1 /* $OpenBSD: sftp-client.c,v 1.174 2023/09/08 06:10:02 djm Exp $ */
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 /* XXX: signed vs unsigned */
20 /* XXX: remove all logging, only return status codes */
21 /* XXX: copy between two remote sites */
25 #include <sys/types.h>
26 #ifdef HAVE_SYS_STATVFS_H
27 #include <sys/statvfs.h>
29 #include "openbsd-compat/sys-queue.h"
30 #ifdef HAVE_SYS_STAT_H
31 # include <sys/stat.h>
33 #ifdef HAVE_SYS_TIME_H
34 # include <sys/time.h>
43 # ifdef HAVE_SYS_POLL_H
44 # include <sys/poll.h>
60 #include "progressmeter.h"
65 #include "sftp-common.h"
66 #include "sftp-client.h"
68 extern volatile sig_atomic_t interrupted;
69 extern int showprogress;
71 /* Default size of buffer for up/download (fix sftp.1 scp.1 if changed) */
72 #define DEFAULT_COPY_BUFLEN 32768
74 /* Default number of concurrent xfer requests (fix sftp.1 scp.1 if changed) */
75 #define DEFAULT_NUM_REQUESTS 64
77 /* Minimum amount of data to read at a time */
78 #define MIN_READ_SIZE 512
80 /* Maximum depth to descend in directory trees */
81 #define MAX_DIR_DEPTH 64
83 /* Directory separator characters */
85 # define SFTP_DIRECTORY_CHARS "/\\"
86 #else /* HAVE_CYGWIN */
87 # define SFTP_DIRECTORY_CHARS "/"
88 #endif /* HAVE_CYGWIN */
93 u_int download_buflen;
98 #define SFTP_EXT_POSIX_RENAME 0x00000001
99 #define SFTP_EXT_STATVFS 0x00000002
100 #define SFTP_EXT_FSTATVFS 0x00000004
101 #define SFTP_EXT_HARDLINK 0x00000008
102 #define SFTP_EXT_FSYNC 0x00000010
103 #define SFTP_EXT_LSETSTAT 0x00000020
104 #define SFTP_EXT_LIMITS 0x00000040
105 #define SFTP_EXT_PATH_EXPAND 0x00000080
106 #define SFTP_EXT_COPY_DATA 0x00000100
107 #define SFTP_EXT_GETUSERSGROUPS_BY_ID 0x00000200
109 u_int64_t limit_kbps;
110 struct bwlimit bwlimit_in, bwlimit_out;
113 /* Tracks in-progress requests during file transfers */
118 TAILQ_ENTRY(request) tq;
120 TAILQ_HEAD(requests, request);
123 get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
124 const char *errfmt, ...) __attribute__((format(printf, 4, 5)));
126 static struct request *
127 request_enqueue(struct requests *requests, u_int id, size_t len,
132 req = xcalloc(1, sizeof(*req));
135 req->offset = offset;
136 TAILQ_INSERT_TAIL(requests, req, tq);
140 static struct request *
141 request_find(struct requests *requests, u_int id)
145 for (req = TAILQ_FIRST(requests);
146 req != NULL && req->id != id;
147 req = TAILQ_NEXT(req, tq))
153 sftpio(void *_bwlimit, size_t amount)
155 struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
157 refresh_progress_meter(0);
159 bandwidth_limit(bwlimit, amount);
164 send_msg(struct sftp_conn *conn, struct sshbuf *m)
169 if (sshbuf_len(m) > SFTP_MAX_MSG_LENGTH)
170 fatal("Outbound message too long %zu", sshbuf_len(m));
172 /* Send length first */
173 put_u32(mlen, sshbuf_len(m));
174 iov[0].iov_base = mlen;
175 iov[0].iov_len = sizeof(mlen);
176 iov[1].iov_base = (u_char *)sshbuf_ptr(m);
177 iov[1].iov_len = sshbuf_len(m);
179 if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio,
180 conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) !=
181 sshbuf_len(m) + sizeof(mlen))
182 fatal("Couldn't send packet: %s", strerror(errno));
188 get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
195 if ((r = sshbuf_reserve(m, 4, &p)) != 0)
196 fatal_fr(r, "reserve");
197 if (atomicio6(read, conn->fd_in, p, 4, sftpio,
198 conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
199 if (errno == EPIPE || errno == ECONNRESET)
200 fatal("Connection closed");
202 fatal("Couldn't read packet: %s", strerror(errno));
205 if ((r = sshbuf_get_u32(m, &msg_len)) != 0)
206 fatal_fr(r, "sshbuf_get_u32");
207 if (msg_len > SFTP_MAX_MSG_LENGTH) {
208 do_log2(initial ? SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_FATAL,
209 "Received message too long %u", msg_len);
210 fatal("Ensure the remote shell produces no output "
211 "for non-interactive sessions.");
214 if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
215 fatal_fr(r, "reserve");
216 if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
217 conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
220 fatal("Connection closed");
222 fatal("Read packet: %s", strerror(errno));
227 get_msg(struct sftp_conn *conn, struct sshbuf *m)
229 get_msg_extended(conn, m, 0);
233 send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s,
239 if ((msg = sshbuf_new()) == NULL)
240 fatal_f("sshbuf_new failed");
241 if ((r = sshbuf_put_u8(msg, code)) != 0 ||
242 (r = sshbuf_put_u32(msg, id)) != 0 ||
243 (r = sshbuf_put_string(msg, s, len)) != 0)
244 fatal_fr(r, "compose");
246 debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
251 send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code,
252 const void *s, u_int len, Attrib *a)
257 if ((msg = sshbuf_new()) == NULL)
258 fatal_f("sshbuf_new failed");
259 if ((r = sshbuf_put_u8(msg, code)) != 0 ||
260 (r = sshbuf_put_u32(msg, id)) != 0 ||
261 (r = sshbuf_put_string(msg, s, len)) != 0 ||
262 (r = encode_attrib(msg, a)) != 0)
263 fatal_fr(r, "compose");
265 debug3("Sent message fd %d T:%u I:%u F:0x%04x M:%05o",
266 conn->fd_out, code, id, a->flags, a->perm);
271 get_status(struct sftp_conn *conn, u_int expected_id)
278 if ((msg = sshbuf_new()) == NULL)
279 fatal_f("sshbuf_new failed");
281 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
282 (r = sshbuf_get_u32(msg, &id)) != 0)
283 fatal_fr(r, "compose");
285 if (id != expected_id)
286 fatal("ID mismatch (%u != %u)", id, expected_id);
287 if (type != SSH2_FXP_STATUS)
288 fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
289 SSH2_FXP_STATUS, type);
291 if ((r = sshbuf_get_u32(msg, &status)) != 0)
292 fatal_fr(r, "parse");
295 debug3("SSH2_FXP_STATUS %u", status);
301 get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
302 const char *errfmt, ...)
312 va_start(args, errfmt);
314 vsnprintf(errmsg, sizeof(errmsg), errfmt, args);
317 if ((msg = sshbuf_new()) == NULL)
318 fatal_f("sshbuf_new failed");
320 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
321 (r = sshbuf_get_u32(msg, &id)) != 0)
322 fatal_fr(r, "parse");
324 if (id != expected_id)
325 fatal("%s: ID mismatch (%u != %u)",
326 errfmt == NULL ? __func__ : errmsg, id, expected_id);
327 if (type == SSH2_FXP_STATUS) {
328 if ((r = sshbuf_get_u32(msg, &status)) != 0)
329 fatal_fr(r, "parse status");
331 error("%s: %s", errmsg, fx2txt(status));
334 } else if (type != SSH2_FXP_HANDLE)
335 fatal("%s: Expected SSH2_FXP_HANDLE(%u) packet, got %u",
336 errfmt == NULL ? __func__ : errmsg, SSH2_FXP_HANDLE, type);
338 if ((r = sshbuf_get_string(msg, &handle, len)) != 0)
339 fatal_fr(r, "parse handle");
346 get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet, Attrib *a)
355 memset(a, '\0', sizeof(*a));
356 if ((msg = sshbuf_new()) == NULL)
357 fatal_f("sshbuf_new failed");
360 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
361 (r = sshbuf_get_u32(msg, &id)) != 0)
362 fatal_fr(r, "parse");
364 if (id != expected_id)
365 fatal("ID mismatch (%u != %u)", id, expected_id);
366 if (type == SSH2_FXP_STATUS) {
369 if ((r = sshbuf_get_u32(msg, &status)) != 0)
370 fatal_fr(r, "parse status");
372 debug("stat remote: %s", fx2txt(status));
374 error("stat remote: %s", fx2txt(status));
377 } else if (type != SSH2_FXP_ATTRS) {
378 fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
379 SSH2_FXP_ATTRS, type);
381 if ((r = decode_attrib(msg, &attr)) != 0) {
382 error_fr(r, "decode_attrib");
389 debug3("Received stat reply T:%u I:%u F:0x%04x M:%05o",
390 type, id, attr.flags, attr.perm);
397 get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st,
398 u_int expected_id, int quiet)
406 if ((msg = sshbuf_new()) == NULL)
407 fatal_f("sshbuf_new failed");
410 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
411 (r = sshbuf_get_u32(msg, &id)) != 0)
412 fatal_fr(r, "parse");
414 debug3("Received statvfs reply T:%u I:%u", type, id);
415 if (id != expected_id)
416 fatal("ID mismatch (%u != %u)", id, expected_id);
417 if (type == SSH2_FXP_STATUS) {
420 if ((r = sshbuf_get_u32(msg, &status)) != 0)
421 fatal_fr(r, "parse status");
423 debug("remote statvfs: %s", fx2txt(status));
425 error("remote statvfs: %s", fx2txt(status));
428 } else if (type != SSH2_FXP_EXTENDED_REPLY) {
429 fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
