, const char *path)
1351 {
1352 struct sshbuf *msg;
1353 u_int expected_id, count, id;
1354 char *filename, *longname;
1355 Attrib a;
1356 u_char type;
1357 int r;
1358
1359 debug2("Sending SSH2_FXP_READLINK \"%s\"", path);
1360
1361 expected_id = id = conn->msg_id++;
1362 send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path));
1363
1364 if ((msg = sshbuf_new()) == NULL)
1365 fatal_f("sshbuf_new failed");
1366
1367 get_msg(conn, msg);
1368 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
1369 (r = sshbuf_get_u32(msg, &id)) != 0)
1370 fatal_fr(r, "parse");
1371
1372 if (id != expected_id)
1373 fatal("ID mismatch (%u != %u)", id, expected_id);
1374
1375 if (type == SSH2_FXP_STATUS) {
1376 u_int status;
1377
1378 if ((r = sshbuf_get_u32(msg, &status)) != 0)
1379 fatal_fr(r, "parse status");
1380 error("Couldn't readlink: %s", fx2txt(status));
1381 sshbuf_free(msg);
1382 return(NULL);
1383 } else if (type != SSH2_FXP_NAME)
1384 fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
1385 SSH2_FXP_NAME, type);
1386
1387 if ((r = sshbuf_get_u32(msg, &count)) != 0)
1388 fatal_fr(r, "parse count");
1389 if (count != 1)
1390 fatal("Got multiple names (%d) from SSH_FXP_READLINK", count);
1391
1392 if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
1393 (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
1394 (r = decode_attrib(msg, &a)) != 0)
1395 fatal_fr(r, "parse filenames/attrib");
1396
1397 debug3("SSH_FXP_READLINK %s -> %s", path, filename);
1398
1399 free(longname);
1400
1401 sshbuf_free(msg);
1402
1403 return filename;
1404 }
1405 #endif
1406
1407 int
sftp_statvfs(struct sftp_conn * conn,const char * path,struct sftp_statvfs * st,int quiet)1408 sftp_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st,
1409 int quiet)
1410 {
1411 struct sshbuf *msg;
1412 u_int id;
1413 int r;
1414
1415 if ((conn->exts & SFTP_EXT_STATVFS) == 0) {
1416 error("Server does not support statvfs@openssh.com extension");
1417 return -1;
1418 }
1419
1420 debug2("Sending SSH2_FXP_EXTENDED(statvfs@openssh.com) \"%s\"", path);
1421
1422 id = conn->msg_id++;
1423
1424 if ((msg = sshbuf_new()) == NULL)
1425 fatal_f("sshbuf_new failed");
1426 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1427 (r = sshbuf_put_u32(msg, id)) != 0 ||
1428 (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
1429 (r = sshbuf_put_cstring(msg, path)) != 0)
1430 fatal_fr(r, "compose");
1431 send_msg(conn, msg);
1432 sshbuf_free(msg);
1433
1434 return get_decode_statvfs(conn, st, id, quiet);
1435 }
1436
1437 #ifdef notyet
1438 int
sftp_fstatvfs(struct sftp_conn * conn,const u_char * handle,u_int handle_len,struct sftp_statvfs * st,int quiet)1439 sftp_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
1440 struct sftp_statvfs *st, int quiet)
1441 {
1442 struct sshbuf *msg;
1443 u_int id;
1444
1445 if ((conn->exts & SFTP_EXT_FSTATVFS) == 0) {
1446 error("Server does not support fstatvfs@openssh.com extension");
1447 return -1;
1448 }
1449
1450 debug2("Sending SSH2_FXP_EXTENDED(fstatvfs@openssh.com)");
1451
1452 id = conn->msg_id++;
1453
1454 if ((msg = sshbuf_new()) == NULL)
1455 fatal_f("sshbuf_new failed");
1456 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1457 (r = sshbuf_put_u32(msg, id)) != 0 ||
1458 (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
1459 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
1460 fatal_fr(r, "compose");
1461 send_msg(conn, msg);
1462 sshbuf_free(msg);
1463
1464 return get_decode_statvfs(conn, st, id, quiet);
1465 }
1466 #endif
1467
1468 int
sftp_lsetstat(struct sftp_conn * conn,const char * path,Attrib * a)1469 sftp_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a)
1470 {
1471 struct sshbuf *msg;
1472 u_int status, id;
1473 int r;
1474
1475 if ((conn->exts & SFTP_EXT_LSETSTAT) == 0) {
1476 error("Server does not support lsetstat@openssh.com extension");
1477 return -1;
1478 }
1479
1480 debug2("Sending SSH2_FXP_EXTENDED(lsetstat@openssh.com) \"%s\"", path);
1481
1482 id = conn->msg_id++;
1483 if ((msg = sshbuf_new()) == NULL)
1484 fatal_f("sshbuf_new failed");
1485 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1486 (r = sshbuf_put_u32(msg, id)) != 0 ||
1487 (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
1488 (r = sshbuf_put_cstring(msg, path)) != 0 ||
1489 (r = encode_attrib(msg, a)) != 0)
1490 fatal_fr(r, "compose");
1491 send_msg(conn, msg);
1492 sshbuf_free(msg);
1493
1494 status = get_status(conn, id);
1495 if (status != SSH2_FX_OK)
1496 error("remote lsetstat \"%s\": %s", path, fx2txt(status));
1497
1498 return status == SSH2_FX_OK ? 0 : -1;
1499 }
1500
1501 static void
send_read_request(struct sftp_conn * conn,u_int id,u_int64_t offset,u_int len,const u_char * handle,u_int handle_len)1502 send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
1503 u_int len, const u_char *handle, u_int handle_len)
1504 {
1505 struct sshbuf *msg;
1506 int r;
1507
1508 if ((msg = sshbuf_new()) == NULL)
1509 fatal_f("sshbuf_new failed");
1510 if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 ||
1511 (r = sshbuf_put_u32(msg, id)) != 0 ||
1512 (r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||
1513 (r = sshbuf_put_u64(msg, offset)) != 0 ||
1514 (r = sshbuf_put_u32(msg, len)) != 0)
1515 fatal_fr(r, "compose");
1516 send_msg(conn, msg);
1517 sshbuf_free(msg);
1518 }
1519
1520 static int
send_open(struct sftp_conn * conn,const char * path,const char * tag,u_int openmode,Attrib * a,u_char ** handlep,size_t * handle_lenp)1521 send_open(struct sftp_conn *conn, const char *path, const char *tag,
1522 u_int openmode, Attrib *a, u_char **handlep, size_t *handle_lenp)
1523 {
1524 Attrib junk;
1525 u_char *handle;
1526 size_t handle_len;
1527 struct sshbuf *msg;
1528 int r;
1529 u_int id;
1530
1531 debug2("Sending SSH2_FXP_OPEN \"%s\"", path);
1532
1533 *handlep = NULL;
1534 *handle_lenp = 0;
1535
1536 if (a == NULL) {
1537 attrib_clear(&junk); /* Send empty attributes */
1538 a = &junk;
1539 }
1540 /* Send open request */
1541 if ((msg = sshbuf_new()) == NULL)
1542 fatal_f("sshbuf_new failed");
1543 id = conn->msg_id++;
1544 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
1545 (r = sshbuf_put_u32(msg, id)) != 0 ||
1546 (r = sshbuf_put_cstring(msg, path)) != 0 ||
1547 (r = sshbuf_put_u32(msg, openmode)) != 0 ||
1548 (r = encode_attrib(msg, a)) != 0)
1549 fatal_fr(r, "compose %s open", tag);
1550 send_msg(conn, msg);
1551 sshbuf_free(msg);
1552 debug3("Sent %s message SSH2_FXP_OPEN I:%u P:%s M:0x%04x",
1553 tag, id, path, openmode);
1554 if ((handle = get_handle(conn, id, &handle_len,
1555 "%s open \"%s\"", tag, path)) == NULL)
1556 return -1;
1557 /* success */
1558 *handlep = handle;
1559 *handle_lenp = handle_len;
1560 return 0;
1561 }
1562
1563 static const char *
progress_meter_path(const char * path)1564 progress_meter_path(const char *path)
1565 {
1566 const char *progresspath;
1567
1568 if ((progresspath = strrchr(path, '/')) == NULL)
1569 return path;
1570 progresspath++;
1571 if (*progresspath == '\0')
1572 return path;
1573 return progresspath;
1574 }
