Commit Graph

133 Commits

Author SHA1 Message Date
deraadt@openbsd.org 9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
Darren Tucker 0fb7f59853 Move prctl PR_SET_DUMPABLE into platform.c.
This should make it easier to add additional platform support such as
Solaris (bz#2584).
2016-06-09 16:23:07 +10:00
dtucker@openbsd.org ffb1e7e896 upstream commit
Add a function to enable security-related malloc_options.
  With and ok deraadt@, something similar has been in the snaps for a while.

Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16 10:44:00 +11:00
Damien Miller 4626cbaf78 Support Illumos/Solaris fine-grained privileges
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
2016-01-08 14:29:12 +11:00
logan@openbsd.org db6f8dc5dd upstream commit
1) Use xcalloc() instead of xmalloc() to check for
 potential overflow.    (Feedback from both mmcc@ and djm@) 2) move set_size
 just before the for loop. (suggested by djm@)

OK djm@

Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
2015-11-17 11:15:20 +11:00
deraadt@openbsd.org ce445b0ed9 upstream commit
Do not cast result of malloc/calloc/realloc* if stdlib.h
 is in scope ok krw millert

Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
2015-08-21 13:43:25 +10:00
deraadt@openbsd.org 657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
Darren Tucker 202d443eed Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits. 2015-04-15 15:59:49 +10:00
deraadt@openbsd.org 087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
Damien Miller 83b9678a62 fix merge botch 2015-01-15 02:35:50 +11:00
djm@openbsd.org 7d845f4a0b upstream commit
update sftp client and server to new buffer API. pretty
 much just mechanical changes; with & ok markus
2015-01-15 02:22:18 +11:00
Damien Miller 9c1dede005 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
2014-08-24 03:01:06 +10:00
Damien Miller 14928b7492 - (djm) On platforms that support it, use prctl() to prevent sftp-server
from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
2014-04-01 14:38:07 +11:00
Darren Tucker 2aca159d05 - dtucker@cvs.openbsd.org 2014/01/17 06:23:24
[sftp-server.c]
     fix log message statvfs.  ok djm
2014-01-19 15:25:34 +11:00
Damien Miller f29238e674 - djm@cvs.openbsd.org 2013/10/17 00:30:13
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
     fsync@openssh.com protocol extension for sftp-server
     client support to allow calling fsync() faster successful transfer
     patch mostly by imorgan AT nas.nasa.gov; bz#1798
     "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 11:48:52 +11:00
Damien Miller e9fc72edd6 - djm@cvs.openbsd.org 2013/10/14 23:28:23
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
     refactor client config code a little:
     add multistate option partsing to readconf.c, similar to servconf.c's
     existing code.
     move checking of options that accept "none" as an argument to readconf.c
     add a lowercase() function and use it instead of explicit tolower() in
     loops
     part of a larger diff that was ok markus@
2013-10-15 12:14:12 +11:00
Damien Miller 6efab27109 - jmc@cvs.openbsd.org 2013/10/14 14:18:56
[sftp-server.8 sftp-server.c]
     tweak previous;
     ok djm
2013-10-15 12:07:05 +11:00
Damien Miller 73600e51af - djm@cvs.openbsd.org 2013/10/10 00:53:25
[sftp-server.c]
     add -Q, -P and -p to usage() before jmc@ catches me
2013-10-15 11:56:25 +11:00
Damien Miller 6eaeebf27d - djm@cvs.openbsd.org 2013/10/09 23:42:17
[sftp-server.8 sftp-server.c]
     Add ability to whitelist and/or blacklist sftp protocol requests by name.
     Refactor dispatch loop and consolidate read-only mode checks.
     Make global variables static, since sftp-server is linked into sshd(8).
     ok dtucker@
2013-10-15 11:55:57 +11:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller aa7ad3039c - jmc@cvs.openbsd.org 2013/01/04 19:26:38
[sftp-server.8 sftp-server.c]
     sftp-server.8: add argument name to -d
     sftp-server.c: add -d to usage()
     ok djm
2013-01-09 15:58:21 +11:00
Damien Miller 502ab0eff1 - djm@cvs.openbsd.org 2013/01/03 12:54:49
[sftp-server.8 sftp-server.c]
     allow specification of an alternate start directory for sftp-server(8)
     "I like this" markus@
2013-01-09 15:57:36 +11:00
Damien Miller f145a5be1c - djm@cvs.openbsd.org 2011/06/17 21:46:16
[sftp-server.c]
     the protocol version should be unsigned; bz#1913 reported by mb AT
     smartftp.com
2011-06-20 14:42:51 +10:00
Darren Tucker af1f909254 - djm@cvs.openbsd.org 2010/12/04 00:18:01
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
     add a protocol extension to support a hard link operation. It is
     available through the "ln" command in the client. The old "ln"
     behaviour of creating a symlink is available using its "-s" option
     or through the preexisting "symlink" command; based on a patch from
     miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Damien Miller 0733121194 - djm@cvs.openbsd.org 2010/11/04 02:45:34
[sftp-server.c]
     umask should be parsed as octal. reported by candland AT xmission.com;
     ok markus@
2010-11-05 10:20:31 +11:00
Darren Tucker 2901e2daeb - djm@cvs.openbsd.org 2010/01/13 01:40:16
[sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h]
     support '-h' (human-readable units) for sftp's ls command, just like
     ls(1); ok dtucker@
2010-01-13 22:44:06 +11:00