430 SSH2_FXP_EXTENDED_REPLY, type);
433 memset(st, 0, sizeof(*st));
434 if ((r = sshbuf_get_u64(msg, &st->f_bsize)) != 0 ||
435 (r = sshbuf_get_u64(msg, &st->f_frsize)) != 0 ||
436 (r = sshbuf_get_u64(msg, &st->f_blocks)) != 0 ||
437 (r = sshbuf_get_u64(msg, &st->f_bfree)) != 0 ||
438 (r = sshbuf_get_u64(msg, &st->f_bavail)) != 0 ||
439 (r = sshbuf_get_u64(msg, &st->f_files)) != 0 ||
440 (r = sshbuf_get_u64(msg, &st->f_ffree)) != 0 ||
441 (r = sshbuf_get_u64(msg, &st->f_favail)) != 0 ||
442 (r = sshbuf_get_u64(msg, &st->f_fsid)) != 0 ||
443 (r = sshbuf_get_u64(msg, &flag)) != 0 ||
444 (r = sshbuf_get_u64(msg, &st->f_namemax)) != 0)
445 fatal_fr(r, "parse statvfs");
447 st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
448 st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
456 sftp_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
457 u_int64_t limit_kbps)
461 struct sftp_conn *ret;
464 ret = xcalloc(1, sizeof(*ret));
467 ret->fd_out = fd_out;
468 ret->download_buflen = ret->upload_buflen =
469 transfer_buflen ? transfer_buflen : DEFAULT_COPY_BUFLEN;
471 num_requests ? num_requests : DEFAULT_NUM_REQUESTS;
475 if ((msg = sshbuf_new()) == NULL)
476 fatal_f("sshbuf_new failed");
477 if ((r = sshbuf_put_u8(msg, SSH2_FXP_INIT)) != 0 ||
478 (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
479 fatal_fr(r, "parse");
483 get_msg_extended(ret, msg, 1);
485 /* Expecting a VERSION reply */
486 if ((r = sshbuf_get_u8(msg, &type)) != 0)
487 fatal_fr(r, "parse type");
488 if (type != SSH2_FXP_VERSION) {
489 error("Invalid packet back from SSH2_FXP_INIT (type %u)",
495 if ((r = sshbuf_get_u32(msg, &ret->version)) != 0)
496 fatal_fr(r, "parse version");
498 debug2("Remote version: %u", ret->version);
500 /* Check for extensions */
501 while (sshbuf_len(msg) > 0) {
507 if ((r = sshbuf_get_cstring(msg, &name, NULL)) != 0 ||
508 (r = sshbuf_get_string(msg, &value, &vlen)) != 0)
509 fatal_fr(r, "parse extension");
510 if (strcmp(name, "posix-rename@openssh.com") == 0 &&
511 strcmp((char *)value, "1") == 0) {
512 ret->exts |= SFTP_EXT_POSIX_RENAME;
514 } else if (strcmp(name, "statvfs@openssh.com") == 0 &&
515 strcmp((char *)value, "2") == 0) {
516 ret->exts |= SFTP_EXT_STATVFS;
518 } else if (strcmp(name, "fstatvfs@openssh.com") == 0 &&
519 strcmp((char *)value, "2") == 0) {
520 ret->exts |= SFTP_EXT_FSTATVFS;
522 } else if (strcmp(name, "hardlink@openssh.com") == 0 &&
523 strcmp((char *)value, "1") == 0) {
524 ret->exts |= SFTP_EXT_HARDLINK;
526 } else if (strcmp(name, "fsync@openssh.com") == 0 &&
527 strcmp((char *)value, "1") == 0) {
528 ret->exts |= SFTP_EXT_FSYNC;
530 } else if (strcmp(name, "lsetstat@openssh.com") == 0 &&
531 strcmp((char *)value, "1") == 0) {
532 ret->exts |= SFTP_EXT_LSETSTAT;
534 } else if (strcmp(name, "limits@openssh.com") == 0 &&
535 strcmp((char *)value, "1") == 0) {
536 ret->exts |= SFTP_EXT_LIMITS;
538 } else if (strcmp(name, "expand-path@openssh.com") == 0 &&
539 strcmp((char *)value, "1") == 0) {
540 ret->exts |= SFTP_EXT_PATH_EXPAND;
542 } else if (strcmp(name, "copy-data") == 0 &&
543 strcmp((char *)value, "1") == 0) {
544 ret->exts |= SFTP_EXT_COPY_DATA;
546 } else if (strcmp(name,
547 "users-groups-by-id@openssh.com") == 0 &&
548 strcmp((char *)value, "1") == 0) {
549 ret->exts |= SFTP_EXT_GETUSERSGROUPS_BY_ID;
553 debug2("Server supports extension \"%s\" revision %s",
556 debug2("Unrecognised server extension \"%s\"", name);
564 /* Query the server for its limits */
565 if (ret->exts & SFTP_EXT_LIMITS) {
566 struct sftp_limits limits;
567 if (sftp_get_limits(ret, &limits) != 0)
568 fatal_f("limits failed");
570 /* If the caller did not specify, find a good value */
571 if (transfer_buflen == 0) {
572 ret->download_buflen = MINIMUM(limits.read_length,
573 SFTP_MAX_MSG_LENGTH - 1024);
574 ret->upload_buflen = MINIMUM(limits.write_length,
575 SFTP_MAX_MSG_LENGTH - 1024);
576 ret->download_buflen = MAXIMUM(ret->download_buflen, 64);
577 ret->upload_buflen = MAXIMUM(ret->upload_buflen, 64);
578 debug3("server upload/download buffer sizes "
579 "%llu / %llu; using %u / %u",
580 (unsigned long long)limits.write_length,
581 (unsigned long long)limits.read_length,
582 ret->upload_buflen, ret->download_buflen);
585 /* Use the server limit to scale down our value only */
586 if (num_requests == 0 && limits.open_handles) {
588 MINIMUM(DEFAULT_NUM_REQUESTS, limits.open_handles);
589 if (ret->num_requests == 0)
590 ret->num_requests = 1;
591 debug3("server handle limit %llu; using %u",
592 (unsigned long long)limits.open_handles,
597 /* Some filexfer v.0 servers don't support large packets */
598 if (ret->version == 0) {
599 ret->download_buflen = MINIMUM(ret->download_buflen, 20480);
600 ret->upload_buflen = MINIMUM(ret->upload_buflen, 20480);
603 ret->limit_kbps = limit_kbps;
604 if (ret->limit_kbps > 0) {
605 bandwidth_limit_init(&ret->bwlimit_in, ret->limit_kbps,
606 ret->download_buflen);
607 bandwidth_limit_init(&ret->bwlimit_out, ret->limit_kbps,
615 sftp_proto_version(struct sftp_conn *conn)
617 return conn->version;
621 sftp_get_limits(struct sftp_conn *conn, struct sftp_limits *limits)
628 if ((conn->exts & SFTP_EXT_LIMITS) == 0) {
629 error("Server does not support limits@openssh.com extension");
633 if ((msg = sshbuf_new()) == NULL)
634 fatal_f("sshbuf_new failed");
637 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
638 (r = sshbuf_put_u32(msg, id)) != 0 ||
639 (r = sshbuf_put_cstring(msg, "limits@openssh.com")) != 0)
640 fatal_fr(r, "compose");
642 debug3("Sent message limits@openssh.com I:%u", id);
646 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
647 (r = sshbuf_get_u32(msg, &msg_id)) != 0)
648 fatal_fr(r, "parse");
650 debug3("Received limits reply T:%u I:%u", type, msg_id);
652 fatal("ID mismatch (%u != %u)", msg_id, id);
653 if (type != SSH2_FXP_EXTENDED_REPLY) {
654 debug_f("expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
655 SSH2_FXP_EXTENDED_REPLY, type);
656 /* Disable the limits extension */
657 conn->exts &= ~SFTP_EXT_LIMITS;
662 memset(limits, 0, sizeof(*limits));
663 if ((r = sshbuf_get_u64(msg, &limits->packet_length)) != 0 ||
664 (r = sshbuf_get_u64(msg, &limits->read_length)) != 0 ||
665 (r = sshbuf_get_u64(msg, &limits->write_length)) != 0 ||
666 (r = sshbuf_get_u64(msg, &limits->open_handles)) != 0)
667 fatal_fr(r, "parse limits");
675 sftp_close(struct sftp_conn *conn, const u_char *handle, u_int handle_len)
681 if ((msg = sshbuf_new()) == NULL)
682 fatal_f("sshbuf_new failed");
685 if ((r = sshbuf_put_u8(msg, SSH2_FXP_CLOSE)) != 0 ||
686 (r = sshbuf_put_u32(msg, id)) != 0 ||
687 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
688 fatal_fr(r, "parse");
690 debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
692 status = get_status(conn, id);
693 if (status != SSH2_FX_OK)
694 error("close remote: %s", fx2txt(status));
698 return status == SSH2_FX_OK ? 0 : -1;
703 sftp_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
707 u_int count, id, i, expected_id, ents = 0;
709 u_char type, *handle;
710 int status = SSH2_FX_FAILURE;
718 if ((msg = sshbuf_new()) == NULL)
719 fatal_f("sshbuf_new failed");
720 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPENDIR)) != 0 ||
721 (r = sshbuf_put_u32(msg, id)) != 0 ||
722 (r = sshbuf_put_cstring(msg, path)) != 0)
723 fatal_fr(r, "compose OPENDIR");
726 handle = get_handle(conn, id, &handle_len,
727 "remote readdir(\"%s\")", path);
728 if (handle == NULL) {
735 *dir = xcalloc(1, sizeof(**dir));
739 for (; !interrupted;) {
740 id = expected_id = conn->msg_id++;
742 debug3("Sending SSH2_FXP_READDIR I:%u", id);
745 if ((r = sshbuf_put_u8(msg, SSH2_FXP_READDIR)) != 0 ||
746 (r = sshbuf_put_u32(msg, id)) != 0 ||
747 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
748 fatal_fr(r, "compose READDIR");
755 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
756 (r = sshbuf_get_u32(msg, &id)) != 0)
757 fatal_fr(r, "parse");
759 debug3("Received reply T:%u I:%u", type, id);
761 if (id != expected_id)
762 fatal("ID mismatch (%u != %u)", id, expected_id);
764 if (type == SSH2_FXP_STATUS) {
767 if ((r = sshbuf_get_u32(msg, &rstatus)) != 0)
768 fatal_fr(r, "parse status");
769 debug3("Received SSH2_FXP_STATUS %d", rstatus);
770 if (rstatus == SSH2_FX_EOF)