1575
1576 int
sftp_download(struct sftp_conn * conn,const char * remote_path,const char * local_path,Attrib * a,int preserve_flag,int resume_flag,int fsync_flag,int inplace_flag)1577 sftp_download(struct sftp_conn *conn, const char *remote_path,
1578 const char *local_path, Attrib *a, int preserve_flag, int resume_flag,
1579 int fsync_flag, int inplace_flag)
1580 {
1581 struct sshbuf *msg;
1582 u_char *handle;
1583 int local_fd = -1, write_error;
1584 int read_error, write_errno, lmodified = 0, reordered = 0, r;
1585 u_int64_t offset = 0, size, highwater = 0, maxack = 0;
1586 u_int mode, id, buflen, num_req, max_req, status = SSH2_FX_OK;
1587 off_t progress_counter;
1588 size_t handle_len;
1589 struct stat st;
1590 struct requests requests;
1591 struct request *req;
1592 u_char type;
1593 Attrib attr;
1594
1595 debug2_f("download remote \"%s\" to local \"%s\"",
1596 remote_path, local_path);
1597
1598 TAILQ_INIT(&requests);
1599
1600 if (a == NULL) {
1601 if (sftp_stat(conn, remote_path, 0, &attr) != 0)
1602 return -1;
1603 a = &attr;
1604 }
1605
1606 /* Do not preserve set[ug]id here, as we do not preserve ownership */
1607 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
1608 mode = a->perm & 0777;
1609 else
1610 mode = 0666;
1611
1612 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
1613 (!S_ISREG(a->perm))) {
1614 error("download %s: not a regular file", remote_path);
1615 return(-1);
1616 }
1617
1618 if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
1619 size = a->size;
1620 else
1621 size = 0;
1622
1623 buflen = conn->download_buflen;
1624
1625 /* Send open request */
1626 if (send_open(conn, remote_path, "remote", SSH2_FXF_READ, NULL,
1627 &handle, &handle_len) != 0)
1628 return -1;
1629
1630 local_fd = open(local_path, O_WRONLY | O_CREAT |
1631 ((resume_flag || inplace_flag) ? 0 : O_TRUNC), mode | S_IWUSR);
1632 if (local_fd == -1) {
1633 error("open local \"%s\": %s", local_path, strerror(errno));
1634 goto fail;
1635 }
1636 if (resume_flag) {
1637 if (fstat(local_fd, &st) == -1) {
1638 error("stat local \"%s\": %s",
1639 local_path, strerror(errno));
1640 goto fail;
1641 }
1642 if (st.st_size < 0) {
1643 error("\"%s\" has negative size", local_path);
1644 goto fail;
1645 }
1646 if ((u_int64_t)st.st_size > size) {
1647 error("Unable to resume download of \"%s\": "
1648 "local file is larger than remote", local_path);
1649 fail:
1650 sftp_close(conn, handle, handle_len);
1651 free(handle);
1652 if (local_fd != -1)
1653 close(local_fd);
1654 return -1;
1655 }
1656 offset = highwater = maxack = st.st_size;
1657 }
1658
1659 /* Read from remote and write to local */
1660 write_error = read_error = write_errno = num_req = 0;
1661 max_req = 1;
1662 progress_counter = offset;
1663
1664 if (showprogress && size != 0) {
1665 start_progress_meter(progress_meter_path(remote_path),
1666 size, &progress_counter);
1667 }
1668
1669 if ((msg = sshbuf_new()) == NULL)
1670 fatal_f("sshbuf_new failed");
1671
1672 while (num_req > 0 || max_req > 0) {
1673 u_char *data;
1674 size_t len;
1675
1676 /*
1677 * Simulate EOF on interrupt: stop sending new requests and
1678 * allow outstanding requests to drain gracefully
1679 */
1680 if (interrupted) {
1681 if (num_req == 0) /* If we haven't started yet... */
1682 break;
1683 max_req = 0;
1684 }
1685
1686 /* Send some more requests */
1687 while (num_req < max_req) {
1688 debug3("Request range %llu -> %llu (%d/%d)",
1689 (unsigned long long)offset,
1690 (unsigned long long)offset + buflen - 1,
1691 num_req, max_req);
1692 req = request_enqueue(&requests, conn->msg_id++,
1693 buflen, offset);
1694 offset += buflen;
1695 num_req++;
1696 send_read_request(conn, req->id, req->offset,
1697 req->len, handle, handle_len);
1698 }
1699
1700 sshbuf_reset(msg);
1701 get_msg(conn, msg);
1702 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
1703 (r = sshbuf_get_u32(msg, &id)) != 0)
1704 fatal_fr(r, "parse");
1705 debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
1706
1707 /* Find the request in our queue */
1708 if ((req = request_find(&requests, id)) == NULL)
1709 fatal("Unexpected reply %u", id);
1710
1711 switch (type) {
1712 case SSH2_FXP_STATUS:
1713 if ((r = sshbuf_get_u32(msg, &status)) != 0)
1714 fatal_fr(r, "parse status");
1715 if (status != SSH2_FX_EOF)
1716 read_error = 1;
1717 max_req = 0;
1718 TAILQ_REMOVE(&requests, req, tq);
1719 free(req);
1720 num_req--;
1721 break;
1722 case SSH2_FXP_DATA:
1723 if ((r = sshbuf_get_string(msg, &data, &len)) != 0)
1724 fatal_fr(r, "parse data");
1725 debug3("Received data %llu -> %llu",
1726 (unsigned long long)req->offset,
1727 (unsigned long long)req->offset + len - 1);
1728 if (len > req->len)
1729 fatal("Received more data than asked for "
1730 "%zu > %zu", len, req->len);
1731 lmodified = 1;
1732 if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
1733 atomicio(vwrite, local_fd, data, len) != len) &&
1734 !write_error) {
1735 write_errno = errno;
1736 write_error = 1;
1737 max_req = 0;
1738 } else {
1739 /*
1740 * Track both the highest offset acknowledged
1741 * and the highest *contiguous* offset
1742 * acknowledged.
1743 * We'll need the latter for ftruncate()ing
1744 * interrupted transfers.
1745 */
1746 if (maxack < req->offset + len)
1747 maxack = req->offset + len;
1748 if (!reordered && req->offset <= highwater)
1749 highwater = maxack;
1750 else if (!reordered && req->offset > highwater)
1751 reordered = 1;
1752 }
1753 progress_counter += len;
1754 free(data);
1755
1756 if (len == req->len) {
1757 TAILQ_REMOVE(&requests, req, tq);
1758 free(req);
1759 num_req--;
1760 } else {
1761 /* Resend the request for the missing data */
1762 debug3("Short data block, re-requesting "
1763 "%llu -> %llu (%2d)",
1764 (unsigned long long)req->offset + len,
1765 (unsigned long long)req->offset +
1766 req->len - 1, num_req);
1767 req->id = conn->msg_id++;
1768 req->len -= len;
1769 req->offset += len;
1770 send_read_request(conn, req->id,
1771 req->offset, req->len, handle, handle_len);
1772 /* Reduce the request size */
1773 if (len < buflen)
1774 buflen = MAXIMUM(MIN_READ_SIZE, len);
1775 }
1776 if (max_req > 0) { /* max_req = 0 iff EOF received */
1777 if (size > 0 && offset > size) {
1778 /* Only one request at a time
1779 * after the expected EOF */
1780 debug3("Finish at %llu (%2d)",
1781 (unsigned long long)offset,
1782 num_req);
1783 max_req = 1;
1784 } else if (max_req < conn->num_requests) {
1785 ++max_req;
1786 }
1787 }
1788 break;
1789 default:
1790 fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
1791 SSH2_FXP_DATA, type);
1792 }
1793 }
1794
1795 if (showprogress && size)
1796 stop_progress_meter();
1797
1798 /* Sanity check */
1799 if (TAILQ_FIRST(&requests) != NULL)
1800 fatal("Transfer complete, but requests still in queue");
1801
1802 if (!read_error && !write_error && !interrupted) {
1803 /* we got everything */
1804 highwater = maxack;
1805 }
1806
1807 /*
1808 * Truncate at highest contiguous point to avoid holes on interrupt,
1809 * or unconditionally if writing in place.
