• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* $OpenBSD: sftp-client.c,v 1.94 2010/12/04 00:18:01 djm Exp $ */
2 /*
3  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 /* XXX: memleaks */
19 /* XXX: signed vs unsigned */
20 /* XXX: remove all logging, only return status codes */
21 /* XXX: copy between two remote sites */
22 
23 #include "includes.h"
24 
25 #include <sys/types.h>
26 #include <sys/param.h>
27 #ifdef HAVE_SYS_STATVFS_H
28 #include <sys/statvfs.h>
29 #endif
30 #include "openbsd-compat/sys-queue.h"
31 #ifdef HAVE_SYS_STAT_H
32 # include <sys/stat.h>
33 #endif
34 #ifdef HAVE_SYS_TIME_H
35 # include <sys/time.h>
36 #endif
37 #include <sys/uio.h>
38 
39 #include <dirent.h>
40 #include <errno.h>
41 #include <fcntl.h>
42 #include <signal.h>
43 #include <stdarg.h>
44 #include <stdio.h>
45 #include <string.h>
46 #include <unistd.h>
47 
48 #include "xmalloc.h"
49 #include "buffer.h"
50 #include "log.h"
51 #include "atomicio.h"
52 #include "progressmeter.h"
53 #include "misc.h"
54 
55 #include "sftp.h"
56 #include "sftp-common.h"
57 #include "sftp-client.h"
58 
59 extern volatile sig_atomic_t interrupted;
60 extern int showprogress;
61 
62 /* Minimum amount of data to read at a time */
63 #define MIN_READ_SIZE	512
64 
65 /* Maximum depth to descend in directory trees */
66 #define MAX_DIR_DEPTH 64
67 
68 struct sftp_conn {
69 	int fd_in;
70 	int fd_out;
71 	u_int transfer_buflen;
72 	u_int num_requests;
73 	u_int version;
74 	u_int msg_id;
75 #define SFTP_EXT_POSIX_RENAME	0x00000001
76 #define SFTP_EXT_STATVFS	0x00000002
77 #define SFTP_EXT_FSTATVFS	0x00000004
78 #define SFTP_EXT_HARDLINK	0x00000008
79 	u_int exts;
80 	u_int64_t limit_kbps;
81 	struct bwlimit bwlimit_in, bwlimit_out;
82 };
83 
84 static char *
85 get_handle(struct sftp_conn *conn, u_int expected_id, u_int *len,
86     const char *errfmt, ...) __attribute__((format(printf, 4, 5)));
87 
88 /* ARGSUSED */
89 static int
sftpio(void * _bwlimit,size_t amount)90 sftpio(void *_bwlimit, size_t amount)
91 {
92 	struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
93 
94 	bandwidth_limit(bwlimit, amount);
95 	return 0;
96 }
97 
98 static void
send_msg(struct sftp_conn * conn,Buffer * m)99 send_msg(struct sftp_conn *conn, Buffer *m)
100 {
101 	u_char mlen[4];
102 	struct iovec iov[2];
103 
104 	if (buffer_len(m) > SFTP_MAX_MSG_LENGTH)
105 		fatal("Outbound message too long %u", buffer_len(m));
106 
107 	/* Send length first */
108 	put_u32(mlen, buffer_len(m));
109 	iov[0].iov_base = mlen;
110 	iov[0].iov_len = sizeof(mlen);
111 	iov[1].iov_base = buffer_ptr(m);
112 	iov[1].iov_len = buffer_len(m);
113 
114 	if (atomiciov6(writev, conn->fd_out, iov, 2,
115 	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
116 	    buffer_len(m) + sizeof(mlen))
117 		fatal("Couldn't send packet: %s", strerror(errno));
118 
119 	buffer_clear(m);
120 }
121 
122 static void
get_msg(struct sftp_conn * conn,Buffer * m)123 get_msg(struct sftp_conn *conn, Buffer *m)
124 {
125 	u_int msg_len;
126 
127 	buffer_append_space(m, 4);
128 	if (atomicio6(read, conn->fd_in, buffer_ptr(m), 4,
129 	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) {
130 		if (errno == EPIPE)
131 			fatal("Connection closed");
132 		else
133 			fatal("Couldn't read packet: %s", strerror(errno));
134 	}
135 
136 	msg_len = buffer_get_int(m);
137 	if (msg_len > SFTP_MAX_MSG_LENGTH)
138 		fatal("Received message too long %u", msg_len);
139 
140 	buffer_append_space(m, msg_len);
141 	if (atomicio6(read, conn->fd_in, buffer_ptr(m), msg_len,
142 	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in)
143 	    != msg_len) {
144 		if (errno == EPIPE)
145 			fatal("Connection closed");
146 		else
