Commit Graph

252 Commits

Author SHA1 Message Date
djm@openbsd.org
2ab864010e upstream: SFTP protocol extension to allow the server to expand
~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.

prompted by and much discussion deraadt@
ok markus@

OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392
2021-08-10 12:47:46 +10:00
djm@openbsd.org
41b019ac06 upstream: when scp is in SFTP mode, try to deal better with ~
prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted
and prefixed with the SFTP server starting directory (more to come)

prompted by and discussed with deraadt@
ok markus@

OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d
2021-08-10 12:47:45 +10:00
djm@openbsd.org
b4b3f3da6c upstream: on fatal errors, make scp wait for ssh connection before
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@

(this was originally committed as r1.223 along with unrelated stuff that
I rolled back in r1.224)

OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b
2021-08-10 12:47:45 +10:00
djm@openbsd.org
2ae7771749 upstream: rever r1.223 - I accidentally committed unrelated changes
OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9
2021-08-10 12:47:45 +10:00
djm@openbsd.org
2b67932bb3 upstream: on fatal errors, make scp wait for ssh connection before
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@

OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c
2021-08-10 12:47:39 +10:00
dtucker@openbsd.org
cf27810a64 upstream: Fix prototype mismatch for do_cmd. ok djm@
OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d
2021-08-07 12:11:03 +10:00
djm@openbsd.org
7b1cbcb759 upstream: make scp(1) in SFTP mode follow symlinks like
traditional scp(1) ok markus@

OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231
2021-08-07 10:20:31 +10:00
djm@openbsd.org
c677e65365 upstream: make scp(1) in SFTP mode output better match original
scp(1) by suppressing "Retrieving [path]" lines that were emitted to support
the interactive sftp(1) client. ok markus@

OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc
2021-08-07 10:20:31 +10:00
djm@openbsd.org
318c06bb04 upstream: use sftp_client crossloading to implement scp -3
feedback/ok markus@

OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9
2021-08-07 10:20:31 +10:00
djm@openbsd.org
e3c0ba0587 upstream: prepare for scp -3 implemented via sftp
OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44
2021-08-07 10:20:24 +10:00
dtucker@openbsd.org
911ec64118 upstream: Allow for different (but POSIX compliant) behaviour of
basename(3) and prevent a use-after-free in that case in the new sftp-compat
code.

POSIX allows basename(3) to either return a pointer to static storage
or modify the passed string and return a pointer to that.  OpenBSD does
the former and works as is, but on other platforms "filename" points
into "tmp" which was just freed.  This makes the freeing of tmp
consistent with the other variable in the loop.

Pinpointed by the -portable Valgrind regress test.  ok djm@ deraadt@

OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374
2021-08-04 12:04:33 +10:00
Damien Miller
6df1fecb5d use openbsd-compat glob.h is required 2021-08-04 11:05:11 +10:00
djm@openbsd.org
197e29f1cc upstream: support for using the SFTP protocol for file transfers in
scp, via a new "-M sftp" option. Marked as experimental for now.

Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.

Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.

OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
2021-08-03 11:03:09 +10:00
djm@openbsd.org
b67eb12f01 upstream: allow spaces to appear in usernames for local to remote,
and scp -3 remote to remote copies. with & ok dtucker bz#1164

OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd
2021-07-05 10:27:03 +10:00
djm@openbsd.org
31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
a8732d74cb upstream: allow -A to explicitly enable agent forwarding in scp and
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus

OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
2020-08-03 14:27:59 +10:00
millert@openbsd.org
5ad3c3a33e upstream: Fix error message on close(2) and add printf format
attributes. From Christos Zoulas, OK markus@

OpenBSD-Commit-ID: 41523c999a9e3561fcc7082fd38ea2e0629ee07e
2020-05-30 10:48:06 +10:00
djm@openbsd.org
955854cafc upstream: another case where a utimes() failure could make scp send
a desynchronising error; reminded by Aymeric Vincent ok deraadt markus

OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381
2020-05-07 15:39:00 +10:00
djm@openbsd.org
aad87b88fc upstream: when receving a file in sink(), be careful to send at
most a single error response after the file has been opened. Otherwise the
source() and sink() can become desyncronised. Reported by Daniel Goujot,
Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.

ok deraadt@ markus@

OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
2020-05-01 16:40:11 +10:00
markus@openbsd.org
ea14103ce9 upstream: run the 2nd ssh with BatchMode for scp -3
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
2020-05-01 13:13:29 +10:00
dtucker@openbsd.org
3bf2a6ac79 upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23 18:51:25 +11:00
Darren Tucker
0e3c5bc509 Hook up fnmatch for platforms that don't have it. 2019-11-01 18:27:37 +11:00
Damien Miller
cfc1897a20 wrap stdint.h include in HAVE_STDINT_H
make the indenting a little more consistent too..

Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-09 09:06:35 +11:00
dtucker@openbsd.org
df78011427 upstream: Fix potential truncation warning. ok deraadt.
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
2019-09-13 14:09:20 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
djm@openbsd.org
3d896c157c upstream: when checking that filenames sent by the server side
match what the client requested, be prepared to handle shell-style brace
alternations, e.g. "{foo,bar}".