1810 */
1811 if (inplace_flag || read_error || write_error || interrupted) {
1812 if (reordered && resume_flag &&
1813 (read_error || write_error || interrupted)) {
1814 error("Unable to resume download of \"%s\": "
1815 "server reordered requests", local_path);
1816 }
1817 debug("truncating at %llu", (unsigned long long)highwater);
1818 if (ftruncate(local_fd, highwater) == -1)
1819 error("local ftruncate \"%s\": %s", local_path,
1820 strerror(errno));
1821 }
1822 if (read_error) {
1823 error("read remote \"%s\" : %s", remote_path, fx2txt(status));
1824 status = -1;
1825 sftp_close(conn, handle, handle_len);
1826 } else if (write_error) {
1827 error("write local \"%s\": %s", local_path,
1828 strerror(write_errno));
1829 status = SSH2_FX_FAILURE;
1830 sftp_close(conn, handle, handle_len);
1831 } else {
1832 if (sftp_close(conn, handle, handle_len) != 0 || interrupted)
1833 status = SSH2_FX_FAILURE;
1834 else
1835 status = SSH2_FX_OK;
1836 /* Override umask and utimes if asked */
1837 if (preserve_flag && fchmod(local_fd, mode) == -1)
1838 error("local chmod \"%s\": %s", local_path,
1839 strerror(errno));
1840 if (preserve_flag &&
1841 (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
1842 struct timeval tv[2];
1843 tv[0].tv_sec = a->atime;
1844 tv[1].tv_sec = a->mtime;
1845 tv[0].tv_usec = tv[1].tv_usec = 0;
1846 if (utimes(local_path, tv) == -1)
1847 error("local set times \"%s\": %s",
1848 local_path, strerror(errno));
1849 }
1850 if (resume_flag && !lmodified)
1851 logit("File \"%s\" was not modified", local_path);
1852 else if (fsync_flag) {
1853 debug("syncing \"%s\"", local_path);
1854 if (fsync(local_fd) == -1)
1855 error("local sync \"%s\": %s",
1856 local_path, strerror(errno));
1857 }
1858 }
1859 close(local_fd);
1860 sshbuf_free(msg);
1861 free(handle);
1862
1863 return status == SSH2_FX_OK ? 0 : -1;
1864 }
1865
1866 static int
download_dir_internal(struct sftp_conn * conn,const char * src,const char * dst,int depth,Attrib * dirattrib,int preserve_flag,int print_flag,int resume_flag,int fsync_flag,int follow_link_flag,int inplace_flag)1867 download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
1868 int depth, Attrib *dirattrib, int preserve_flag, int print_flag,
1869 int resume_flag, int fsync_flag, int follow_link_flag, int inplace_flag)
1870 {
1871 int i, ret = 0;
1872 SFTP_DIRENT **dir_entries;
1873 char *filename, *new_src = NULL, *new_dst = NULL;
1874 mode_t mode = 0777, tmpmode = mode;
1875 Attrib *a, ldirattrib, lsym;
1876
1877 if (depth >= MAX_DIR_DEPTH) {
1878 error("Maximum directory depth exceeded: %d levels", depth);
1879 return -1;
1880 }
1881
1882 debug2_f("download dir remote \"%s\" to local \"%s\"", src, dst);
1883
1884 if (dirattrib == NULL) {
1885 if (sftp_stat(conn, src, 1, &ldirattrib) != 0) {
1886 error("stat remote \"%s\" directory failed", src);
1887 return -1;
1888 }
1889 dirattrib = &ldirattrib;
1890 }
1891 if (!S_ISDIR(dirattrib->perm)) {
1892 error("\"%s\" is not a directory", src);
1893 return -1;
1894 }
1895 if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
1896 mprintf("Retrieving %s\n", src);
1897
1898 if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
1899 mode = dirattrib->perm & 01777;
1900 tmpmode = mode | (S_IWUSR|S_IXUSR);
1901 } else {
1902 debug("download remote \"%s\": server "
1903 "did not send permissions", dst);
1904 }
1905
1906 if (mkdir(dst, tmpmode) == -1 && errno != EEXIST) {
1907 error("mkdir %s: %s", dst, strerror(errno));
1908 return -1;
1909 }
1910
1911 if (sftp_readdir(conn, src, &dir_entries) == -1) {
1912 error("remote readdir \"%s\" failed", src);
1913 return -1;
1914 }
1915
1916 for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {
1917 free(new_dst);
1918 free(new_src);
1919
1920 filename = dir_entries[i]->filename;
1921 new_dst = sftp_path_append(dst, filename);
1922 new_src = sftp_path_append(src, filename);
1923
1924 a = &dir_entries[i]->a;
1925 if (S_ISLNK(a->perm)) {
1926 if (!follow_link_flag) {
1927 logit("download \"%s\": not a regular file",
1928 new_src);
1929 continue;
1930 }
1931 /* Replace the stat contents with the symlink target */
1932 if (sftp_stat(conn, new_src, 1, &lsym) != 0) {
1933 logit("remote stat \"%s\" failed", new_src);
1934 ret = -1;
1935 continue;
1936 }
1937 a = &lsym;
1938 }
1939
1940 if (S_ISDIR(a->perm)) {
1941 if (strcmp(filename, ".") == 0 ||
1942 strcmp(filename, "..") == 0)
1943 continue;
1944 if (download_dir_internal(conn, new_src, new_dst,
1945 depth + 1, a, preserve_flag,
1946 print_flag, resume_flag,
1947 fsync_flag, follow_link_flag, inplace_flag) == -1)
1948 ret = -1;
1949 } else if (S_ISREG(a->perm)) {
1950 if (sftp_download(conn, new_src, new_dst, a,
1951 preserve_flag, resume_flag, fsync_flag,
1952 inplace_flag) == -1) {
1953 error("Download of file %s to %s failed",
1954 new_src, new_dst);
1955 ret = -1;
1956 }
1957 } else
1958 logit("download \"%s\": not a regular file", new_src);
1959
1960 }
1961 free(new_dst);
1962 free(new_src);
1963
1964 if (preserve_flag) {
1965 if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
1966 struct timeval tv[2];
1967 tv[0].tv_sec = dirattrib->atime;
1968 tv[1].tv_sec = dirattrib->mtime;
1969 tv[0].tv_usec = tv[1].tv_usec = 0;
1970 if (utimes(dst, tv) == -1)
1971 error("local set times on \"%s\": %s",
1972 dst, strerror(errno));
1973 } else
1974 debug("Server did not send times for directory "
1975 "\"%s\"", dst);
1976 }
1977
1978 if (mode != tmpmode && chmod(dst, mode) == -1)
1979 error("local chmod directory \"%s\": %s", dst,
1980 strerror(errno));
1981
1982 sftp_free_dirents(dir_entries);
1983
1984 return ret;
1985 }
1986
1987 int