147 			fatal("Read packet: %s", strerror(errno));
148 	}
149 }
150 
151 static void
send_string_request(struct sftp_conn * conn,u_int id,u_int code,char * s,u_int len)152 send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s,
153     u_int len)
154 {
155 	Buffer msg;
156 
157 	buffer_init(&msg);
158 	buffer_put_char(&msg, code);
159 	buffer_put_int(&msg, id);
160 	buffer_put_string(&msg, s, len);
161 	send_msg(conn, &msg);
162 	debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
163 	buffer_free(&msg);
164 }
165 
166 static void
send_string_attrs_request(struct sftp_conn * conn,u_int id,u_int code,char * s,u_int len,Attrib * a)167 send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code,
168     char *s, u_int len, Attrib *a)
169 {
170 	Buffer msg;
171 
172 	buffer_init(&msg);
173 	buffer_put_char(&msg, code);
174 	buffer_put_int(&msg, id);
175 	buffer_put_string(&msg, s, len);
176 	encode_attrib(&msg, a);
177 	send_msg(conn, &msg);
178 	debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
179 	buffer_free(&msg);
180 }
181 
182 static u_int
get_status(struct sftp_conn * conn,u_int expected_id)183 get_status(struct sftp_conn *conn, u_int expected_id)
184 {
185 	Buffer msg;
186 	u_int type, id, status;
187 
188 	buffer_init(&msg);
189 	get_msg(conn, &msg);
190 	type = buffer_get_char(&msg);
191 	id = buffer_get_int(&msg);
192 
193 	if (id != expected_id)
194 		fatal("ID mismatch (%u != %u)", id, expected_id);
195 	if (type != SSH2_FXP_STATUS)
196 		fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
197 		    SSH2_FXP_STATUS, type);
198 
199 	status = buffer_get_int(&msg);
200 	buffer_free(&msg);
201 
202 	debug3("SSH2_FXP_STATUS %u", status);
203 
204 	return status;
205 }
206 
207 static char *
get_handle(struct sftp_conn * conn,u_int expected_id,u_int * len,const char * errfmt,...)208 get_handle(struct sftp_conn *conn, u_int expected_id, u_int *len,
209     const char *errfmt, ...)
210 {
211 	Buffer msg;
212 	u_int type, id;
213 	char *handle, errmsg[256];
214 	va_list args;
215 	int status;
216 
217 	va_start(args, errfmt);
218 	if (errfmt != NULL)
219 		vsnprintf(errmsg, sizeof(errmsg), errfmt, args);
220 	va_end(args);
221 
222 	buffer_init(&msg);
223 	get_msg(conn, &msg);
224 	type = buffer_get_char(&msg);
225 	id = buffer_get_int(&msg);
226 
227 	if (id != expected_id)
228 		fatal("%s: ID mismatch (%u != %u)",
229 		    errfmt == NULL ? __func__ : errmsg, id, expected_id);
230 	if (type == SSH2_FXP_STATUS) {
231 		status = buffer_get_int(&msg);
232 		if (errfmt != NULL)
233 			error("%s: %s", errmsg, fx2txt(status));
234 		buffer_free(&msg);
235 		return(NULL);
236 	} else if (type != SSH2_FXP_HANDLE)
237 		fatal("%s: Expected SSH2_FXP_HANDLE(%u) packet, got %u",
238 		    errfmt == NULL ? __func__ : errmsg, SSH2_FXP_HANDLE, type);
239 
240 	handle = buffer_get_string(&msg, len);
241 	buffer_free(&msg);
242 
243 	return(handle);
244 }
245 
246 static Attrib *
get_decode_stat(struct sftp_conn * conn,u_int expected_id,int quiet)247 get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
248 {
249 	Buffer msg;
250 	u_int type, id;
251 	Attrib *a;
252 
253 	buffer_init(&msg);
254 	get_msg(conn, &msg);
255 
256 	type = buffer_get_char(&msg);
257 	id = buffer_get_int(&msg);
258 
259 	debug3("Received stat reply T:%u I:%u", type, id);
260 	if (id != expected_id)
261 		fatal("ID mismatch (%u != %u)", id, expected_id);
262 	if (type == SSH2_FXP_STATUS) {
263 		int status = buffer_get_int(&msg);
264 
265 		if (quiet)
266 			debug("Couldn't stat remote file: %s", fx2txt(status));
267 		else
268 			error("Couldn't stat remote file: %s", fx2txt(status));
269 		buffer_free(&msg);
270 		return(NULL);
271 	} else if (type != SSH2_FXP_ATTRS) {
