/* * Implement the SftpServer abstraction, in the 'live' form (i.e. * really operating on the Unix filesystem). */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "putty.h" #include "ssh.h" #include "sftp.h" #include "tree234.h" typedef struct UnixSftpServer UnixSftpServer; struct UnixSftpServer { unsigned *fdseqs; int *fdsopen; int fdsize; tree234 *dirhandles; int last_dirhandle_index; char handlekey[8]; SftpServer srv; }; struct uss_dirhandle { int index; DIR *dp; }; #define USS_DIRHANDLE_SEQ (0xFFFFFFFFU) static int uss_dirhandle_cmp(void *av, void *bv) { struct uss_dirhandle *a = (struct uss_dirhandle *)av; struct uss_dirhandle *b = (struct uss_dirhandle *)bv; if (a->index < b->index) return -1; if (a->index > b->index) return +1; return 0; } static SftpServer *uss_new(const SftpServerVtable *vt) { int i; UnixSftpServer *uss = snew(UnixSftpServer); memset(uss, 0, sizeof(UnixSftpServer)); uss->dirhandles = newtree234(uss_dirhandle_cmp); uss->srv.vt = vt; for (i = 0; i < lenof(uss->handlekey); i++) uss->handlekey[i] = random_byte(); return &uss->srv; } static void uss_free(SftpServer *srv) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); struct uss_dirhandle *udh; int i; for (i = 0; i < uss->fdsize; i++) if (uss->fdsopen[i]) close(i); sfree(uss->fdseqs); while ((udh = delpos234(uss->dirhandles, 0)) != NULL) { closedir(udh->dp); sfree(udh); } sfree(uss); } static void uss_return_handle_raw( UnixSftpServer *uss, SftpReplyBuilder *reply, int index, unsigned seq) { unsigned char handlebuf[8]; PUT_32BIT(handlebuf, index); PUT_32BIT(handlebuf + 4, seq); des_encrypt_xdmauth(uss->handlekey, handlebuf, 8); fxp_reply_handle(reply, make_ptrlen(handlebuf, 8)); } static int uss_decode_handle( UnixSftpServer *uss, ptrlen handle, int *index, unsigned *seq) { unsigned char handlebuf[8]; if (handle.len != 8) return FALSE; memcpy(handlebuf, handle.ptr, 8); des_decrypt_xdmauth(uss->handlekey, handlebuf, 8); *index = toint(GET_32BIT(handlebuf)); *seq = GET_32BIT(handlebuf + 4); return TRUE; } static void uss_return_new_handle( UnixSftpServer *uss, SftpReplyBuilder *reply, int fd) { assert(fd >= 0); if (fd >= uss->fdsize) { int old_size = uss->fdsize; uss->fdsize = fd * 5 / 4 + 32; uss->fdseqs = sresize(uss->fdseqs, uss->fdsize, unsigned); uss->fdsopen = sresize(uss->fdsopen, uss->fdsize, int); while (old_size < uss->fdsize) { uss->fdseqs[old_size] = 0; uss->fdsopen[old_size] = FALSE; old_size++; } } assert(!uss->fdsopen[fd]); uss->fdsopen[fd] = TRUE; if (++uss->fdseqs[fd] == USS_DIRHANDLE_SEQ) uss->fdseqs[fd] = 0; uss_return_handle_raw(uss, reply, fd, uss->fdseqs[fd]); } static int uss_try_lookup_fd(UnixSftpServer *uss, ptrlen handle) { int fd; unsigned seq; if (!uss_decode_handle(uss, handle, &fd, &seq) || fd < 0 || fd >= uss->fdsize || !uss->fdsopen[fd] || uss->fdseqs[fd] != seq) return -1; return fd; } static int uss_lookup_fd(UnixSftpServer *uss, SftpReplyBuilder *reply, ptrlen handle) { int fd = uss_try_lookup_fd(uss, handle); if (fd < 0) fxp_reply_error(reply, SSH_FX_FAILURE, "invalid file handle"); return fd; } static void uss_return_new_dirhandle( UnixSftpServer *uss, SftpReplyBuilder *reply, DIR *dp) { struct uss_dirhandle *udh = snew(struct uss_dirhandle); udh->index = uss->last_dirhandle_index++; udh->dp = dp; struct uss_dirhandle *added = add234(uss->dirhandles, udh); assert(added == udh); uss_return_handle_raw(uss, reply, udh->index, USS_DIRHANDLE_SEQ); } static struct uss_dirhandle *uss_try_lookup_dirhandle( UnixSftpServer *uss, ptrlen handle) { struct uss_dirhandle key, *udh; unsigned seq; if (!uss_decode_handle(uss, handle, &key.index, &seq) || seq != USS_DIRHANDLE_SEQ || (udh = find234(uss->dirhandles, &key, NULL)) == NULL) return NULL; return udh; } static struct uss_dirhandle *uss_lookup_dirhandle( UnixSftpServer *uss, SftpReplyBuilder *reply, ptrlen handle) { struct uss_dirhandle *udh = uss_try_lookup_dirhandle(uss, handle); if (!udh) fxp_reply_error(reply, SSH_FX_FAILURE, "invalid file handle"); return udh; } static void uss_error(UnixSftpServer *uss, SftpReplyBuilder *reply) { unsigned code = SSH_FX_FAILURE; switch (errno) { case ENOENT: code = SSH_FX_NO_SUCH_FILE; break; case EPERM: code = SSH_FX_PERMISSION_DENIED; break; } fxp_reply_error(reply, code, strerror(errno)); } static void uss_realpath(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); char *inpath = mkstr(path); char *outpath = realpath(inpath, NULL); free(inpath); if (!outpath) { uss_error(uss, reply); } else { fxp_reply_simple_name(reply, ptrlen_from_asciz(outpath)); free(outpath); } } static void uss_open(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path, unsigned flags, struct fxp_attrs attrs) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); int openflags = 0; if (!((SSH_FXF_READ | SSH_FXF_WRITE) &~ flags)) openflags |= O_RDWR; else if (flags & SSH_FXF_WRITE) openflags |= O_WRONLY; else if (flags & SSH_FXF_READ) openflags |= O_RDONLY; if (flags & SSH_FXF_APPEND) openflags |= O_APPEND; if (flags & SSH_FXF_CREAT) openflags |= O_CREAT; if (flags & SSH_FXF_TRUNC) openflags |= O_TRUNC; if (flags & SSH_FXF_EXCL) openflags |= O_EXCL; char *pathstr = mkstr(path); int fd = open(pathstr, openflags, GET_PERMISSIONS(attrs, 0777)); free(pathstr); if (fd < 0) { uss_error(uss, reply); } else { uss_return_new_handle(uss, reply, fd); } } static void uss_opendir(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); char *pathstr = mkstr(path); DIR *dp = opendir(pathstr); free(pathstr); if (!dp) { uss_error(uss, reply); } else { uss_return_new_dirhandle(uss, reply, dp); } } static void uss_close(SftpServer *srv, SftpReplyBuilder *reply, ptrlen handle) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); int fd; struct uss_dirhandle *udh; if ((udh = uss_try_lookup_dirhandle(uss, handle)) != NULL) { closedir(udh->dp); del234(uss->dirhandles, udh); sfree(udh); fxp_reply_ok(reply); } else if ((fd = uss_lookup_fd(uss, reply, handle)) >= 0) { close(fd); assert(0 <= fd && fd <= uss->fdsize); uss->fdsopen[fd] = FALSE; fxp_reply_ok(reply); } /* if both failed, uss_lookup_fd will have filled in an error response */ } static void uss_mkdir(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path, struct fxp_attrs attrs) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); char *pathstr = mkstr(path); int status = mkdir(pathstr, GET_PERMISSIONS(attrs, 0777)); free(pathstr); if (status < 0) { uss_error(uss, reply); } else { fxp_reply_ok(reply); } } static void uss_rmdir(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); char *pathstr = mkstr(path); int status = rmdir(pathstr); free(pathstr); if (status < 0) { uss_error(uss, reply); } else { fxp_reply_ok(reply); } } static void uss_remove(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); char *pathstr = mkstr(path); int status = unlink(pathstr); free(pathstr); if (status < 0) { uss_error(uss, reply); } else { fxp_reply_ok(reply); } } static void uss_rename(SftpServer *srv, SftpReplyBuilder *reply, ptrlen srcpath, ptrlen dstpath) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); char *srcstr = mkstr(srcpath), *dststr = mkstr(dstpath); int status = rename(srcstr, dststr); free(srcstr); free(dststr); if (status < 0) { uss_error(uss, reply); } else { fxp_reply_ok(reply); } } static uint64 uint64_from_off_t(off_t off) { return uint64_make((off >> 16) >> 16, (off & 0xFFFFFFFFU)); } static struct fxp_attrs uss_translate_struct_stat(const struct stat *st) { struct fxp_attrs attrs; attrs.flags = (SSH_FILEXFER_ATTR_SIZE | SSH_FILEXFER_ATTR_PERMISSIONS | SSH_FILEXFER_ATTR_UIDGID | SSH_FILEXFER_ATTR_ACMODTIME); attrs.size = uint64_from_off_t(st->st_size); attrs.permissions = st->st_mode; attrs.uid = st->st_uid; attrs.gid = st->st_gid; attrs.atime = st->st_atime; attrs.mtime = st->st_mtime; return attrs; } static void uss_reply_struct_stat(SftpReplyBuilder *reply, const struct stat *st) { fxp_reply_attrs(reply, uss_translate_struct_stat(st)); } static void uss_stat(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path, int follow_symlinks) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); struct stat st; char *pathstr = mkstr(path); int status = (follow_symlinks ? stat : lstat) (pathstr, &st); free(pathstr); if (status < 0) { uss_error(uss, reply); } else { uss_reply_struct_stat(reply, &st); } } static void uss_fstat(SftpServer *srv, SftpReplyBuilder *reply, ptrlen handle) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); struct stat st; int fd; if ((fd = uss_lookup_fd(uss, reply, handle)) < 0) return; int status = fstat(fd, &st); if (status < 0) { uss_error(uss, reply); } else { uss_reply_struct_stat(reply, &st); } } static off_t uint64_to_off_t(uint64 u) { return ((((off_t)u.hi) << 16) << 16) | (off_t)u.lo; } /* * The guts of setstat and fsetstat, macroised so that they can call * fchown(fd,...) or chown(path,...) depending on parameters. */ #define SETSTAT_GUTS(api_prefix, api_arg, attrs, success) do \ { \ if (attrs.flags & SSH_FILEXFER_ATTR_SIZE) \ if (api_prefix(truncate)( \ api_arg, uint64_to_off_t(attrs.size)) < 0) \ success = FALSE; \ if (attrs.flags & SSH_FILEXFER_ATTR_UIDGID) \ if (api_prefix(chown)(api_arg, attrs.uid, attrs.gid) < 0) \ success = FALSE; \ if (attrs.flags & SSH_FILEXFER_ATTR_PERMISSIONS) \ if (api_prefix(chmod)(api_arg, attrs.permissions) < 0) \ success = FALSE; \ if (attrs.flags & SSH_FILEXFER_ATTR_ACMODTIME) { \ struct timeval tv[2]; \ tv[0].tv_sec = attrs.atime; \ tv[1].tv_sec = attrs.mtime; \ tv[0].tv_usec = tv[1].tv_usec = 0; \ if (api_prefix(utimes)(api_arg, tv) < 0) \ success = FALSE; \ } \ } while (0) #define PATH_PREFIX(func) func #define FD_PREFIX(func) f ## func static void uss_setstat(SftpServer *srv, SftpReplyBuilder *reply, ptrlen path, struct fxp_attrs attrs) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); char *pathstr = mkstr(path); int success = TRUE; SETSTAT_GUTS(PATH_PREFIX, pathstr, attrs, success); free(pathstr); if (!success) { uss_error(uss, reply); } else { fxp_reply_ok(reply); } } static void uss_fsetstat(SftpServer *srv, SftpReplyBuilder *reply, ptrlen handle, struct fxp_attrs attrs) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); int fd; if ((fd = uss_lookup_fd(uss, reply, handle)) < 0) return; int success = TRUE; SETSTAT_GUTS(FD_PREFIX, fd, attrs, success); if (!success) { uss_error(uss, reply); } else { fxp_reply_ok(reply); } } static void uss_read(SftpServer *srv, SftpReplyBuilder *reply, ptrlen handle, uint64 offset, unsigned length) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); int fd; char *buf; if ((fd = uss_lookup_fd(uss, reply, handle)) < 0) return; if ((buf = malloc(length)) == NULL) { /* A rare case in which I bother to check malloc failure, * because in this case we can localise the problem easily by * turning it into a failure response from this one sftp * request */ fxp_reply_error(reply, SSH_FX_FAILURE, "Out of memory for read buffer"); return; } char *p = buf; int status = lseek(fd, uint64_to_off_t(offset), SEEK_SET); if (status >= 0 || errno == ESPIPE) { int seekable = (status >= 0); while (length > 0) { status = read(fd, p, length); if (status <= 0) break; unsigned bytes_read = status; assert(bytes_read <= length); length -= bytes_read; p += bytes_read; if (!seekable) { /* * If the seek failed because the file is fundamentally * not a seekable kind of thing, abandon this loop after * one attempt, i.e. we