sftp_download_dir(struct sftp_conn * conn,const char * src,const char * dst,Attrib * dirattrib,int preserve_flag,int print_flag,int resume_flag,int fsync_flag,int follow_link_flag,int inplace_flag)1988 sftp_download_dir(struct sftp_conn *conn, const char *src, const char *dst,
1989 Attrib *dirattrib, int preserve_flag, int print_flag, int resume_flag,
1990 int fsync_flag, int follow_link_flag, int inplace_flag)
1991 {
1992 char *src_canon;
1993 int ret;
1994
1995 if ((src_canon = sftp_realpath(conn, src)) == NULL) {
1996 error("download \"%s\": path canonicalization failed", src);
1997 return -1;
1998 }
1999
2000 ret = download_dir_internal(conn, src_canon, dst, 0,
2001 dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag,
2002 follow_link_flag, inplace_flag);
2003 free(src_canon);
2004 return ret;
2005 }
2006
2007 int
sftp_upload(struct sftp_conn * conn,const char * local_path,const char * remote_path,int preserve_flag,int resume,int fsync_flag,int inplace_flag)2008 sftp_upload(struct sftp_conn *conn, const char *local_path,
2009 const char *remote_path, int preserve_flag, int resume,
2010 int fsync_flag, int inplace_flag)
2011 {
2012 int r, local_fd;
2013 u_int openmode, id, status = SSH2_FX_OK, reordered = 0;
2014 off_t offset, progress_counter;
2015 u_char type, *handle, *data;
2016 struct sshbuf *msg;
2017 struct stat sb;
2018 Attrib a, t, c;
2019 u_int32_t startid, ackid;
2020 u_int64_t highwater = 0, maxack = 0;
2021 struct request *ack = NULL;
2022 struct requests acks;
2023 size_t handle_len;
2024
2025 debug2_f("upload local \"%s\" to remote \"%s\"",
2026 local_path, remote_path);
2027
2028 TAILQ_INIT(&acks);
2029
2030 if ((local_fd = open(local_path, O_RDONLY)) == -1) {
2031 error("open local \"%s\": %s", local_path, strerror(errno));
2032 return(-1);
2033 }
2034 if (fstat(local_fd, &sb) == -1) {
2035 error("fstat local \"%s\": %s", local_path, strerror(errno));
2036 close(local_fd);
2037 return(-1);
2038 }
2039 if (!S_ISREG(sb.st_mode)) {
2040 error("local \"%s\" is not a regular file", local_path);
2041 close(local_fd);
2042 return(-1);
2043 }
2044 stat_to_attrib(&sb, &a);
2045
2046 a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2047 a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2048 a.perm &= 0777;
2049 if (!preserve_flag)
2050 a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
2051
2052 if (resume) {
2053 /* Get remote file size if it exists */
2054 if (sftp_stat(conn, remote_path, 0, &c) != 0) {
2055 close(local_fd);
2056 return -1;
2057 }
2058
2059 if ((off_t)c.size >= sb.st_size) {
2060 error("resume \"%s\": destination file "
2061 "same size or larger", local_path);
2062 close(local_fd);
2063 return -1;
2064 }
2065
2066 if (lseek(local_fd, (off_t)c.size, SEEK_SET) == -1) {
2067 close(local_fd);
2068 return -1;
2069 }
2070 }
2071
2072 openmode = SSH2_FXF_WRITE|SSH2_FXF_CREAT;
2073 if (resume)
2074 openmode |= SSH2_FXF_APPEND;
2075 else if (!inplace_flag)
2076 openmode |= SSH2_FXF_TRUNC;
2077
2078 /* Send open request */
2079 if (send_open(conn, remote_path, "dest", openmode, &a,
2080 &handle, &handle_len) != 0) {
2081 close(local_fd);
2082 return -1;
2083 }
2084
2085 id = conn->msg_id;
2086 startid = ackid = id + 1;
2087 data = xmalloc(conn->upload_buflen);
2088
2089 /* Read from local and write to remote */
2090 offset = progress_counter = (resume ? c.size : 0);
2091 if (showprogress) {
2092 start_progress_meter(progress_meter_path(local_path),
2093 sb.st_size, &progress_counter);
2094 }
2095
2096 if ((msg = sshbuf_new()) == NULL)
2097 fatal_f("sshbuf_new failed");
2098 for (;;) {
2099 int len;
2100
2101 /*
2102 * Can't use atomicio here because it returns 0 on EOF,
2103 * thus losing the last block of the file.
2104 * Simulate an EOF on interrupt, allowing ACKs from the
2105 * server to drain.
2106 */
2107 if (interrupted || status != SSH2_FX_OK)
2108 len = 0;
2109 else do
2110 len = read(local_fd, data, conn->upload_buflen);
2111 while ((len == -1) && (errno == EINTR || errno == EAGAIN));
2112
2113 if (len == -1) {
2114 fatal("read local \"%s\": %s",
2115 local_path, strerror(errno));
2116 } else if (len != 0) {
2117 ack = request_enqueue(&acks, ++id, len, offset);
2118 sshbuf_reset(msg);
2119 if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 ||
2120 (r = sshbuf_put_u32(msg, ack->id)) != 0 ||
2121 (r = sshbuf_put_string(msg, handle,
2122 handle_len)) != 0 ||
2123 (r = sshbuf_put_u64(msg, offset)) != 0 ||
2124 (r = sshbuf_put_string(msg, data, len)) != 0)
2125 fatal_fr(r, "compose");
2126 send_msg(conn, msg);
2127 debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
2128 id, (unsigned long long)offset, len);
2129 } else if (TAILQ_FIRST(&acks) == NULL)
2130 break;
2131
2132 if (ack == NULL)
2133 fatal("Unexpected ACK %u", id);
2134
2135 if (id == startid || len == 0 ||
2136 id - ackid >= conn->num_requests) {
2137 u_int rid;
2138
2139 sshbuf_reset(msg);
2140 get_msg(conn, msg);
2141 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2142 (r = sshbuf_get_u32(msg, &rid)) != 0)
2143 fatal_fr(r, "parse");
2144
2145 if (type != SSH2_FXP_STATUS)
2146 fatal("Expected SSH2_FXP_STATUS(%d) packet, "
2147 "got %d", SSH2_FXP_STATUS, type);
2148
2149 if ((r = sshbuf_get_u32(msg, &status)) != 0)
2150 fatal_fr(r, "parse status");
2151 debug3("SSH2_FXP_STATUS %u", status);
2152
2153 /* Find the request in our queue */
2154 if ((ack = request_find(&acks, rid)) == NULL)
2155 fatal("Can't find request for ID %u", rid);
2156 TAILQ_REMOVE(&acks, ack, tq);
2157 debug3("In write loop, ack for %u %zu bytes at %lld",
2158 ack->id, ack->len, (unsigned long long)ack->offset);
2159 ++ackid;
2160 progress_counter += ack->len;
2161 /*
2162 * Track both the highest offset acknowledged and the
2163 * highest *contiguous* offset acknowledged.
2164 * We'll need the latter for ftruncate()ing
2165 * interrupted transfers.