772 error("Couldn't read directory: %s", fx2txt(rstatus));
774 } else if (type != SSH2_FXP_NAME)
775 fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
776 SSH2_FXP_NAME, type);
778 if ((r = sshbuf_get_u32(msg, &count)) != 0)
779 fatal_fr(r, "parse count");
780 if (count > SSHBUF_SIZE_MAX)
781 fatal_f("nonsensical number of entries");
784 debug3("Received %d SSH2_FXP_NAME responses", count);
785 for (i = 0; i < count; i++) {
786 char *filename, *longname;
789 if ((r = sshbuf_get_cstring(msg, &filename,
791 (r = sshbuf_get_cstring(msg, &longname,
793 fatal_fr(r, "parse filenames");
794 if ((r = decode_attrib(msg, &a)) != 0) {
795 error_fr(r, "couldn't decode attrib");
802 mprintf("%s\n", longname);
805 * Directory entries should never contain '/'
806 * These can be used to attack recursive ops
807 * (e.g. send '../../../../etc/passwd')
809 if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) {
810 error("Server sent suspect path \"%s\" "
811 "during readdir of \"%s\"", filename, path);
813 *dir = xreallocarray(*dir, ents + 2, sizeof(**dir));
814 (*dir)[ents] = xcalloc(1, sizeof(***dir));
815 (*dir)[ents]->filename = xstrdup(filename);
816 (*dir)[ents]->longname = xstrdup(longname);
817 memcpy(&(*dir)[ents]->a, &a, sizeof(a));
818 (*dir)[++ents] = NULL;
828 sftp_close(conn, handle, handle_len);
831 if (status != 0 && dir != NULL) {
832 /* Don't return results on error */
833 sftp_free_dirents(*dir);
835 } else if (interrupted && dir != NULL && *dir != NULL) {
836 /* Don't return partial matches on interrupt */
837 sftp_free_dirents(*dir);
838 *dir = xcalloc(1, sizeof(**dir));
842 return status == SSH2_FX_OK ? 0 : -1;
846 sftp_readdir(struct sftp_conn *conn, const char *path, SFTP_DIRENT ***dir)
848 return sftp_lsreaddir(conn, path, 0, dir);
851 void sftp_free_dirents(SFTP_DIRENT **s)
857 for (i = 0; s[i]; i++) {
858 free(s[i]->filename);
859 free(s[i]->longname);
866 sftp_rm(struct sftp_conn *conn, const char *path)
870 debug2("Sending SSH2_FXP_REMOVE \"%s\"", path);
873 send_string_request(conn, id, SSH2_FXP_REMOVE, path, strlen(path));
874 status = get_status(conn, id);
875 if (status != SSH2_FX_OK)
876 error("remote delete %s: %s", path, fx2txt(status));
877 return status == SSH2_FX_OK ? 0 : -1;
881 sftp_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int print_flag)
885 debug2("Sending SSH2_FXP_MKDIR \"%s\"", path);
888 send_string_attrs_request(conn, id, SSH2_FXP_MKDIR, path,
891 status = get_status(conn, id);
892 if (status != SSH2_FX_OK && print_flag)
893 error("remote mkdir \"%s\": %s", path, fx2txt(status));
895 return status == SSH2_FX_OK ? 0 : -1;
899 sftp_rmdir(struct sftp_conn *conn, const char *path)
903 debug2("Sending SSH2_FXP_RMDIR \"%s\"", path);
906 send_string_request(conn, id, SSH2_FXP_RMDIR, path,
909 status = get_status(conn, id);
910 if (status != SSH2_FX_OK)
911 error("remote rmdir \"%s\": %s", path, fx2txt(status));
913 return status == SSH2_FX_OK ? 0 : -1;
917 sftp_stat(struct sftp_conn *conn, const char *path, int quiet, Attrib *a)
921 debug2("Sending SSH2_FXP_STAT \"%s\"", path);
925 send_string_request(conn, id,
926 conn->version == 0 ? SSH2_FXP_STAT_VERSION_0 : SSH2_FXP_STAT,
929 return get_decode_stat(conn, id, quiet, a);
933 sftp_lstat(struct sftp_conn *conn, const char *path, int quiet, Attrib *a)
937 if (conn->version == 0) {
938 do_log2(quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_INFO,
939 "Server version does not support lstat operation");
940 return sftp_stat(conn, path, quiet, a);
944 send_string_request(conn, id, SSH2_FXP_LSTAT, path,
947 return get_decode_stat(conn, id, quiet, a);
952 sftp_fstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
953 int quiet, Attrib *a)
957 debug2("Sending SSH2_FXP_FSTAT \"%s\"");
960 send_string_request(conn, id, SSH2_FXP_FSTAT, handle,
963 return get_decode_stat(conn, id, quiet, a);
968 sftp_setstat(struct sftp_conn *conn, const char *path, Attrib *a)
972 debug2("Sending SSH2_FXP_SETSTAT \"%s\"", path);
975 send_string_attrs_request(conn, id, SSH2_FXP_SETSTAT, path,
978 status = get_status(conn, id);
979 if (status != SSH2_FX_OK)
980 error("remote setstat \"%s\": %s", path, fx2txt(status));
982 return status == SSH2_FX_OK ? 0 : -1;
986 sftp_fsetstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
991 debug2("Sending SSH2_FXP_FSETSTAT");
994 send_string_attrs_request(conn, id, SSH2_FXP_FSETSTAT, handle,
997 status = get_status(conn, id);
998 if (status != SSH2_FX_OK)
999 error("remote fsetstat: %s", fx2txt(status));
1001 return status == SSH2_FX_OK ? 0 : -1;
1004 /* Implements both the realpath and expand-path operations */
1006 sftp_realpath_expand(struct sftp_conn *conn, const char *path, int expand)
1009 u_int expected_id, count, id;
1010 char *filename, *longname;
1014 const char *what = "SSH2_FXP_REALPATH";
1017 what = "expand-path@openssh.com";
1018 if ((msg = sshbuf_new()) == NULL)
1019 fatal_f("sshbuf_new failed");
1021 expected_id = id = conn->msg_id++;
1023 debug2("Sending SSH2_FXP_EXTENDED(expand-path@openssh.com) "
1025 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1026 (r = sshbuf_put_u32(msg, id)) != 0 ||
1027 (r = sshbuf_put_cstring(msg,
1028 "expand-path@openssh.com")) != 0 ||
1029 (r = sshbuf_put_cstring(msg, path)) != 0)
1030 fatal_fr(r, "compose %s", what);
1031 send_msg(conn, msg);
1033 debug2("Sending SSH2_FXP_REALPATH \"%s\"", path);
1034 send_string_request(conn, id, SSH2_FXP_REALPATH,
1035 path, strlen(path));
1038 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
1039 (r = sshbuf_get_u32(msg, &id)) != 0)
1040 fatal_fr(r, "parse");
1042 if (id != expected_id)
1043 fatal("ID mismatch (%u != %u)", id, expected_id);
1045 if (type == SSH2_FXP_STATUS) {
1049 if ((r = sshbuf_get_u32(msg, &status)) != 0 ||
1050 (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0)
1051 fatal_fr(r, "parse status");
1052 error("%s %s: %s", expand ? "expand" : "realpath",
1053 path, *errmsg == '\0' ? fx2txt(status) : errmsg);
1057 } else if (type != SSH2_FXP_NAME)
1058 fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
1059 SSH2_FXP_NAME, type);
1061 if ((r = sshbuf_get_u32(msg, &count)) != 0)
1062 fatal_fr(r, "parse count");
1064 fatal("Got multiple names (%d) from %s", count, what);
1066 if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
1067 (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
1068 (r = decode_attrib(msg, &a)) != 0)
1069 fatal_fr(r, "parse filename/attrib");
1071 debug3("%s %s -> %s", what, path, filename);
1081 sftp_realpath(struct sftp_conn *conn, const char *path)
1083 return sftp_realpath_expand(conn, path, 0);
1087 sftp_can_expand_path(struct sftp_conn *conn)
1089 return (conn->exts & SFTP_EXT_PATH_EXPAND) != 0;
1093 sftp_expand_path(struct sftp_conn *conn, const char *path)
1095 if (!sftp_can_expand_path(conn)) {
1096 debug3_f("no server support, fallback to realpath");
1097 return sftp_realpath_expand(conn, path, 0);
1099 return sftp_realpath_expand(conn, path, 1);
1103 sftp_copy(struct sftp_conn *conn, const char *oldpath, const char *newpath)
1107 u_char *old_handle, *new_handle;
1108 u_int mode, status, id;
1109 size_t old_handle_len, new_handle_len;
1112 /* Return if the extension is not supported */
1113 if ((conn->exts & SFTP_EXT_COPY_DATA) == 0) {
1114 error("Server does not support copy-data extension");
1118 /* Make sure the file exists, and we can copy its perms */
1119 if (sftp_stat(conn, oldpath, 0, &attr) != 0)
1122 /* Do not preserve set[ug]id here, as we do not preserve ownership */
1123 if (attr.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
1124 mode = attr.perm & 0777;
1126 if (!S_ISREG(attr.perm)) {
1127 error("Cannot copy non-regular file: %s", oldpath);
1131 /* NB: The user's umask will apply to this */
1135 /* Set up the new perms for the new file */
1136 attrib_clear(&attr);
1138 attr.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
1140 if ((msg = sshbuf_new()) == NULL)
1141 fatal("%s: sshbuf_new failed", __func__);
1143 attrib_clear(&junk); /* Send empty attributes */
1145 /* Open the old file for reading */
1146 id = conn->msg_id++;
1147 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
1148 (r = sshbuf_put_u32(msg, id)) != 0 ||
1149 (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1150 (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 ||