Darren Tucker db7bf82544 - djm@cvs.openbsd.org 2010/01/09 00:20:26
[sftp-server.c sftp-server.8]
     add a 'read-only' mode to sftp-server(8) that disables open in write mode
     and all other fs-modifying protocol methods. bz#430 ok dtucker@
2010-01-09 22:24:33 +11:00
Darren Tucker aaf51d2d5b - djm@cvs.openbsd.org 2010/01/04 02:25:15
[sftp-server.c]
     bz#1566 don't unnecessarily dup() in and out fds for sftp-server;
     ok markus@
2010-01-08 19:04:49 +11:00
Darren Tucker 49b7e23545 - sobrado@cvs.openbsd.org 2009/10/17 12:10:39
[sftp-server.c]
     sort flags.
2009-10-24 11:41:05 +11:00
Darren Tucker 30359e19ec - djm@cvs.openbsd.org 2009/08/31 20:56:02
[sftp-server.c]
     check correct variable for error message, spotted by martynas@
2009-10-07 08:47:24 +11:00
Darren Tucker 7dc4850ce8 - djm@cvs.openbsd.org 2009/08/27 17:28:52
[sftp-server.c]
     allow setting an explicit umask on the commandline to override whatever
     default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-10-07 08:44:42 +11:00
Damien Miller 0e26551f7f - (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when
attempting atomic rename(); ok dtucker@
2009-08-28 10:43:13 +10:00
Darren Tucker b62f1a856d - stevesk@cvs.openbsd.org 2009/04/14 16:33:42
[sftp-server.c]
     remove unused option character from getopt() optstring; ok markus@
2009-06-21 17:53:48 +10:00
Darren Tucker f7fa706e70 - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link
returns EXDEV.  Patch from Mike Garrison, ok djm@
2008-07-04 14:10:19 +10:00
Damien Miller 9e720284fe - djm@cvs.openbsd.org 2008/06/26 06:10:09
[sftp-client.c sftp-server.c]
     allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
     bits. Note that this only affects explicit setting of modes (e.g. via
     sftp(1)'s chmod command) and not file transfers. (bz#1310)
     ok deraadt@ at c2k8
2008-06-29 22:46:35 +10:00
Darren Tucker 3463acaebf - dtucker@cvs.openbsd.org 2008/06/09 13:02:39
Extend 32bit -> 64bit values for statvfs extension missed in previous
     commit.
2008-06-09 23:06:55 +10:00
Darren Tucker 422c34c96d - dtucker@cvs.openbsd.org 2008/06/08 17:04:41
[sftp-server.c]
     Add case for ENOSYS in errno_to_portable; ok deraadt
2008-06-09 22:48:31 +10:00
Darren Tucker 77001384cc - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a
macro to convert fsid to unsigned long for platforms where fsid is a
   2-member array.
2008-06-09 06:17:53 +10:00
Darren Tucker 598eaa6c0c - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
   fstatvfs and remove #defines around statvfs code.  ok djm@
2008-06-09 03:32:29 +10:00
Darren Tucker 294b841832 - djm@cvs.openbsd.org 2008/06/07 21:52:46
[sftp-server.c sftp-client.c]
     statvfs member fsid needs to be wider, increase it to 64 bits and
     crank extension revision number to 2; prodded and ok dtucker@
2008-06-08 12:57:08 +10:00
Darren Tucker 5b2e2ba9e4 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] Do not enable statvfs extensions on platforms that do not have statvfs. ok djm@ 2008-06-08 09:25:28 +10:00
Damien Miller a7e0d5a34a - djm@cvs.openbsd.org 2008/05/18 21:29:05
[sftp-server.c]
     comment extension announcement
2008-05-19 16:08:41 +10:00
Damien Miller d671e5a978 - djm@cvs.openbsd.org 2008/04/18 12:32:11
[sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
     introduce sftp extension methods statvfs@openssh.com and
     fstatvfs@openssh.com that implement statvfs(2)-like operations,
     based on a patch from miklos AT szeredi.hu (bz#1399)
     also add a "df" command to the sftp client that uses the
     statvfs@openssh.com to produce a df(1)-like display of filesystem
     space and inode utilisation
     ok markus@
2008-05-19 14:53:33 +10:00
Damien Miller 7c29661471 - djm@cvs.openbsd.org 2008/02/27 20:21:15
[sftp-server.c]
     add an extension method "posix-rename@openssh.com" to perform POSIX atomic
     rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
     ok dtucker@ markus@
2008-03-07 18:33:53 +11:00
Damien Miller 62ca18d12f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in chroot
     required). ok markus@
2008-02-10 22:44:20 +11:00
Damien Miller d8cb1f184f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in
     chroot required). ok markus@
2008-02-10 22:40:12 +11:00
Damien Miller dfc24258a7 - markus@cvs.openbsd.org 2008/02/04 21:53:00
[session.c sftp-server.c sftp.h]
     link sftp-server into sshd; feedback and ok djm@
2008-02-10 22:29:40 +11:00
Damien Miller 3397d0e0c5 - djm@cvs.openbsd.org 2008/01/21 17:24:30
[sftp-server.c]
     Remove the fixed 100 handle limit in sftp-server and allocate as many
     as we have available file descriptors. Patch from miklos AT szeredi.hu;
     ok dtucker@ markus@
2008-02-10 22:26:51 +11:00
Damien Miller 35e18dba89 - djm@cvs.openbsd.org 2007/09/13 04:39:04
[sftp-server.c]
     fix incorrect test when setting syslog facility; from Jan Pechanec
2007-09-17 16:11:33 +10:00
Darren Tucker e9405983dc - djm@cvs.openbsd.org 2007/05/17 07:55:29
[sftp-server.c]
     bz#1286 stop reading and processing commands when input or output buffer
     is nearly full, otherwise sftp-server would happily try to grow the
     input/output buffers past the maximum supported by the buffer API and
     promptly fatal()
     based on patch from Thue Janus Kristensen; feedback & ok dtucker@
2007-05-20 15:09:04 +10:00