2166 */
2167 if (maxack < ack->offset + ack->len)
2168 maxack = ack->offset + ack->len;
2169 if (!reordered && ack->offset <= highwater)
2170 highwater = maxack;
2171 else if (!reordered && ack->offset > highwater) {
2172 debug3_f("server reordered ACKs");
2173 reordered = 1;
2174 }
2175 free(ack);
2176 }
2177 offset += len;
2178 if (offset < 0)
2179 fatal_f("offset < 0");
2180 }
2181 sshbuf_free(msg);
2182
2183 if (showprogress)
2184 stop_progress_meter();
2185 free(data);
2186
2187 if (status == SSH2_FX_OK && !interrupted) {
2188 /* we got everything */
2189 highwater = maxack;
2190 }
2191 if (status != SSH2_FX_OK) {
2192 error("write remote \"%s\": %s", remote_path, fx2txt(status));
2193 status = SSH2_FX_FAILURE;
2194 }
2195
2196 if (inplace_flag || (resume && (status != SSH2_FX_OK || interrupted))) {
2197 debug("truncating at %llu", (unsigned long long)highwater);
2198 attrib_clear(&t);
2199 t.flags = SSH2_FILEXFER_ATTR_SIZE;
2200 t.size = highwater;
2201 sftp_fsetstat(conn, handle, handle_len, &t);
2202 }
2203
2204 if (close(local_fd) == -1) {
2205 error("close local \"%s\": %s", local_path, strerror(errno));
2206 status = SSH2_FX_FAILURE;
2207 }
2208
2209 /* Override umask and utimes if asked */
2210 if (preserve_flag)
2211 sftp_fsetstat(conn, handle, handle_len, &a);
2212
2213 if (fsync_flag)
2214 (void)sftp_fsync(conn, handle, handle_len);
2215
2216 if (sftp_close(conn, handle, handle_len) != 0)
2217 status = SSH2_FX_FAILURE;
2218
2219 free(handle);
2220
2221 return status == SSH2_FX_OK ? 0 : -1;
2222 }
2223
2224 static int
upload_dir_internal(struct sftp_conn * conn,const char * src,const char * dst,int depth,int preserve_flag,int print_flag,int resume,int fsync_flag,int follow_link_flag,int inplace_flag)2225 upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
2226 int depth, int preserve_flag, int print_flag, int resume, int fsync_flag,
2227 int follow_link_flag, int inplace_flag)
2228 {
2229 int ret = 0;
2230 DIR *dirp;
2231 struct dirent *dp;
2232 char *filename, *new_src = NULL, *new_dst = NULL;
2233 struct stat sb;
2234 Attrib a, dirattrib;
2235 u_int32_t saved_perm;
2236
2237 debug2_f("upload local dir \"%s\" to remote \"%s\"", src, dst);
2238
2239 if (depth >= MAX_DIR_DEPTH) {
2240 error("Maximum directory depth exceeded: %d levels", depth);
2241 return -1;
2242 }
2243
2244 if (stat(src, &sb) == -1) {
2245 error("stat local \"%s\": %s", src, strerror(errno));
2246 return -1;
2247 }
2248 if (!S_ISDIR(sb.st_mode)) {
2249 error("\"%s\" is not a directory", src);
2250 return -1;
2251 }
2252 if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
2253 mprintf("Entering %s\n", src);
2254
2255 stat_to_attrib(&sb, &a);
2256 a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2257 a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2258 a.perm &= 01777;
2259 if (!preserve_flag)
2260 a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
2261
2262 /*
2263 * sftp lacks a portable status value to match errno EEXIST,
2264 * so if we get a failure back then we must check whether
2265 * the path already existed and is a directory. Ensure we can
2266 * write to the directory we create for the duration of the transfer.
2267 */
2268 saved_perm = a.perm;
2269 a.perm |= (S_IWUSR|S_IXUSR);
2270 if (sftp_mkdir(conn, dst, &a, 0) != 0) {
2271 if (sftp_stat(conn, dst, 0, &dirattrib) != 0)
2272 return -1;
2273 if (!S_ISDIR(dirattrib.perm)) {
2274 error("\"%s\" exists but is not a directory", dst);
2275 return -1;
2276 }
2277 }
2278 a.perm = saved_perm;
2279
2280 if ((dirp = opendir(src)) == NULL) {
2281 error("local opendir \"%s\": %s", src, strerror(errno));
2282 return -1;
2283 }
2284
2285 while (((dp = readdir(dirp)) != NULL) && !interrupted) {
2286 if (dp->d_ino == 0)
2287 continue;
2288 free(new_dst);
2289 free(new_src);
2290 filename = dp->d_name;
2291 new_dst = sftp_path_append(dst, filename);
2292 new_src = sftp_path_append(src, filename);
2293
2294 if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
2295 continue;
2296 if (lstat(new_src, &sb) == -1) {
2297 logit("local lstat \"%s\": %s", filename,
2298 strerror(errno));
2299 ret = -1;
2300 continue;
2301 }
2302 if (S_ISLNK(sb.st_mode)) {
2303 if (!follow_link_flag) {
2304 logit("%s: not a regular file", filename);
2305 continue;
2306 }
2307 /* Replace the stat contents with the symlink target */
2308 if (stat(new_src, &sb) == -1) {
2309 logit("local stat \"%s\": %s", filename,
2310 strerror(errno));
2311 ret = -1;
2312 continue;
2313 }
2314 }
2315 if (S_ISDIR(sb.st_mode)) {
2316 if (upload_dir_internal(conn, new_src, new_dst,
2317 depth + 1, preserve_flag, print_flag, resume,
2318 fsync_flag, follow_link_flag, inplace_flag) == -1)
2319 ret = -1;
2320 } else if (S_ISREG(sb.st_mode)) {
2321 if (sftp_upload(conn, new_src, new_dst,
2322 preserve_flag, resume, fsync_flag,
2323 inplace_flag) == -1) {
2324 error("upload \"%s\" to \"%s\" failed",
2325 new_src, new_dst);
2326 ret = -1;
2327 }
2328 } else
2329 logit("%s: not a regular file", filename);
2330 }
2331 free(new_dst);
2332 free(new_src);
2333
2334 sftp_setstat(conn, dst, &a);
2335
2336 (void) closedir(dirp);
2337 return ret;
2338 }
2339
2340 int
sftp_upload_dir(struct sftp_conn * conn,const char * src,const char * dst,int preserve_flag,int print_flag,int resume,int fsync_flag,int follow_link_flag,int inplace_flag)2341 sftp_upload_dir(struct sftp_conn *conn, const char *src, const char *dst,
2342 int preserve_flag, int print_flag, int resume, int fsync_flag,
2343 int follow_link_flag, int inplace_flag)
2344 {
2345 char *dst_canon;
2346 int ret;
2347
2348 if ((dst_canon = sftp_realpath(conn, dst)) == NULL) {
2349 error("upload \"%s\": path canonicalization failed", dst);
2350 return -1;
2351 }
2352
2353 ret = upload_dir_internal(conn, src, dst_canon, 0, preserve_flag,
2354 print_flag, resume, fsync_flag, follow_link_flag, inplace_flag);
2355
2356 free(dst_canon);
2357 return ret;
2358 }
2359
2360 static void
handle_dest_replies(struct sftp_conn * to,const char * to_path,int synchronous,u_int * nreqsp,u_int * write_errorp)2361 handle_dest_replies(struct sftp_conn *to, const char *to_path, int synchronous,
2362 u_int *nreqsp, u_int *write_errorp)
2363 {
2364 struct sshbuf *msg;
2365 u_char type;
2366 u_int id, status;
2367 int r;
2368 struct pollfd pfd;
2369
2370 if ((msg = sshbuf_new()) == NULL)
2371 fatal_f("sshbuf_new failed");
2372
2373 /* Try to eat replies from the upload side */
2374 while (*nreqsp > 0) {
2375 debug3_f("%u outstanding replies", *nreqsp);
2376 if (!synchronous) {
2377 /* Bail out if no data is ready to be read */
2378 pfd.fd = to->fd_in;
2379 pfd.events = POLLIN;
2380 if ((r = poll(&pfd, 1, 0)) == -1) {
2381 if (errno == EINTR)
2382 break;
2383 fatal_f("poll: %s", strerror(errno));
2384 } else if (r == 0)
2385 break; /* fd not ready */
2386 }
2387 sshbuf_reset(msg);
2388 get_msg(to, msg);
2389
2390 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2391 (r = sshbuf_get_u32(msg, &id)) != 0)
2392 fatal_fr(r, "dest parse");
2393 debug3("Received dest reply T:%u I:%u R:%u", type, id, *nreqsp);
2394 if (type != SSH2_FXP_STATUS) {
2395 fatal_f("Expected SSH2_FXP_STATUS(%d) packet, got %d",
2396 SSH2_FXP_STATUS, type);
2397 }
2398 if ((r = sshbuf_get_u32(msg, &status)) != 0)
2399 fatal_fr(r, "parse dest status");
2400 debug3("dest SSH2_FXP_STATUS %u", status);
2401 if (status != SSH2_FX_OK) {
2402 /* record first error */
2403 if (*write_errorp == 0)
2404 *write_errorp = status;
2405 }
2406 /*
2407 * XXX this doesn't do full reply matching like sftp_upload and
2408 * so cannot gracefully truncate terminated uploads at a
2409 * high-water mark. ATM the only caller of this function (scp)
2410 * doesn't support transfer resumption, so this doesn't matter
2411 * a whole lot.