1151 (r = encode_attrib(msg, &junk)) != 0)
1152 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1153 send_msg(conn, msg);
1154 debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, oldpath);
1158 old_handle = get_handle(conn, id, &old_handle_len,
1159 "remote open(\"%s\")", oldpath);
1160 if (old_handle == NULL) {
1165 /* Open the new file for writing */
1166 id = conn->msg_id++;
1167 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
1168 (r = sshbuf_put_u32(msg, id)) != 0 ||
1169 (r = sshbuf_put_cstring(msg, newpath)) != 0 ||
1170 (r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|
1171 SSH2_FXF_TRUNC)) != 0 ||
1172 (r = encode_attrib(msg, &attr)) != 0)
1173 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1174 send_msg(conn, msg);
1175 debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, newpath);
1179 new_handle = get_handle(conn, id, &new_handle_len,
1180 "remote open(\"%s\")", newpath);
1181 if (new_handle == NULL) {
1187 /* Copy the file data */
1188 id = conn->msg_id++;
1189 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1190 (r = sshbuf_put_u32(msg, id)) != 0 ||
1191 (r = sshbuf_put_cstring(msg, "copy-data")) != 0 ||
1192 (r = sshbuf_put_string(msg, old_handle, old_handle_len)) != 0 ||
1193 (r = sshbuf_put_u64(msg, 0)) != 0 ||
1194 (r = sshbuf_put_u64(msg, 0)) != 0 ||
1195 (r = sshbuf_put_string(msg, new_handle, new_handle_len)) != 0 ||
1196 (r = sshbuf_put_u64(msg, 0)) != 0)
1197 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1198 send_msg(conn, msg);
1199 debug3("Sent message copy-data \"%s\" 0 0 -> \"%s\" 0",
1202 status = get_status(conn, id);
1203 if (status != SSH2_FX_OK)
1204 error("Couldn't copy file \"%s\" to \"%s\": %s", oldpath,
1205 newpath, fx2txt(status));
1207 /* Clean up everything */
1209 sftp_close(conn, old_handle, old_handle_len);
1210 sftp_close(conn, new_handle, new_handle_len);
1214 return status == SSH2_FX_OK ? 0 : -1;
1218 sftp_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath,
1223 int r, use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy;
1225 if ((msg = sshbuf_new()) == NULL)
1226 fatal_f("sshbuf_new failed");
1228 /* Send rename request */
1229 id = conn->msg_id++;
1231 debug2("Sending SSH2_FXP_EXTENDED(posix-rename@openssh.com) "
1232 "\"%s\" to \"%s\"", oldpath, newpath);
1233 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1234 (r = sshbuf_put_u32(msg, id)) != 0 ||
1235 (r = sshbuf_put_cstring(msg,
1236 "posix-rename@openssh.com")) != 0)
1237 fatal_fr(r, "compose posix-rename");
1239 debug2("Sending SSH2_FXP_RENAME \"%s\" to \"%s\"",
1241 if ((r = sshbuf_put_u8(msg, SSH2_FXP_RENAME)) != 0 ||
1242 (r = sshbuf_put_u32(msg, id)) != 0)
1243 fatal_fr(r, "compose rename");
1245 if ((r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1246 (r = sshbuf_put_cstring(msg, newpath)) != 0)
1247 fatal_fr(r, "compose paths");
1248 send_msg(conn, msg);
1249 debug3("Sent message %s \"%s\" -> \"%s\"",
1250 use_ext ? "posix-rename@openssh.com" :
1251 "SSH2_FXP_RENAME", oldpath, newpath);
1254 status = get_status(conn, id);
1255 if (status != SSH2_FX_OK)
1256 error("remote rename \"%s\" to \"%s\": %s", oldpath,
1257 newpath, fx2txt(status));
1259 return status == SSH2_FX_OK ? 0 : -1;
1263 sftp_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
1269 if ((conn->exts & SFTP_EXT_HARDLINK) == 0) {
1270 error("Server does not support hardlink@openssh.com extension");
1273 debug2("Sending SSH2_FXP_EXTENDED(hardlink@openssh.com) "
1274 "\"%s\" to \"%s\"", oldpath, newpath);
1276 if ((msg = sshbuf_new()) == NULL)
1277 fatal_f("sshbuf_new failed");
1279 /* Send link request */
1280 id = conn->msg_id++;
1281 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1282 (r = sshbuf_put_u32(msg, id)) != 0 ||
1283 (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 ||
1284 (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1285 (r = sshbuf_put_cstring(msg, newpath)) != 0)
1286 fatal_fr(r, "compose");
1287 send_msg(conn, msg);
1288 debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"",
1292 status = get_status(conn, id);
1293 if (status != SSH2_FX_OK)
1294 error("remote link \"%s\" to \"%s\": %s", oldpath,
1295 newpath, fx2txt(status));
1297 return status == SSH2_FX_OK ? 0 : -1;
1301 sftp_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
1307 if (conn->version < 3) {
1308 error("This server does not support the symlink operation");
1309 return(SSH2_FX_OP_UNSUPPORTED);
1311 debug2("Sending SSH2_FXP_SYMLINK \"%s\" to \"%s\"", oldpath, newpath);
1313 if ((msg = sshbuf_new()) == NULL)
1314 fatal_f("sshbuf_new failed");
1316 /* Send symlink request */
1317 id = conn->msg_id++;
1318 if ((r = sshbuf_put_u8(msg, SSH2_FXP_SYMLINK)) != 0 ||
1319 (r = sshbuf_put_u32(msg, id)) != 0 ||
1320 (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
1321 (r = sshbuf_put_cstring(msg, newpath)) != 0)
1322 fatal_fr(r, "compose");
1323 send_msg(conn, msg);
1324 debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath,
1328 status = get_status(conn, id);
1329 if (status != SSH2_FX_OK)
1330 error("remote symlink file \"%s\" to \"%s\": %s", oldpath,
1331 newpath, fx2txt(status));
1333 return status == SSH2_FX_OK ? 0 : -1;
1337 sftp_fsync(struct sftp_conn *conn, u_char *handle, u_int handle_len)
1343 /* Silently return if the extension is not supported */
1344 if ((conn->exts & SFTP_EXT_FSYNC) == 0)
1346 debug2("Sending SSH2_FXP_EXTENDED(fsync@openssh.com)");
1348 /* Send fsync request */
1349 if ((msg = sshbuf_new()) == NULL)
1350 fatal_f("sshbuf_new failed");
1351 id = conn->msg_id++;
1352 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1353 (r = sshbuf_put_u32(msg, id)) != 0 ||
1354 (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
1355 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
1356 fatal_fr(r, "compose");
1357 send_msg(conn, msg);
1358 debug3("Sent message fsync@openssh.com I:%u", id);
1361 status = get_status(conn, id);
1362 if (status != SSH2_FX_OK)
1363 error("remote fsync: %s", fx2txt(status));
1365 return status == SSH2_FX_OK ? 0 : -1;
1370 sftp_readlink(struct sftp_conn *conn, const char *path)
1373 u_int expected_id, count, id;
1374 char *filename, *longname;
1379 debug2("Sending SSH2_FXP_READLINK \"%s\"", path);
1381 expected_id = id = conn->msg_id++;
1382 send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path));
1384 if ((msg = sshbuf_new()) == NULL)
1385 fatal_f("sshbuf_new failed");
1388 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
1389 (r = sshbuf_get_u32(msg, &id)) != 0)
1390 fatal_fr(r, "parse");
1392 if (id != expected_id)
1393 fatal("ID mismatch (%u != %u)", id, expected_id);
1395 if (type == SSH2_FXP_STATUS) {
1398 if ((r = sshbuf_get_u32(msg, &status)) != 0)
1399 fatal_fr(r, "parse status");
1400 error("Couldn't readlink: %s", fx2txt(status));
1403 } else if (type != SSH2_FXP_NAME)
1404 fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
1405 SSH2_FXP_NAME, type);
1407 if ((r = sshbuf_get_u32(msg, &count)) != 0)
1408 fatal_fr(r, "parse count");
1410 fatal("Got multiple names (%d) from SSH_FXP_READLINK", count);
1412 if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
1413 (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
1414 (r = decode_attrib(msg, &a)) != 0)
1415 fatal_fr(r, "parse filenames/attrib");
1417 debug3("SSH_FXP_READLINK %s -> %s", path, filename);
1428 sftp_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st,
1435 if ((conn->exts & SFTP_EXT_STATVFS) == 0) {
1436 error("Server does not support statvfs@openssh.com extension");
1440 debug2("Sending SSH2_FXP_EXTENDED(statvfs@openssh.com) \"%s\"", path);
1442 id = conn->msg_id++;
1444 if ((msg = sshbuf_new()) == NULL)
1445 fatal_f("sshbuf_new failed");
1446 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1447 (r = sshbuf_put_u32(msg, id)) != 0 ||
1448 (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
1449 (r = sshbuf_put_cstring(msg, path)) != 0)
1450 fatal_fr(r, "compose");
1451 send_msg(conn, msg);
1454 return get_decode_statvfs(conn, st, id, quiet);
1459 sftp_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
1460 struct sftp_statvfs *st, int quiet)
1465 if ((conn->exts & SFTP_EXT_FSTATVFS) == 0) {
1466 error("Server does not support fstatvfs@openssh.com extension");