"looks good to me" millert@ + in snaps for the last week courtesy
deraadt@

OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
2019-02-10 22:24:24 +11:00
jmc@openbsd.org
2c21b75a7b upstream: add -T to usage();
OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899
2019-02-01 18:55:11 +11:00
djm@openbsd.org
391ffc4b9d upstream: check in scp client that filenames sent during
remote->local directory copies satisfy the wildcard specified by the user.

This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.

For this reason, this also adds a new -T flag to disable the check.

reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@

OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
2019-01-27 09:42:39 +11:00
dtucker@openbsd.org
bdc6c63c80 upstream: Have progressmeter force an update at the beginning and
end of each transfer.  Fixes the problem recently introduces where very quick
transfers do not display the progressmeter at all.  Spotted by naddy@

OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a
2019-01-25 06:32:14 +11:00
dtucker@openbsd.org
8976f1c4b2 upstream: Sanitize scp filenames via snmprintf. To do this we move
the progressmeter formatting outside of signal handler context and have the
atomicio callback called for EINTR too.  bz#2434 with contributions from djm
and jjelen at redhat.com, ok djm@

OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
2019-01-24 12:30:30 +11:00
tb@openbsd.org
622dedf1a8 upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)
and sftp(1) to match ssh(1)'s interface.

ok djm

OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
2019-01-22 22:42:01 +11:00
Damien Miller
42c5ec4b97 refactor libcrypto initialisation
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev
2018-11-23 10:42:05 +11:00
djm@openbsd.org
6010c0303a upstream: disallow empty incoming filename or ones that refer to the
current directory; based on report/patch from Harry Sintonen

OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
2018-11-16 14:04:35 +11:00
dtucker@openbsd.org
e5019da3c5 upstream: Apply umask to all incoming files and directories not
just files. This makes sure it gets applied to directories too, and prevents
a race where files get chmodded after creation.  bz#2839, ok djm@

OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b
2018-06-04 14:54:43 +10:00
djm@openbsd.org
001aa55484 upstream: lots of typos in comments/docs. Patch from Karsten Weiss
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)

OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-04-10 10:17:15 +10:00
djm@openbsd.org
77e05394af upstream commit
Disable RemoteCommand and RequestTTY in the ssh session
started by scp. sftp is already doing this. From Camden Narzt via github; ok
dtucker

OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
2018-02-10 17:16:04 +11:00
millert@openbsd.org
c9e37a8725 upstream commit
Add helper function for uri handing in scp where a
missing path simply means ".".  Also fix exit code and add warnings when an
invalid uri is encountered.  OK otto@

OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
2017-12-19 15:21:37 +11:00
millert@openbsd.org
887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
deraadt@openbsd.org
9e509d4ec9 upstream commit
Switch to recallocarray() for a few operations.  Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus

Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-06-01 14:55:22 +10:00
jmc@openbsd.org
4f1ca823ba upstream commit
remove options -12 from usage();

Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
2017-05-08 09:18:04 +10:00
Darren Tucker
329037e389 Wrap stdint.h in HAVE_STDINT_H 2017-05-01 13:53:55 +10:00
djm@openbsd.org
a3710d5d52 upstream commit
exterminate the -1 flag from scp

ok markus@

Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
2017-05-01 10:05:05 +10:00
millert@openbsd.org
066437187e upstream commit
Avoid relying on implementation-specific behavior when
detecting whether the timestamp or file size overflowed.  If time_t and off_t
are not either 32-bit or 64-bit scp will exit with an error. OK djm@

Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
2017-04-28 13:26:37 +10:00
millert@openbsd.org
91bd218186 upstream commit
Avoid potential signed int overflow when parsing the file
size. Use strtoul() instead of parsing manually.  OK djm@

Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
2017-04-28 13:26:36 +10:00
Damien Miller
dda78a03af Force Turkish locales back to C/POSIX; bz#2643
Turkish locales are unique in their handling of the letters 'i' and
'I' (yes, they are different letters) and OpenSSH isn't remotely
prepared to deal with that. For now, the best we can do is to force
OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
encoding if possible.

ok dtucker@
2016-12-12 13:58:59 +11:00
deraadt@openbsd.org
9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
schwarze@openbsd.org
0e059cdf5f upstream commit
To prevent screwing up terminal settings when printing to
 the terminal, for ASCII and UTF-8, escape bytes not forming characters and
 bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
 character sets, abort printing of the current string in these cases.  In
 particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
 sanitize data received from the remote host; * sanitize filenames, usernames,
 and similar data even locally; * take character display widths into account
 for the progressmeter.

This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.

Using feedback from djm@ and martijn@,
various aspects discussed with many others.

deraadt@ says it should go in now, i probably already hesitated too long

Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2016-06-06 11:27:38 +10:00
dtucker@openbsd.org
8ef04d7a94 upstream commit
Improve accuracy of reported transfer speeds by waiting
 for the ack from the other end.  Pointed out by mmcc@, ok deraadt@ markus@

Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
2016-03-04 15:12:20 +11:00
deraadt@openbsd.org
9080bd0b9c upstream commit
pledge "stdio rpath wpath cpath fattr tty proc exec"
 except for the -p option (which sadly has insane semantics...) ok semarie
 dtucker

Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
2015-11-28 17:44:33 +11:00