2412 *
2413 * To be safe, sftp_crossload truncates the destination file to
2414 * zero length on upload failure, since we can't trust the
2415 * server not to have reordered replies that could have
2416 * inserted holes where none existed in the source file.
2417 *
2418 * XXX we could get a more accurate progress bar if we updated
2419 * the counter based on the reply from the destination...
2420 */
2421 (*nreqsp)--;
2422 }
2423 debug3_f("done: %u outstanding replies", *nreqsp);
2424 sshbuf_free(msg);
2425 }
2426
2427 int
sftp_crossload(struct sftp_conn * from,struct sftp_conn * to,const char * from_path,const char * to_path,Attrib * a,int preserve_flag)2428 sftp_crossload(struct sftp_conn *from, struct sftp_conn *to,
2429 const char *from_path, const char *to_path,
2430 Attrib *a, int preserve_flag)
2431 {
2432 struct sshbuf *msg;
2433 int write_error, read_error, r;
2434 u_int64_t offset = 0, size;
2435 u_int id, buflen, num_req, max_req, status = SSH2_FX_OK;
2436 u_int num_upload_req;
2437 off_t progress_counter;
2438 u_char *from_handle, *to_handle;
2439 size_t from_handle_len, to_handle_len;
2440 struct requests requests;
2441 struct request *req;
2442 u_char type;
2443 Attrib attr;
2444
2445 debug2_f("crossload src \"%s\" to dst \"%s\"", from_path, to_path);
2446
2447 TAILQ_INIT(&requests);
2448
2449 if (a == NULL) {
2450 if (sftp_stat(from, from_path, 0, &attr) != 0)
2451 return -1;
2452 a = &attr;
2453 }
2454
2455 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
2456 (!S_ISREG(a->perm))) {
2457 error("download \"%s\": not a regular file", from_path);
2458 return(-1);
2459 }
2460 if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
2461 size = a->size;
2462 else
2463 size = 0;
2464
2465 buflen = from->download_buflen;
2466 if (buflen > to->upload_buflen)
2467 buflen = to->upload_buflen;
2468
2469 /* Send open request to read side */
2470 if (send_open(from, from_path, "origin", SSH2_FXF_READ, NULL,
2471 &from_handle, &from_handle_len) != 0)
2472 return -1;
2473
2474 /* Send open request to write side */
2475 a->flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2476 a->flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2477 a->perm &= 0777;
2478 if (!preserve_flag)
2479 a->flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
2480 if (send_open(to, to_path, "dest",
2481 SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a,
2482 &to_handle, &to_handle_len) != 0) {
2483 sftp_close(from, from_handle, from_handle_len);
2484 return -1;
2485 }
2486
2487 /* Read from remote "from" and write to remote "to" */
2488 offset = 0;
2489 write_error = read_error = num_req = num_upload_req = 0;
2490 max_req = 1;
2491 progress_counter = 0;
2492
2493 if (showprogress && size != 0) {
2494 start_progress_meter(progress_meter_path(from_path),
2495 size, &progress_counter);
2496 }
2497 if ((msg = sshbuf_new()) == NULL)
2498 fatal_f("sshbuf_new failed");
2499 while (num_req > 0 || max_req > 0) {
2500 u_char *data;
2501 size_t len;
2502
2503 /*
2504 * Simulate EOF on interrupt: stop sending new requests and
2505 * allow outstanding requests to drain gracefully
2506 */
2507 if (interrupted) {
2508 if (num_req == 0) /* If we haven't started yet... */
2509 break;
2510 max_req = 0;
2511 }
2512
2513 /* Send some more requests */
2514 while (num_req < max_req) {
2515 debug3("Request range %llu -> %llu (%d/%d)",
2516 (unsigned long long)offset,
2517 (unsigned long long)offset + buflen - 1,
2518 num_req, max_req);
2519 req = request_enqueue(&requests, from->msg_id++,
2520 buflen, offset);
2521 offset += buflen;
2522 num_req++;
2523 send_read_request(from, req->id, req->offset,
2524 req->len, from_handle, from_handle_len);
2525 }
2526
2527 /* Try to eat replies from the upload side (nonblocking) */
2528 handle_dest_replies(to, to_path, 0,
2529 &num_upload_req, &write_error);
2530
2531 sshbuf_reset(msg);
2532 get_msg(from, msg);
2533 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2534 (r = sshbuf_get_u32(msg, &id)) != 0)
2535 fatal_fr(r, "parse");
2536 debug3("Received origin reply T:%u I:%u R:%d",
2537 type, id, max_req);
2538
2539 /* Find the request in our queue */
2540 if ((req = request_find(&requests, id)) == NULL)
2541 fatal("Unexpected reply %u", id);
2542
2543 switch (type) {
2544 case SSH2_FXP_STATUS:
2545 if ((r = sshbuf_get_u32(msg, &status)) != 0)
2546 fatal_fr(r, "parse status");
2547 if (status != SSH2_FX_EOF)
2548 read_error = 1;
2549 max_req = 0;
2550 TAILQ_REMOVE(&requests, req, tq);
2551 free(req);
2552 num_req--;
2553 break;
2554 case SSH2_FXP_DATA:
2555 if ((r = sshbuf_get_string(msg, &data, &len)) != 0)
2556 fatal_fr(r, "parse data");
2557 debug3("Received data %llu -> %llu",
2558 (unsigned long long)req->offset,
2559 (unsigned long long)req->offset + len - 1);
2560 if (len > req->len)
2561 fatal("Received more data than asked for "
2562 "%zu > %zu", len, req->len);
2563
2564 /* Write this chunk out to the destination */
2565 sshbuf_reset(msg);
2566 if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 ||
2567 (r = sshbuf_put_u32(msg, to->msg_id++)) != 0 ||
2568 (r = sshbuf_put_string(msg, to_handle,
2569 to_handle_len)) != 0 ||
2570 (r = sshbuf_put_u64(msg, req->offset)) != 0 ||
2571 (r = sshbuf_put_string(msg, data, len)) != 0)
2572 fatal_fr(r, "compose write");
2573 send_msg(to, msg);
2574 debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%zu",
2575 id, (unsigned long long)offset, len);
2576 num_upload_req++;
2577 progress_counter += len;
2578 free(data);
2579
2580 if (len == req->len) {
2581 TAILQ_REMOVE(&requests, req, tq);
2582 free(req);
2583 num_req--;
2584 } else {
2585 /* Resend the request for the missing data */
2586 debug3("Short data block, re-requesting "
2587 "%llu -> %llu (%2d)",
2588 (unsigned long long)req->offset + len,
2589 (unsigned long long)req->offset +
2590 req->len - 1, num_req);
2591 req->id = from->msg_id++;
2592 req->len -= len;
2593 req->offset += len;
2594 send_read_request(from, req->id,
2595 req->offset, req->len,
2596 from_handle, from_handle_len);
2597 /* Reduce the request size */
2598 if (len < buflen)
2599 buflen = MAXIMUM(MIN_READ_SIZE, len);
2600 }
2601 if (max_req > 0) { /* max_req = 0 iff EOF received */
2602 if (size > 0 && offset > size) {