1470 debug2("Sending SSH2_FXP_EXTENDED(fstatvfs@openssh.com)");
1472 id = conn->msg_id++;
1474 if ((msg = sshbuf_new()) == NULL)
1475 fatal_f("sshbuf_new failed");
1476 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1477 (r = sshbuf_put_u32(msg, id)) != 0 ||
1478 (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
1479 (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
1480 fatal_fr(r, "compose");
1481 send_msg(conn, msg);
1484 return get_decode_statvfs(conn, st, id, quiet);
1489 sftp_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a)
1495 if ((conn->exts & SFTP_EXT_LSETSTAT) == 0) {
1496 error("Server does not support lsetstat@openssh.com extension");
1500 debug2("Sending SSH2_FXP_EXTENDED(lsetstat@openssh.com) \"%s\"", path);
1502 id = conn->msg_id++;
1503 if ((msg = sshbuf_new()) == NULL)
1504 fatal_f("sshbuf_new failed");
1505 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
1506 (r = sshbuf_put_u32(msg, id)) != 0 ||
1507 (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
1508 (r = sshbuf_put_cstring(msg, path)) != 0 ||
1509 (r = encode_attrib(msg, a)) != 0)
1510 fatal_fr(r, "compose");
1511 send_msg(conn, msg);
1514 status = get_status(conn, id);
1515 if (status != SSH2_FX_OK)
1516 error("remote lsetstat \"%s\": %s", path, fx2txt(status));
1518 return status == SSH2_FX_OK ? 0 : -1;
1522 send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
1523 u_int len, const u_char *handle, u_int handle_len)
1528 if ((msg = sshbuf_new()) == NULL)
1529 fatal_f("sshbuf_new failed");
1530 if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 ||
1531 (r = sshbuf_put_u32(msg, id)) != 0 ||
1532 (r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||
1533 (r = sshbuf_put_u64(msg, offset)) != 0 ||
1534 (r = sshbuf_put_u32(msg, len)) != 0)
1535 fatal_fr(r, "compose");
1536 send_msg(conn, msg);
1541 send_open(struct sftp_conn *conn, const char *path, const char *tag,
1542 u_int openmode, Attrib *a, u_char **handlep, size_t *handle_lenp)
1551 debug2("Sending SSH2_FXP_OPEN \"%s\"", path);
1557 attrib_clear(&junk); /* Send empty attributes */
1560 /* Send open request */
1561 if ((msg = sshbuf_new()) == NULL)
1562 fatal_f("sshbuf_new failed");
1563 id = conn->msg_id++;
1564 if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
1565 (r = sshbuf_put_u32(msg, id)) != 0 ||
1566 (r = sshbuf_put_cstring(msg, path)) != 0 ||
1567 (r = sshbuf_put_u32(msg, openmode)) != 0 ||
1568 (r = encode_attrib(msg, a)) != 0)
1569 fatal_fr(r, "compose %s open", tag);
1570 send_msg(conn, msg);
1572 debug3("Sent %s message SSH2_FXP_OPEN I:%u P:%s M:0x%04x",
1573 tag, id, path, openmode);
1574 if ((handle = get_handle(conn, id, &handle_len,
1575 "%s open \"%s\"", tag, path)) == NULL)
1579 *handle_lenp = handle_len;
1584 progress_meter_path(const char *path)
1586 const char *progresspath;
1588 if ((progresspath = strrchr(path, '/')) == NULL)
1591 if (*progresspath == '\0')
1593 return progresspath;
1597 sftp_download(struct sftp_conn *conn, const char *remote_path,
1598 const char *local_path, Attrib *a, int preserve_flag, int resume_flag,
1599 int fsync_flag, int inplace_flag)
1603 int local_fd = -1, write_error;
1604 int read_error, write_errno, lmodified = 0, reordered = 0, r;
1605 u_int64_t offset = 0, size, highwater = 0, maxack = 0;
1606 u_int mode, id, buflen, num_req, max_req, status = SSH2_FX_OK;
1607 off_t progress_counter;
1610 struct requests requests;
1611 struct request *req;
1615 debug2_f("download remote \"%s\" to local \"%s\"",
1616 remote_path, local_path);
1618 TAILQ_INIT(&requests);
1621 if (sftp_stat(conn, remote_path, 0, &attr) != 0)
1626 /* Do not preserve set[ug]id here, as we do not preserve ownership */
1627 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
1628 mode = a->perm & 0777;
1632 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
1633 (!S_ISREG(a->perm))) {
1634 error("download %s: not a regular file", remote_path);
1638 if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
1643 buflen = conn->download_buflen;
1645 /* Send open request */
1646 if (send_open(conn, remote_path, "remote", SSH2_FXF_READ, NULL,
1647 &handle, &handle_len) != 0)
1650 local_fd = open(local_path, O_WRONLY | O_CREAT |
1651 ((resume_flag || inplace_flag) ? 0 : O_TRUNC), mode | S_IWUSR);
1652 if (local_fd == -1) {
1653 error("open local \"%s\": %s", local_path, strerror(errno));
1657 if (fstat(local_fd, &st) == -1) {
1658 error("stat local \"%s\": %s",
1659 local_path, strerror(errno));
1662 if (st.st_size < 0) {
1663 error("\"%s\" has negative size", local_path);
1666 if ((u_int64_t)st.st_size > size) {
1667 error("Unable to resume download of \"%s\": "
1668 "local file is larger than remote", local_path);
1670 sftp_close(conn, handle, handle_len);
1676 offset = highwater = maxack = st.st_size;
1679 /* Read from remote and write to local */
1680 write_error = read_error = write_errno = num_req = 0;
1682 progress_counter = offset;
1684 if (showprogress && size != 0) {
1685 start_progress_meter(progress_meter_path(remote_path),
1686 size, &progress_counter);
1689 if ((msg = sshbuf_new()) == NULL)
1690 fatal_f("sshbuf_new failed");
1692 while (num_req > 0 || max_req > 0) {
1697 * Simulate EOF on interrupt: stop sending new requests and
1698 * allow outstanding requests to drain gracefully
1701 if (num_req == 0) /* If we haven't started yet... */
1706 /* Send some more requests */
1707 while (num_req < max_req) {
1708 debug3("Request range %llu -> %llu (%d/%d)",
1709 (unsigned long long)offset,
1710 (unsigned long long)offset + buflen - 1,
1712 req = request_enqueue(&requests, conn->msg_id++,
1716 send_read_request(conn, req->id, req->offset,
1717 req->len, handle, handle_len);
1722 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
1723 (r = sshbuf_get_u32(msg, &id)) != 0)
1724 fatal_fr(r, "parse");
1725 debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
1727 /* Find the request in our queue */
1728 if ((req = request_find(&requests, id)) == NULL)
1729 fatal("Unexpected reply %u", id);
1732 case SSH2_FXP_STATUS:
1733 if ((r = sshbuf_get_u32(msg, &status)) != 0)
1734 fatal_fr(r, "parse status");
1735 if (status != SSH2_FX_EOF)
1738 TAILQ_REMOVE(&requests, req, tq);
1743 if ((r = sshbuf_get_string(msg, &data, &len)) != 0)
1744 fatal_fr(r, "parse data");
1745 debug3("Received data %llu -> %llu",
1746 (unsigned long long)req->offset,
1747 (unsigned long long)req->offset + len - 1);
1749 fatal("Received more data than asked for "
1750 "%zu > %zu", len, req->len);
1752 if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
1753 atomicio(vwrite, local_fd, data, len) != len) &&
1755 write_errno = errno;
1760 * Track both the highest offset acknowledged
1761 * and the highest *contiguous* offset
1763 * We'll need the latter for ftruncate()ing
1764 * interrupted transfers.
1766 if (maxack < req->offset + len)
1767 maxack = req->offset + len;
1768 if (!reordered && req->offset <= highwater)
1770 else if (!reordered && req->offset > highwater)
1773 progress_counter += len;
1776 if (len == req->len) {
1777 TAILQ_REMOVE(&requests, req, tq);
1781 /* Resend the request for the missing data */
1782 debug3("Short data block, re-requesting "
1783 "%llu -> %llu (%2d)",
1784 (unsigned long long)req->offset + len,
1785 (unsigned long long)req->offset +
1786 req->len - 1, num_req);
1787 req->id = conn->msg_id++;
1790 send_read_request(conn, req->id,
1791 req->offset, req->len, handle, handle_len);
1792 /* Reduce the request size */
1794 buflen = MAXIMUM(MIN_READ_SIZE, len);
1796 if (max_req > 0) { /* max_req = 0 iff EOF received */
1797 if (size > 0 && offset > size) {
1798 /* Only one request at a time
1799 * after the expected EOF */
1800 debug3("Finish at %llu (%2d)",
1801 (unsigned long long)offset,
1804 } else if (max_req < conn->num_requests) {
1810 fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
1811 SSH2_FXP_DATA, type);
1815 if (showprogress && size)
1816 stop_progress_meter();
1819 if (TAILQ_FIRST(&requests) != NULL)
1820 fatal("Transfer complete, but requests still in queue");
1822 if (!read_error && !write_error && !interrupted) {
1823 /* we got everything */
1828 * Truncate at highest contiguous point to avoid holes on interrupt,
1829 * or unconditionally if writing in place.