just read whatever we could get * and we don't mind returning a short buffer. */ } } } if (status < 0) { uss_error(uss, reply); } else if (p == buf) { fxp_reply_error(reply, SSH_FX_EOF, "End of file"); } else { fxp_reply_data(reply, make_ptrlen(buf, p - buf)); } free(buf); } static void uss_write(SftpServer *srv, SftpReplyBuilder *reply, ptrlen handle, uint64 offset, ptrlen data) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); int fd; if ((fd = uss_lookup_fd(uss, reply, handle)) < 0) return; const char *p = data.ptr; unsigned length = data.len; int status = lseek(fd, uint64_to_off_t(offset), SEEK_SET); if (status >= 0 || errno == ESPIPE) { while (length > 0) { status = write(fd, p, length); assert(status != 0); if (status < 0) break; unsigned bytes_written = status; assert(bytes_written <= length); length -= bytes_written; p += bytes_written; } } if (status < 0) { uss_error(uss, reply); } else { fxp_reply_ok(reply); } } static void uss_readdir(SftpServer *srv, SftpReplyBuilder *reply, ptrlen handle, int max_entries, int omit_longname) { UnixSftpServer *uss = container_of(srv, UnixSftpServer, srv); struct dirent *de; struct uss_dirhandle *udh; if ((udh = uss_lookup_dirhandle(uss, reply, handle)) == NULL) return; errno = 0; de = readdir(udh->dp); if (!de) { if (errno == 0) { fxp_reply_error(reply, SSH_FX_EOF, "End of directory"); } else { uss_error(uss, reply); } } else { ptrlen longname = PTRLEN_LITERAL(""); char *longnamebuf = NULL; struct fxp_attrs attrs = no_attrs; #if defined HAVE_FSTATAT && defined HAVE_DIRFD struct stat st; if (!fstatat(dirfd(udh->dp), de->d_name, &st, AT_SYMLINK_NOFOLLOW)) { char perms[11], sizebuf[32], *uidbuf = NULL, *gidbuf = NULL; struct passwd *pwd; struct group *grp; const char *user, *group; struct tm tm; attrs = uss_translate_struct_stat(&st); if (!omit_longname) { strcpy(perms, "----------"); switch (st.st_mode & S_IFMT) { case S_IFBLK: perms[0] = 'b'; break; case S_IFCHR: perms[0] = 'c'; break; case S_IFDIR: perms[0] = 'd'; break; case S_IFIFO: perms[0] = 'p'; break; case S_IFLNK: perms[0] = 'l'; break; case S_IFSOCK: perms[0] = 's'; break; } if (st.st_mode & S_IRUSR) perms[1] = 'r'; if (st.st_mode & S_IWUSR) perms[2] = 'w'; if (st.st_mode & S_IXUSR) perms[3] = (st.st_mode & S_ISUID ? 's' : 'x'); else perms[3] = (st.st_mode & S_ISUID ? 'S' : '-'); if (st.st_mode & S_IRGRP) perms[4] = 'r'; if (st.st_mode & S_IWGRP) perms[5] = 'w'; if (st.st_mode & S_IXGRP) perms[6] = (st.st_mode & S_ISGID ? 's' : 'x'); else perms[6] = (st.st_mode & S_ISGID ? 'S' : '-'); if (st.st_mode & S_IROTH) perms[7] = 'r'; if (st.st_mode & S_IWOTH) perms[8] = 'w'; if (st.st_mode & S_IXOTH) perms[9] = 'x'; if ((pwd = getpwuid(st.st_uid)) != NULL) user = pwd->pw_name; else user = uidbuf = dupprintf("%u", (unsigned)st.st_uid); if ((grp = getgrgid(st.st_gid)) != NULL) group = grp->gr_name; else group = gidbuf = dupprintf("%u", (unsigned)st.st_gid); uint64_decimal(uint64_from_off_t(st.st_size), sizebuf); tm = *localtime(&st.st_mtime); longnamebuf = dupprintf( "%s %3u %-8s %-8s %8s %.3s %2d %02d:%02d %s", perms, (unsigned)st.st_nlink, user, group, sizebuf, ("JanFebMarAprMayJunJulAugSepOctNovDec" + 3*tm.tm_mon), tm.tm_mday, tm.tm_hour, tm.tm_min, de->d_name); longname = ptrlen_from_asciz(longnamebuf); sfree(uidbuf); sfree(gidbuf); } } #endif /* FIXME: be able to return more than one, in which case we * must also check max_entries */ fxp_reply_name_count(reply, 1); fxp_reply_full_name(reply, ptrlen_from_asciz(de->d_name), longname, attrs); sfree(longnamebuf); } } const struct SftpServerVtable unix_live_sftpserver_vt = { uss_new, uss_free, uss_realpath, uss_open, uss_opendir, uss_close, uss_mkdir, uss_rmdir, uss_remove, uss_rename, uss_stat, uss_fstat, uss_setstat, uss_fsetstat, uss_read, uss_write, uss_readdir, };