2603 /* Only one request at a time
2604 * after the expected EOF */
2605 debug3("Finish at %llu (%2d)",
2606 (unsigned long long)offset,
2607 num_req);
2608 max_req = 1;
2609 } else if (max_req < from->num_requests) {
2610 ++max_req;
2611 }
2612 }
2613 break;
2614 default:
2615 fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
2616 SSH2_FXP_DATA, type);
2617 }
2618 }
2619
2620 if (showprogress && size)
2621 stop_progress_meter();
2622
2623 /* Drain replies from the server (blocking) */
2624 debug3_f("waiting for %u replies from destination", num_upload_req);
2625 handle_dest_replies(to, to_path, 1, &num_upload_req, &write_error);
2626
2627 /* Sanity check */
2628 if (TAILQ_FIRST(&requests) != NULL)
2629 fatal("Transfer complete, but requests still in queue");
2630 /* Truncate at 0 length on interrupt or error to avoid holes at dest */
2631 if (read_error || write_error || interrupted) {
2632 debug("truncating \"%s\" at 0", to_path);
2633 sftp_close(to, to_handle, to_handle_len);
2634 free(to_handle);
2635 if (send_open(to, to_path, "dest",
2636 SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a,
2637 &to_handle, &to_handle_len) != 0) {
2638 error("dest truncate \"%s\" failed", to_path);
2639 to_handle = NULL;
2640 }
2641 }
2642 if (read_error) {
2643 error("read origin \"%s\": %s", from_path, fx2txt(status));
2644 status = -1;
2645 sftp_close(from, from_handle, from_handle_len);
2646 if (to_handle != NULL)
2647 sftp_close(to, to_handle, to_handle_len);
2648 } else if (write_error) {
2649 error("write dest \"%s\": %s", to_path, fx2txt(write_error));
2650 status = SSH2_FX_FAILURE;
2651 sftp_close(from, from_handle, from_handle_len);
2652 if (to_handle != NULL)
2653 sftp_close(to, to_handle, to_handle_len);
2654 } else {
2655 if (sftp_close(from, from_handle, from_handle_len) != 0 ||
2656 interrupted)
2657 status = -1;
2658 else
2659 status = SSH2_FX_OK;
2660 if (to_handle != NULL) {
2661 /* Need to resend utimes after write */
2662 if (preserve_flag)
2663 sftp_fsetstat(to, to_handle, to_handle_len, a);
2664 sftp_close(to, to_handle, to_handle_len);
2665 }
2666 }
2667 sshbuf_free(msg);
2668 free(from_handle);
2669 free(to_handle);
2670
2671 return status == SSH2_FX_OK ? 0 : -1;
2672 }
2673
2674 static int
crossload_dir_internal(struct sftp_conn * from,struct sftp_conn * to,const char * from_path,const char * to_path,int depth,Attrib * dirattrib,int preserve_flag,int print_flag,int follow_link_flag)2675 crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to,
2676 const char *from_path, const char *to_path,
2677 int depth, Attrib *dirattrib, int preserve_flag, int print_flag,
2678 int follow_link_flag)
2679 {
2680 int i, ret = 0;
2681 SFTP_DIRENT **dir_entries;
2682 char *filename, *new_from_path = NULL, *new_to_path = NULL;
2683 mode_t mode = 0777;
2684 Attrib *a, curdir, ldirattrib, newdir, lsym;
2685
2686 debug2_f("crossload dir src \"%s\" to dst \"%s\"", from_path, to_path);
2687
2688 if (depth >= MAX_DIR_DEPTH) {
2689 error("Maximum directory depth exceeded: %d levels", depth);
2690 return -1;
2691 }
2692
2693 if (dirattrib == NULL) {
2694 if (sftp_stat(from, from_path, 1, &ldirattrib) != 0) {
2695 error("stat remote \"%s\" failed", from_path);
2696 return -1;
2697 }
2698 dirattrib = &ldirattrib;
2699 }
2700 if (!S_ISDIR(dirattrib->perm)) {
2701 error("\"%s\" is not a directory", from_path);
2702 return -1;
2703 }
2704 if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
2705 mprintf("Retrieving %s\n", from_path);
2706
2707 curdir = *dirattrib; /* dirattrib will be clobbered */
2708 curdir.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2709 curdir.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2710 if ((curdir.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) == 0) {
2711 debug("Origin did not send permissions for "
2712 "directory \"%s\"", to_path);
2713 curdir.perm = S_IWUSR|S_IXUSR;
2714 curdir.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
2715 }
2716 /* We need to be able to write to the directory while we transfer it */
2717 mode = curdir.perm & 01777;
2718 curdir.perm = mode | (S_IWUSR|S_IXUSR);
2719
2720 /*
2721 * sftp lacks a portable status value to match errno EEXIST,
2722 * so if we get a failure back then we must check whether
2723 * the path already existed and is a directory. Ensure we can
2724 * write to the directory we create for the duration of the transfer.
2725 */
2726 if (sftp_mkdir(to, to_path, &curdir, 0) != 0) {
2727 if (sftp_stat(to, to_path, 0, &newdir) != 0)
2728 return -1;
2729 if (!S_ISDIR(newdir.perm)) {
2730 error("\"%s\" exists but is not a directory", to_path);
2731 return -1;
2732 }
2733 }
2734 curdir.perm = mode;
2735
2736 if (sftp_readdir(from, from_path, &dir_entries) == -1) {
2737 error("origin readdir \"%s\" failed", from_path);
2738 return -1;
2739 }
2740
2741 for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {
2742 free(new_from_path);
2743 free(new_to_path);
2744
2745 filename = dir_entries[i]->filename;
2746 new_from_path = sftp_path_append(from_path, filename);
2747 new_to_path = sftp_path_append(to_path, filename);
2748
2749 a = &dir_entries[i]->a;
2750 if (S_ISLNK(a->perm)) {
2751 if (!follow_link_flag) {
2752 logit("%s: not a regular file", filename);
2753 continue;
2754 }
2755 /* Replace the stat contents with the symlink target */
2756 if (sftp_stat(from, new_from_path, 1, &lsym) != 0) {
2757 logit("remote stat \"%s\" failed",
2758 new_from_path);
2759 ret = -1;
2760 continue;
2761 }
2762 a = &lsym;
2763 }
2764 if (S_ISDIR(a->perm)) {
2765 if (strcmp(filename, ".") == 0 ||
2766 strcmp(filename, "..") == 0)
2767 continue;
2768 if (crossload_dir_internal(from, to,
2769 new_from_path, new_to_path,
2770 depth + 1, a, preserve_flag,
2771 print_flag, follow_link_flag) == -1)
2772 ret = -1;
2773 } else if (S_ISREG(a->perm)) {
2774 if (sftp_crossload(from, to, new_from_path,
2775 new_to_path, a, preserve_flag) == -1) {
2776 error("crossload \"%s\" to \"%s\" failed",
2777 new_from_path, new_to_path);
2778 ret = -1;
2779 }
2780 } else {
2781 logit("origin \"%s\": not a regular file",
2782 new_from_path);
2783 }
2784 }
2785 free(new_to_path);
2786 free(new_from_path);
2787
2788 sftp_setstat(to, to_path, &curdir);
2789