1831 if (inplace_flag || read_error || write_error || interrupted) {
1832 if (reordered && resume_flag &&
1833 (read_error || write_error || interrupted)) {
1834 error("Unable to resume download of \"%s\": "
1835 "server reordered requests", local_path);
1837 debug("truncating at %llu", (unsigned long long)highwater);
1838 if (ftruncate(local_fd, highwater) == -1)
1839 error("local ftruncate \"%s\": %s", local_path,
1843 error("read remote \"%s\" : %s", remote_path, fx2txt(status));
1845 sftp_close(conn, handle, handle_len);
1846 } else if (write_error) {
1847 error("write local \"%s\": %s", local_path,
1848 strerror(write_errno));
1849 status = SSH2_FX_FAILURE;
1850 sftp_close(conn, handle, handle_len);
1852 if (sftp_close(conn, handle, handle_len) != 0 || interrupted)
1853 status = SSH2_FX_FAILURE;
1855 status = SSH2_FX_OK;
1856 /* Override umask and utimes if asked */
1858 if (preserve_flag && fchmod(local_fd, mode) == -1)
1860 if (preserve_flag && chmod(local_path, mode) == -1)
1861 #endif /* HAVE_FCHMOD */
1862 error("local chmod \"%s\": %s", local_path,
1864 if (preserve_flag &&
1865 (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
1866 struct timeval tv[2];
1867 tv[0].tv_sec = a->atime;
1868 tv[1].tv_sec = a->mtime;
1869 tv[0].tv_usec = tv[1].tv_usec = 0;
1870 if (utimes(local_path, tv) == -1)
1871 error("local set times \"%s\": %s",
1872 local_path, strerror(errno));
1874 if (resume_flag && !lmodified)
1875 logit("File \"%s\" was not modified", local_path);
1876 else if (fsync_flag) {
1877 debug("syncing \"%s\"", local_path);
1878 if (fsync(local_fd) == -1)
1879 error("local sync \"%s\": %s",
1880 local_path, strerror(errno));
1887 return status == SSH2_FX_OK ? 0 : -1;
1891 download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
1892 int depth, Attrib *dirattrib, int preserve_flag, int print_flag,
1893 int resume_flag, int fsync_flag, int follow_link_flag, int inplace_flag)
1896 SFTP_DIRENT **dir_entries;
1897 char *filename, *new_src = NULL, *new_dst = NULL;
1898 mode_t mode = 0777, tmpmode = mode;
1899 Attrib *a, ldirattrib, lsym;
1901 if (depth >= MAX_DIR_DEPTH) {
1902 error("Maximum directory depth exceeded: %d levels", depth);
1906 debug2_f("download dir remote \"%s\" to local \"%s\"", src, dst);
1908 if (dirattrib == NULL) {
1909 if (sftp_stat(conn, src, 1, &ldirattrib) != 0) {
1910 error("stat remote \"%s\" directory failed", src);
1913 dirattrib = &ldirattrib;
1915 if (!S_ISDIR(dirattrib->perm)) {
1916 error("\"%s\" is not a directory", src);
1919 if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
1920 mprintf("Retrieving %s\n", src);
1922 if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
1923 mode = dirattrib->perm & 01777;
1924 tmpmode = mode | (S_IWUSR|S_IXUSR);
1926 debug("download remote \"%s\": server "
1927 "did not send permissions", dst);
1930 if (mkdir(dst, tmpmode) == -1 && errno != EEXIST) {
1931 error("mkdir %s: %s", dst, strerror(errno));
1935 if (sftp_readdir(conn, src, &dir_entries) == -1) {
1936 error("remote readdir \"%s\" failed", src);
1940 for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {
1944 filename = dir_entries[i]->filename;
1945 new_dst = sftp_path_append(dst, filename);
1946 new_src = sftp_path_append(src, filename);
1948 a = &dir_entries[i]->a;
1949 if (S_ISLNK(a->perm)) {
1950 if (!follow_link_flag) {
1951 logit("download \"%s\": not a regular file",
1955 /* Replace the stat contents with the symlink target */
1956 if (sftp_stat(conn, new_src, 1, &lsym) != 0) {
1957 logit("remote stat \"%s\" failed", new_src);
1964 if (S_ISDIR(a->perm)) {
1965 if (strcmp(filename, ".") == 0 ||
1966 strcmp(filename, "..") == 0)
1968 if (download_dir_internal(conn, new_src, new_dst,
1969 depth + 1, a, preserve_flag,
1970 print_flag, resume_flag,
1971 fsync_flag, follow_link_flag, inplace_flag) == -1)
1973 } else if (S_ISREG(a->perm)) {
1974 if (sftp_download(conn, new_src, new_dst, a,
1975 preserve_flag, resume_flag, fsync_flag,
1976 inplace_flag) == -1) {
1977 error("Download of file %s to %s failed",
1982 logit("download \"%s\": not a regular file", new_src);
1988 if (preserve_flag) {
1989 if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
1990 struct timeval tv[2];
1991 tv[0].tv_sec = dirattrib->atime;
1992 tv[1].tv_sec = dirattrib->mtime;
1993 tv[0].tv_usec = tv[1].tv_usec = 0;
1994 if (utimes(dst, tv) == -1)
1995 error("local set times on \"%s\": %s",
1996 dst, strerror(errno));
1998 debug("Server did not send times for directory "
2002 if (mode != tmpmode && chmod(dst, mode) == -1)
2003 error("local chmod directory \"%s\": %s", dst,
2006 sftp_free_dirents(dir_entries);
2012 sftp_download_dir(struct sftp_conn *conn, const char *src, const char *dst,
2013 Attrib *dirattrib, int preserve_flag, int print_flag, int resume_flag,
2014 int fsync_flag, int follow_link_flag, int inplace_flag)
2019 if ((src_canon = sftp_realpath(conn, src)) == NULL) {
2020 error("download \"%s\": path canonicalization failed", src);
2024 ret = download_dir_internal(conn, src_canon, dst, 0,
2025 dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag,
2026 follow_link_flag, inplace_flag);
2032 sftp_upload(struct sftp_conn *conn, const char *local_path,
2033 const char *remote_path, int preserve_flag, int resume,
2034 int fsync_flag, int inplace_flag)
2037 u_int openmode, id, status = SSH2_FX_OK, reordered = 0;
2038 off_t offset, progress_counter;
2039 u_char type, *handle, *data;
2043 u_int32_t startid, ackid;
2044 u_int64_t highwater = 0, maxack = 0;
2045 struct request *ack = NULL;
2046 struct requests acks;
2049 debug2_f("upload local \"%s\" to remote \"%s\"",
2050 local_path, remote_path);
2054 if ((local_fd = open(local_path, O_RDONLY)) == -1) {
2055 error("open local \"%s\": %s", local_path, strerror(errno));
2058 if (fstat(local_fd, &sb) == -1) {
2059 error("fstat local \"%s\": %s", local_path, strerror(errno));
2063 if (!S_ISREG(sb.st_mode)) {
2064 error("local \"%s\" is not a regular file", local_path);
2068 stat_to_attrib(&sb, &a);
2070 a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2071 a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2074 a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
2077 /* Get remote file size if it exists */
2078 if (sftp_stat(conn, remote_path, 0, &c) != 0) {
2083 if ((off_t)c.size >= sb.st_size) {
2084 error("resume \"%s\": destination file "
2085 "same size or larger", local_path);
2090 if (lseek(local_fd, (off_t)c.size, SEEK_SET) == -1) {
2096 openmode = SSH2_FXF_WRITE|SSH2_FXF_CREAT;
2098 openmode |= SSH2_FXF_APPEND;
2099 else if (!inplace_flag)
2100 openmode |= SSH2_FXF_TRUNC;
2102 /* Send open request */
2103 if (send_open(conn, remote_path, "dest", openmode, &a,
2104 &handle, &handle_len) != 0) {
2110 startid = ackid = id + 1;
2111 data = xmalloc(conn->upload_buflen);
2113 /* Read from local and write to remote */
2114 offset = progress_counter = (resume ? c.size : 0);
2116 start_progress_meter(progress_meter_path(local_path),
2117 sb.st_size, &progress_counter);
2120 if ((msg = sshbuf_new()) == NULL)
2121 fatal_f("sshbuf_new failed");
2126 * Can't use atomicio here because it returns 0 on EOF,
2127 * thus losing the last block of the file.
2128 * Simulate an EOF on interrupt, allowing ACKs from the
2131 if (interrupted || status != SSH2_FX_OK)
2134 len = read(local_fd, data, conn->upload_buflen);
2135 while ((len == -1) &&
2136 (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
2139 fatal("read local \"%s\": %s",
2140 local_path, strerror(errno));
2141 } else if (len != 0) {
2142 ack = request_enqueue(&acks, ++id, len, offset);
2144 if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 ||
2145 (r = sshbuf_put_u32(msg, ack->id)) != 0 ||
2146 (r = sshbuf_put_string(msg, handle,
2147 handle_len)) != 0 ||
2148 (r = sshbuf_put_u64(msg, offset)) != 0 ||
2149 (r = sshbuf_put_string(msg, data, len)) != 0)
2150 fatal_fr(r, "compose");
2151 send_msg(conn, msg);
2152 debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
2153 id, (unsigned long long)offset, len);
2154 } else if (TAILQ_FIRST(&acks) == NULL)
2158 fatal("Unexpected ACK %u", id);
2160 if (id == startid || len == 0 ||
2161 id - ackid >= conn->num_requests) {
2166 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2167 (r = sshbuf_get_u32(msg, &rid)) != 0)
2168 fatal_fr(r, "parse");
2170 if (type != SSH2_FXP_STATUS)
2171 fatal("Expected SSH2_FXP_STATUS(%d) packet, "
2172 "got %d", SSH2_FXP_STATUS, type);
2174 if ((r = sshbuf_get_u32(msg, &status)) != 0)
2175 fatal_fr(r, "parse status");
2176 debug3("SSH2_FXP_STATUS %u", status);
2178 /* Find the request in our queue */
2179 if ((ack = request_find(&acks, rid)) == NULL)
2180 fatal("Can't find request for ID %u", rid);
2181 TAILQ_REMOVE(&acks, ack, tq);
2182 debug3("In write loop, ack for %u %zu bytes at %lld",
2183 ack->id, ack->len, (unsigned long long)ack->offset);
2185 progress_counter += ack->len;
2187 * Track both the highest offset acknowledged and the
2188 * highest *contiguous* offset acknowledged.
2189 * We'll need the latter for ftruncate()ing
2190 * interrupted transfers.
2192 if (maxack < ack->offset + ack->len)
2193 maxack = ack->offset + ack->len;
2194 if (!reordered && ack->offset <= highwater)
2196 else if (!reordered && ack->offset > highwater) {
2197 debug3_f("server reordered ACKs");
2204 fatal_f("offset < 0");
2209 stop_progress_meter();
2212 if (status == SSH2_FX_OK && !interrupted) {
2213 /* we got everything */
2216 if (status != SSH2_FX_OK) {
2217 error("write remote \"%s\": %s", remote_path, fx2txt(status));
2218 status = SSH2_FX_FAILURE;
2221 if (inplace_flag || (resume && (status != SSH2_FX_OK || interrupted))) {
2222 debug("truncating at %llu", (unsigned long long)highwater);
2224 t.flags = SSH2_FILEXFER_ATTR_SIZE;
2226 sftp_fsetstat(conn, handle, handle_len, &t);
2229 if (close(local_fd) == -1) {
2230 error("close local \"%s\": %s", local_path, strerror(errno));
2231 status = SSH2_FX_FAILURE;
2234 /* Override umask and utimes if asked */
2236 sftp_fsetstat(conn, handle, handle_len, &a);
2239 (void)sftp_fsync(conn, handle, handle_len);
2241 if (sftp_close(conn, handle, handle_len) != 0)
2242 status = SSH2_FX_FAILURE;
2246 return status == SSH2_FX_OK ? 0 : -1;
2250 upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
2251 int depth, int preserve_flag, int print_flag, int resume, int fsync_flag,
2252 int follow_link_flag, int inplace_flag)
2257 char *filename, *new_src = NULL, *new_dst = NULL;
2259 Attrib a, dirattrib;
2260 u_int32_t saved_perm;
2262 debug2_f("upload local dir \"%s\" to remote \"%s\"", src, dst);
2264 if (depth >= MAX_DIR_DEPTH) {
2265 error("Maximum directory depth exceeded: %d levels", depth);
2269 if (stat(src, &sb) == -1) {
2270 error("stat local \"%s\": %s", src, strerror(errno));
2273 if (!S_ISDIR(sb.st_mode)) {
2274 error("\"%s\" is not a directory", src);
2277 if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
2278 mprintf("Entering %s\n", src);
2280 stat_to_attrib(&sb, &a);
2281 a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2282 a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2285 a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
2288 * sftp lacks a portable status value to match errno EEXIST,
2289 * so if we get a failure back then we must check whether
2290 * the path already existed and is a directory. Ensure we can
2291 * write to the directory we create for the duration of the transfer.
2293 saved_perm = a.perm;
2294 a.perm |= (S_IWUSR|S_IXUSR);
2295 if (sftp_mkdir(conn, dst, &a, 0) != 0) {
2296 if (sftp_stat(conn, dst, 0, &dirattrib) != 0)
2298 if (!S_ISDIR(dirattrib.perm)) {
2299 error("\"%s\" exists but is not a directory", dst);
2303 a.perm = saved_perm;
2305 if ((dirp = opendir(src)) == NULL) {
2306 error("local opendir \"%s\": %s", src, strerror(errno));
2310 while (((dp = readdir(dirp)) != NULL) && !interrupted) {
2315 filename = dp->d_name;
2316 new_dst = sftp_path_append(dst, filename);
2317 new_src = sftp_path_append(src, filename);
2319 if (strcmp(filename, ".") == 0 || strcmp(filename, "..") == 0)
2321 if (lstat(new_src, &sb) == -1) {
2322 logit("local lstat \"%s\": %s", filename,
2327 if (S_ISLNK(sb.st_mode)) {
2328 if (!follow_link_flag) {
2329 logit("%s: not a regular file", filename);
2332 /* Replace the stat contents with the symlink target */
2333 if (stat(new_src, &sb) == -1) {
2334 logit("local stat \"%s\": %s", filename,
2340 if (S_ISDIR(sb.st_mode)) {
2341 if (upload_dir_internal(conn, new_src, new_dst,
2342 depth + 1, preserve_flag, print_flag, resume,
2343 fsync_flag, follow_link_flag, inplace_flag) == -1)
2345 } else if (S_ISREG(sb.st_mode)) {
2346 if (sftp_upload(conn, new_src, new_dst,
2347 preserve_flag, resume, fsync_flag,
2348 inplace_flag) == -1) {
2349 error("upload \"%s\" to \"%s\" failed",
2354 logit("%s: not a regular file", filename);
2359 sftp_setstat(conn, dst, &a);
2361 (void) closedir(dirp);
2366 sftp_upload_dir(struct sftp_conn *conn, const char *src, const char *dst,
2367 int preserve_flag, int print_flag, int resume, int fsync_flag,
2368 int follow_link_flag, int inplace_flag)
2373 if ((dst_canon = sftp_realpath(conn, dst)) == NULL) {
2374 error("upload \"%s\": path canonicalization failed", dst);
2378 ret = upload_dir_internal(conn, src, dst_canon, 0, preserve_flag,
2379 print_flag, resume, fsync_flag, follow_link_flag, inplace_flag);
2386 handle_dest_replies(struct sftp_conn *to, const char *to_path, int synchronous,
2387 u_int *nreqsp, u_int *write_errorp)
2395 if ((msg = sshbuf_new()) == NULL)
2396 fatal_f("sshbuf_new failed");
2398 /* Try to eat replies from the upload side */
2399 while (*nreqsp > 0) {
2400 debug3_f("%u outstanding replies", *nreqsp);
2402 /* Bail out if no data is ready to be read */
2404 pfd.events = POLLIN;
2405 if ((r = poll(&pfd, 1, 0)) == -1) {
2408 fatal_f("poll: %s", strerror(errno));
2410 break; /* fd not ready */
2415 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2416 (r = sshbuf_get_u32(msg, &id)) != 0)
2417 fatal_fr(r, "dest parse");
2418 debug3("Received dest reply T:%u I:%u R:%u", type, id, *nreqsp);
2419 if (type != SSH2_FXP_STATUS) {
2420 fatal_f("Expected SSH2_FXP_STATUS(%d) packet, got %d",
2421 SSH2_FXP_STATUS, type);
2423 if ((r = sshbuf_get_u32(msg, &status)) != 0)
2424 fatal_fr(r, "parse dest status");
2425 debug3("dest SSH2_FXP_STATUS %u", status);
2426 if (status != SSH2_FX_OK) {
2427 /* record first error */
2428 if (*write_errorp == 0)
2429 *write_errorp = status;
2432 * XXX this doesn't do full reply matching like sftp_upload and
2433 * so cannot gracefully truncate terminated uploads at a
2434 * high-water mark. ATM the only caller of this function (scp)
2435 * doesn't support transfer resumption, so this doesn't matter
2438 * To be safe, sftp_crossload truncates the destination file to
2439 * zero length on upload failure, since we can't trust the
2440 * server not to have reordered replies that could have
2441 * inserted holes where none existed in the source file.
2443 * XXX we could get a more accutate progress bar if we updated
2444 * the counter based on the reply from the destination...
2448 debug3_f("done: %u outstanding replies", *nreqsp);
2453 sftp_crossload(struct sftp_conn *from, struct sftp_conn *to,
2454 const char *from_path, const char *to_path,
2455 Attrib *a, int preserve_flag)
2458 int write_error, read_error, r;
2459 u_int64_t offset = 0, size;
2460 u_int id, buflen, num_req, max_req, status = SSH2_FX_OK;
2461 u_int num_upload_req;
2462 off_t progress_counter;
2463 u_char *from_handle, *to_handle;
2464 size_t from_handle_len, to_handle_len;
2465 struct requests requests;
2466 struct request *req;
2470 debug2_f("crossload src \"%s\" to dst \"%s\"", from_path, to_path);
2472 TAILQ_INIT(&requests);
2475 if (sftp_stat(from, from_path, 0, &attr) != 0)
2480 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
2481 (!S_ISREG(a->perm))) {
2482 error("download \"%s\": not a regular file", from_path);
2485 if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
2490 buflen = from->download_buflen;
2491 if (buflen > to->upload_buflen)
2492 buflen = to->upload_buflen;
2494 /* Send open request to read side */
2495 if (send_open(from, from_path, "origin", SSH2_FXF_READ, NULL,
2496 &from_handle, &from_handle_len) != 0)
2499 /* Send open request to write side */
2500 a->flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2501 a->flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2504 a->flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
2505 if (send_open(to, to_path, "dest",
2506 SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a,
2507 &to_handle, &to_handle_len) != 0) {
2508 sftp_close(from, from_handle, from_handle_len);
2512 /* Read from remote "from" and write to remote "to" */
2514 write_error = read_error = num_req = num_upload_req = 0;
2516 progress_counter = 0;
2518 if (showprogress && size != 0) {
2519 start_progress_meter(progress_meter_path(from_path),
2520 size, &progress_counter);
2522 if ((msg = sshbuf_new()) == NULL)
2523 fatal_f("sshbuf_new failed");
2524 while (num_req > 0 || max_req > 0) {
2529 * Simulate EOF on interrupt: stop sending new requests and
2530 * allow outstanding requests to drain gracefully
2533 if (num_req == 0) /* If we haven't started yet... */
2538 /* Send some more requests */
2539 while (num_req < max_req) {
2540 debug3("Request range %llu -> %llu (%d/%d)",
2541 (unsigned long long)offset,
2542 (unsigned long long)offset + buflen - 1,
2544 req = request_enqueue(&requests, from->msg_id++,
2548 send_read_request(from, req->id, req->offset,
2549 req->len, from_handle, from_handle_len);
2552 /* Try to eat replies from the upload side (nonblocking) */
2553 handle_dest_replies(to, to_path, 0,
2554 &num_upload_req, &write_error);
2558 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2559 (r = sshbuf_get_u32(msg, &id)) != 0)
2560 fatal_fr(r, "parse");
2561 debug3("Received origin reply T:%u I:%u R:%d",
2564 /* Find the request in our queue */
2565 if ((req = request_find(&requests, id)) == NULL)
2566 fatal("Unexpected reply %u", id);
2569 case SSH2_FXP_STATUS:
2570 if ((r = sshbuf_get_u32(msg, &status)) != 0)
2571 fatal_fr(r, "parse status");
2572 if (status != SSH2_FX_EOF)
2575 TAILQ_REMOVE(&requests, req, tq);
2580 if ((r = sshbuf_get_string(msg, &data, &len)) != 0)
2581 fatal_fr(r, "parse data");
2582 debug3("Received data %llu -> %llu",
2583 (unsigned long long)req->offset,
2584 (unsigned long long)req->offset + len - 1);
2586 fatal("Received more data than asked for "
2587 "%zu > %zu", len, req->len);
2589 /* Write this chunk out to the destination */
2591 if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 ||
2592 (r = sshbuf_put_u32(msg, to->msg_id++)) != 0 ||
2593 (r = sshbuf_put_string(msg, to_handle,
2594 to_handle_len)) != 0 ||
2595 (r = sshbuf_put_u64(msg, req->offset)) != 0 ||
2596 (r = sshbuf_put_string(msg, data, len)) != 0)
2597 fatal_fr(r, "compose write");
2599 debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%zu",
2600 id, (unsigned long long)offset, len);
2602 progress_counter += len;
2605 if (len == req->len) {
2606 TAILQ_REMOVE(&requests, req, tq);
2610 /* Resend the request for the missing data */
2611 debug3("Short data block, re-requesting "
2612 "%llu -> %llu (%2d)",
2613 (unsigned long long)req->offset + len,
2614 (unsigned long long)req->offset +
2615 req->len - 1, num_req);
2616 req->id = from->msg_id++;
2619 send_read_request(from, req->id,
2620 req->offset, req->len,
2621 from_handle, from_handle_len);
2622 /* Reduce the request size */
2624 buflen = MAXIMUM(MIN_READ_SIZE, len);
2626 if (max_req > 0) { /* max_req = 0 iff EOF received */
2627 if (size > 0 && offset > size) {
2628 /* Only one request at a time
2629 * after the expected EOF */
2630 debug3("Finish at %llu (%2d)",
2631 (unsigned long long)offset,
2634 } else if (max_req < from->num_requests) {
2640 fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
2641 SSH2_FXP_DATA, type);
2645 if (showprogress && size)
2646 stop_progress_meter();
2648 /* Drain replies from the server (blocking) */
2649 debug3_f("waiting for %u replies from destination", num_upload_req);
2650 handle_dest_replies(to, to_path, 1, &num_upload_req, &write_error);
2653 if (TAILQ_FIRST(&requests) != NULL)
2654 fatal("Transfer complete, but requests still in queue");
2655 /* Truncate at 0 length on interrupt or error to avoid holes at dest */
2656 if (read_error || write_error || interrupted) {
2657 debug("truncating \"%s\" at 0", to_path);
2658 sftp_close(to, to_handle, to_handle_len);
2660 if (send_open(to, to_path, "dest",
2661 SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a,
2662 &to_handle, &to_handle_len) != 0) {
2663 error("dest truncate \"%s\" failed", to_path);
2668 error("read origin \"%s\": %s", from_path, fx2txt(status));
2670 sftp_close(from, from_handle, from_handle_len);
2671 if (to_handle != NULL)
2672 sftp_close(to, to_handle, to_handle_len);
2673 } else if (write_error) {
2674 error("write dest \"%s\": %s", to_path, fx2txt(write_error));
2675 status = SSH2_FX_FAILURE;
2676 sftp_close(from, from_handle, from_handle_len);
2677 if (to_handle != NULL)
2678 sftp_close(to, to_handle, to_handle_len);
2680 if (sftp_close(from, from_handle, from_handle_len) != 0 ||
2684 status = SSH2_FX_OK;
2685 if (to_handle != NULL) {
2686 /* Need to resend utimes after write */
2688 sftp_fsetstat(to, to_handle, to_handle_len, a);
2689 sftp_close(to, to_handle, to_handle_len);
2696 return status == SSH2_FX_OK ? 0 : -1;
2700 crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to,
2701 const char *from_path, const char *to_path,
2702 int depth, Attrib *dirattrib, int preserve_flag, int print_flag,
2703 int follow_link_flag)
2706 SFTP_DIRENT **dir_entries;
2707 char *filename, *new_from_path = NULL, *new_to_path = NULL;
2709 Attrib *a, curdir, ldirattrib, newdir, lsym;
2711 debug2_f("crossload dir src \"%s\" to dst \"%s\"", from_path, to_path);
2713 if (depth >= MAX_DIR_DEPTH) {
2714 error("Maximum directory depth exceeded: %d levels", depth);
2718 if (dirattrib == NULL) {
2719 if (sftp_stat(from, from_path, 1, &ldirattrib) != 0) {
2720 error("stat remote \"%s\" failed", from_path);
2723 dirattrib = &ldirattrib;
2725 if (!S_ISDIR(dirattrib->perm)) {
2726 error("\"%s\" is not a directory", from_path);
2729 if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
2730 mprintf("Retrieving %s\n", from_path);
2732 curdir = *dirattrib; /* dirattrib will be clobbered */
2733 curdir.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
2734 curdir.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
2735 if ((curdir.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) == 0) {
2736 debug("Origin did not send permissions for "
2737 "directory \"%s\"", to_path);
2738 curdir.perm = S_IWUSR|S_IXUSR;
2739 curdir.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
2741 /* We need to be able to write to the directory while we transfer it */
2742 mode = curdir.perm & 01777;
2743 curdir.perm = mode | (S_IWUSR|S_IXUSR);
2746 * sftp lacks a portable status value to match errno EEXIST,
2747 * so if we get a failure back then we must check whether
2748 * the path already existed and is a directory. Ensure we can
2749 * write to the directory we create for the duration of the transfer.