2790 sftp_free_dirents(dir_entries);
2791
2792 return ret;
2793 }
2794
2795 int
sftp_crossload_dir(struct sftp_conn * from,struct sftp_conn * to,const char * from_path,const char * to_path,Attrib * dirattrib,int preserve_flag,int print_flag,int follow_link_flag)2796 sftp_crossload_dir(struct sftp_conn *from, struct sftp_conn *to,
2797 const char *from_path, const char *to_path,
2798 Attrib *dirattrib, int preserve_flag, int print_flag, int follow_link_flag)
2799 {
2800 char *from_path_canon;
2801 int ret;
2802
2803 if ((from_path_canon = sftp_realpath(from, from_path)) == NULL) {
2804 error("crossload \"%s\": path canonicalization failed",
2805 from_path);
2806 return -1;
2807 }
2808
2809 ret = crossload_dir_internal(from, to, from_path_canon, to_path, 0,
2810 dirattrib, preserve_flag, print_flag, follow_link_flag);
2811 free(from_path_canon);
2812 return ret;
2813 }
2814
2815 int
sftp_can_get_users_groups_by_id(struct sftp_conn * conn)2816 sftp_can_get_users_groups_by_id(struct sftp_conn *conn)
2817 {
2818 return (conn->exts & SFTP_EXT_GETUSERSGROUPS_BY_ID) != 0;
2819 }
2820
2821 int
sftp_get_users_groups_by_id(struct sftp_conn * conn,const u_int * uids,u_int nuids,const u_int * gids,u_int ngids,char *** usernamesp,char *** groupnamesp)2822 sftp_get_users_groups_by_id(struct sftp_conn *conn,
2823 const u_int *uids, u_int nuids,
2824 const u_int *gids, u_int ngids,
2825 char ***usernamesp, char ***groupnamesp)
2826 {
2827 struct sshbuf *msg, *uidbuf, *gidbuf;
2828 u_int i, expected_id, id;
2829 char *name, **usernames = NULL, **groupnames = NULL;
2830 u_char type;
2831 int r;
2832
2833 *usernamesp = *groupnamesp = NULL;
2834 if (!sftp_can_get_users_groups_by_id(conn))
2835 return SSH_ERR_FEATURE_UNSUPPORTED;
2836
2837 if ((msg = sshbuf_new()) == NULL ||
2838 (uidbuf = sshbuf_new()) == NULL ||
2839 (gidbuf = sshbuf_new()) == NULL)
2840 fatal_f("sshbuf_new failed");
2841 expected_id = id = conn->msg_id++;
2842 debug2("Sending SSH2_FXP_EXTENDED(users-groups-by-id@openssh.com)");
2843 for (i = 0; i < nuids; i++) {
2844 if ((r = sshbuf_put_u32(uidbuf, uids[i])) != 0)
2845 fatal_fr(r, "compose uids");
2846 }
2847 for (i = 0; i < ngids; i++) {
2848 if ((r = sshbuf_put_u32(gidbuf, gids[i])) != 0)
2849 fatal_fr(r, "compose gids");
2850 }
2851 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
2852 (r = sshbuf_put_u32(msg, id)) != 0 ||
2853 (r = sshbuf_put_cstring(msg,
2854 "users-groups-by-id@openssh.com")) != 0 ||
2855 (r = sshbuf_put_stringb(msg, uidbuf)) != 0 ||
2856 (r = sshbuf_put_stringb(msg, gidbuf)) != 0)
2857 fatal_fr(r, "compose");
2858 send_msg(conn, msg);
2859 get_msg(conn, msg);
2860 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2861 (r = sshbuf_get_u32(msg, &id)) != 0)
2862 fatal_fr(r, "parse");
2863 if (id != expected_id)
2864 fatal("ID mismatch (%u != %u)", id, expected_id);
2865 if (type == SSH2_FXP_STATUS) {
2866 u_int status;
2867 char *errmsg;
2868
2869 if ((r = sshbuf_get_u32(msg, &status)) != 0 ||
2870 (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0)
2871 fatal_fr(r, "parse status");
2872 error("users-groups-by-id %s",
2873 *errmsg == '\0' ? fx2txt(status) : errmsg);
2874 free(errmsg);
2875 sshbuf_free(msg);
2876 sshbuf_free(uidbuf);
2877 sshbuf_free(gidbuf);
2878 return -1;
2879 } else if (type != SSH2_FXP_EXTENDED_REPLY)
2880 fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
2881 SSH2_FXP_EXTENDED_REPLY, type);
2882
2883 /* reuse */
2884 sshbuf_free(uidbuf);
2885 sshbuf_free(gidbuf);
2886 uidbuf = gidbuf = NULL;
2887 if ((r = sshbuf_froms(msg, &uidbuf)) != 0 ||
2888 (r = sshbuf_froms(msg, &gidbuf)) != 0)
2889 fatal_fr(r, "parse response");
2890 if (nuids > 0) {
2891 usernames = xcalloc(nuids, sizeof(*usernames));
2892 for (i = 0; i < nuids; i++) {
2893 if ((r = sshbuf_get_cstring(uidbuf, &name, NULL)) != 0)
2894 fatal_fr(r, "parse user name");
2895 /* Handle unresolved names */
2896 if (*name == '\0') {
2897 free(name);
2898 name = NULL;
2899 }
2900 usernames[i] = name;
2901 }
2902 }
2903 if (ngids > 0) {
2904 groupnames = xcalloc(ngids, sizeof(*groupnames));
2905 for (i = 0; i < ngids; i++) {
2906 if ((r = sshbuf_get_cstring(gidbuf, &name, NULL)) != 0)
2907 fatal_fr(r, "parse user name");
2908 /* Handle unresolved names */
2909 if (*name == '\0') {
2910 free(name);
2911 name = NULL;
2912 }
2913 groupnames[i] = name;
2914 }
2915 }
2916 if (sshbuf_len(uidbuf) != 0)
2917 fatal_f("unexpected extra username data");
2918 if (sshbuf_len(gidbuf) != 0)
2919 fatal_f("unexpected extra groupname data");
2920 sshbuf_free(uidbuf);
2921 sshbuf_free(gidbuf);
2922 sshbuf_free(msg);
2923 /* success */
2924 *usernamesp = usernames;
2925 *groupnamesp = groupnames;
2926 return 0;
2927 }
2928
2929 char *
sftp_path_append(const char * p1,const char * p2)2930 sftp_path_append(const char *p1, const char *p2)
2931 {
2932 char *ret;
2933 size_t len = strlen(p1) + strlen(p2) + 2;
2934
2935 ret = xmalloc(len);
2936 strlcpy(ret, p1, len);
2937 if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
2938 strlcat(ret, "/", len);
2939 strlcat(ret, p2, len);
2940
2941 return(ret);
2942 }
2943
2944 /*
2945 * Arg p must be dynamically allocated. It will either be returned or
2946 * freed and a replacement allocated. Caller must free returned string.
2947 */
2948 char *
sftp_make_absolute(char * p,const char * pwd)2949 sftp_make_absolute(char *p, const char *pwd)
2950 {
2951 char *abs_str;
2952
2953 /* Derelativise */
2954 if (p && !path_absolute(p)) {
2955 abs_str = sftp_path_append(pwd, p);
2956 free(p);
2957 return(abs_str);
2958 } else
2959 return(p);
2960 }
2961
2962 int
sftp_remote_is_dir(struct sftp_conn * conn,const char * path)2963 sftp_remote_is_dir(struct sftp_conn *conn, const char *path)
2964 {
2965 Attrib a;
2966
2967 /* XXX: report errors? */
2968 if (sftp_stat(conn, path, 1, &a) != 0)
2969 return(0);
2970 if (!(a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
2971 return(0);
2972 return S_ISDIR(a.perm);
2973 }
2974
2975
2976 /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
2977 int
sftp_globpath_is_dir(const char * pathname)2978 sftp_globpath_is_dir(const char *pathname)
2979 {
2980 size_t l = strlen(pathname);
2981
2982 return l > 0 && pathname[l - 1] == '/';
2983 }
2984
2985