2751 if (sftp_mkdir(to, to_path, &curdir, 0) != 0) {
2752 if (sftp_stat(to, to_path, 0, &newdir) != 0)
2754 if (!S_ISDIR(newdir.perm)) {
2755 error("\"%s\" exists but is not a directory", to_path);
2761 if (sftp_readdir(from, from_path, &dir_entries) == -1) {
2762 error("origin readdir \"%s\" failed", from_path);
2766 for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {
2767 free(new_from_path);
2770 filename = dir_entries[i]->filename;
2771 new_from_path = sftp_path_append(from_path, filename);
2772 new_to_path = sftp_path_append(to_path, filename);
2774 a = &dir_entries[i]->a;
2775 if (S_ISLNK(a->perm)) {
2776 if (!follow_link_flag) {
2777 logit("%s: not a regular file", filename);
2780 /* Replace the stat contents with the symlink target */
2781 if (sftp_stat(from, new_from_path, 1, &lsym) != 0) {
2782 logit("remote stat \"%s\" failed",
2789 if (S_ISDIR(a->perm)) {
2790 if (strcmp(filename, ".") == 0 ||
2791 strcmp(filename, "..") == 0)
2793 if (crossload_dir_internal(from, to,
2794 new_from_path, new_to_path,
2795 depth + 1, a, preserve_flag,
2796 print_flag, follow_link_flag) == -1)
2798 } else if (S_ISREG(a->perm)) {
2799 if (sftp_crossload(from, to, new_from_path,
2800 new_to_path, a, preserve_flag) == -1) {
2801 error("crossload \"%s\" to \"%s\" failed",
2802 new_from_path, new_to_path);
2806 logit("origin \"%s\": not a regular file",
2811 free(new_from_path);
2813 sftp_setstat(to, to_path, &curdir);
2815 sftp_free_dirents(dir_entries);
2821 sftp_crossload_dir(struct sftp_conn *from, struct sftp_conn *to,
2822 const char *from_path, const char *to_path,
2823 Attrib *dirattrib, int preserve_flag, int print_flag, int follow_link_flag)
2825 char *from_path_canon;
2828 if ((from_path_canon = sftp_realpath(from, from_path)) == NULL) {
2829 error("crossload \"%s\": path canonicalization failed",
2834 ret = crossload_dir_internal(from, to, from_path_canon, to_path, 0,
2835 dirattrib, preserve_flag, print_flag, follow_link_flag);
2836 free(from_path_canon);
2841 sftp_can_get_users_groups_by_id(struct sftp_conn *conn)
2843 return (conn->exts & SFTP_EXT_GETUSERSGROUPS_BY_ID) != 0;
2847 sftp_get_users_groups_by_id(struct sftp_conn *conn,
2848 const u_int *uids, u_int nuids,
2849 const u_int *gids, u_int ngids,
2850 char ***usernamesp, char ***groupnamesp)
2852 struct sshbuf *msg, *uidbuf, *gidbuf;
2853 u_int i, expected_id, id;
2854 char *name, **usernames = NULL, **groupnames = NULL;
2858 *usernamesp = *groupnamesp = NULL;
2859 if (!sftp_can_get_users_groups_by_id(conn))
2860 return SSH_ERR_FEATURE_UNSUPPORTED;
2862 if ((msg = sshbuf_new()) == NULL ||
2863 (uidbuf = sshbuf_new()) == NULL ||
2864 (gidbuf = sshbuf_new()) == NULL)
2865 fatal_f("sshbuf_new failed");
2866 expected_id = id = conn->msg_id++;
2867 debug2("Sending SSH2_FXP_EXTENDED(users-groups-by-id@openssh.com)");
2868 for (i = 0; i < nuids; i++) {
2869 if ((r = sshbuf_put_u32(uidbuf, uids[i])) != 0)
2870 fatal_fr(r, "compose uids");
2872 for (i = 0; i < ngids; i++) {
2873 if ((r = sshbuf_put_u32(gidbuf, gids[i])) != 0)
2874 fatal_fr(r, "compose gids");
2876 if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
2877 (r = sshbuf_put_u32(msg, id)) != 0 ||
2878 (r = sshbuf_put_cstring(msg,
2879 "users-groups-by-id@openssh.com")) != 0 ||
2880 (r = sshbuf_put_stringb(msg, uidbuf)) != 0 ||
2881 (r = sshbuf_put_stringb(msg, gidbuf)) != 0)
2882 fatal_fr(r, "compose");
2883 send_msg(conn, msg);
2885 if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
2886 (r = sshbuf_get_u32(msg, &id)) != 0)
2887 fatal_fr(r, "parse");
2888 if (id != expected_id)
2889 fatal("ID mismatch (%u != %u)", id, expected_id);
2890 if (type == SSH2_FXP_STATUS) {
2894 if ((r = sshbuf_get_u32(msg, &status)) != 0 ||
2895 (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0)
2896 fatal_fr(r, "parse status");
2897 error("users-groups-by-id %s",
2898 *errmsg == '\0' ? fx2txt(status) : errmsg);
2901 sshbuf_free(uidbuf);
2902 sshbuf_free(gidbuf);
2904 } else if (type != SSH2_FXP_EXTENDED_REPLY)
2905 fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
2906 SSH2_FXP_EXTENDED_REPLY, type);
2909 sshbuf_free(uidbuf);
2910 sshbuf_free(gidbuf);
2911 uidbuf = gidbuf = NULL;
2912 if ((r = sshbuf_froms(msg, &uidbuf)) != 0 ||
2913 (r = sshbuf_froms(msg, &gidbuf)) != 0)
2914 fatal_fr(r, "parse response");
2916 usernames = xcalloc(nuids, sizeof(*usernames));
2917 for (i = 0; i < nuids; i++) {
2918 if ((r = sshbuf_get_cstring(uidbuf, &name, NULL)) != 0)
2919 fatal_fr(r, "parse user name");
2920 /* Handle unresolved names */
2921 if (*name == '\0') {
2925 usernames[i] = name;
2929 groupnames = xcalloc(ngids, sizeof(*groupnames));
2930 for (i = 0; i < ngids; i++) {
2931 if ((r = sshbuf_get_cstring(gidbuf, &name, NULL)) != 0)
2932 fatal_fr(r, "parse user name");
2933 /* Handle unresolved names */
2934 if (*name == '\0') {
2938 groupnames[i] = name;
2941 if (sshbuf_len(uidbuf) != 0)
2942 fatal_f("unexpected extra username data");
2943 if (sshbuf_len(gidbuf) != 0)
2944 fatal_f("unexpected extra groupname data");
2945 sshbuf_free(uidbuf);
2946 sshbuf_free(gidbuf);
2949 *usernamesp = usernames;
2950 *groupnamesp = groupnames;
2955 sftp_path_append(const char *p1, const char *p2)
2958 size_t len = strlen(p1) + strlen(p2) + 2;
2961 strlcpy(ret, p1, len);
2962 if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
2963 strlcat(ret, "/", len);
2964 strlcat(ret, p2, len);
2970 * Arg p must be dynamically allocated. It will either be returned or
2971 * freed and a replacement allocated. Caller must free returned string.
2974 sftp_make_absolute(char *p, const char *pwd)
2979 if (p && !path_absolute(p)) {
2980 abs_str = sftp_path_append(pwd, p);
2988 sftp_remote_is_dir(struct sftp_conn *conn, const char *path)
2992 /* XXX: report errors? */
2993 if (sftp_stat(conn, path, 1, &a) != 0)
2995 if (!(a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
2997 return S_ISDIR(a.perm);
3001 /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
3003 sftp_globpath_is_dir(const char *pathname)
3005 size_t l = strlen(pathname);
3007 return l > 0 && pathname[l - 1] == '/';