272 		fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
273 		    SSH2_FXP_ATTRS, type);
274 	}
275 	a = decode_attrib(&msg);
276 	buffer_free(&msg);
277 
278 	return(a);
279 }
280 
281 static int
get_decode_statvfs(struct sftp_conn * conn,struct sftp_statvfs * st,u_int expected_id,int quiet)282 get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st,
283     u_int expected_id, int quiet)
284 {
285 	Buffer msg;
286 	u_int type, id, flag;
287 
288 	buffer_init(&msg);
289 	get_msg(conn, &msg);
290 
291 	type = buffer_get_char(&msg);
292 	id = buffer_get_int(&msg);
293 
294 	debug3("Received statvfs reply T:%u I:%u", type, id);
295 	if (id != expected_id)
296 		fatal("ID mismatch (%u != %u)", id, expected_id);
297 	if (type == SSH2_FXP_STATUS) {
298 		int status = buffer_get_int(&msg);
299 
300 		if (quiet)
301 			debug("Couldn't statvfs: %s", fx2txt(status));
302 		else
303 			error("Couldn't statvfs: %s", fx2txt(status));
304 		buffer_free(&msg);
305 		return -1;
306 	} else if (type != SSH2_FXP_EXTENDED_REPLY) {
307 		fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
308 		    SSH2_FXP_EXTENDED_REPLY, type);
309 	}
310 
311 	bzero(st, sizeof(*st));
312 	st->f_bsize = buffer_get_int64(&msg);
313 	st->f_frsize = buffer_get_int64(&msg);
314 	st->f_blocks = buffer_get_int64(&msg);
315 	st->f_bfree = buffer_get_int64(&msg);
316 	st->f_bavail = buffer_get_int64(&msg);
317 	st->f_files = buffer_get_int64(&msg);
318 	st->f_ffree = buffer_get_int64(&msg);
319 	st->f_favail = buffer_get_int64(&msg);
320 	st->f_fsid = buffer_get_int64(&msg);
321 	flag = buffer_get_int64(&msg);
322 	st->f_namemax = buffer_get_int64(&msg);
323 
324 	st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
325 	st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
326 
327 	buffer_free(&msg);
328 
329 	return 0;
330 }
331 
332 struct sftp_conn *
do_init(int fd_in,int fd_out,u_int transfer_buflen,u_int num_requests,u_int64_t limit_kbps)333 do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
334     u_int64_t limit_kbps)
335 {
336 	u_int type;
337 	Buffer msg;
338 	struct sftp_conn *ret;
339 
340 	ret = xmalloc(sizeof(*ret));
341 	ret->fd_in = fd_in;
342 	ret->fd_out = fd_out;
343 	ret->transfer_buflen = transfer_buflen;
344 	ret->num_requests = num_requests;
345 	ret->exts = 0;
346 	ret->limit_kbps = 0;
347 
348 	buffer_init(&msg);
349 	buffer_put_char(&msg, SSH2_FXP_INIT);
350 	buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
351 	send_msg(ret, &msg);
352 
353 	buffer_clear(&msg);
354 
355 	get_msg(ret, &msg);
356 
357 	/* Expecting a VERSION reply */
358 	if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
359 		error("Invalid packet back from SSH2_FXP_INIT (type %u)",
360 		    type);
361 		buffer_free(&msg);
362 		return(NULL);
363 	}
364 	ret->version = buffer_get_int(&msg);
365 
366 	debug2("Remote version: %u", ret->version);
367 
368 	/* Check for extensions */
369 	while (buffer_len(&msg) > 0) {
370 		char *name = buffer_get_string(&msg, NULL);
371 		char *value = buffer_get_string(&msg, NULL);
372 		int known = 0;
373 
374 		if (strcmp(name, "posix-rename@openssh.com") == 0 &&
375 		    strcmp(value, "1") == 0) {
376 			ret->exts |= SFTP_EXT_POSIX_RENAME;
377 			known = 1;
378 		} else if (strcmp(name, "statvfs@openssh.com") == 0 &&
379 		    strcmp(value, "2") == 0) {
380 			ret->exts |= SFTP_EXT_STATVFS;
381 			known = 1;
382 		} else if (strcmp(name, "fstatvfs@openssh.com") == 0 &&
383 		    strcmp(value, "2") == 0) {
384 			ret->exts |= SFTP_EXT_FSTATVFS;
385 			known = 1;
386 		} else if (strcmp(name, "hardlink@openssh.com") == 0 &&
387 		    strcmp(value, "1") == 0) {
388 			ret->exts |= SFTP_EXT_HARDLINK;
389 			known = 1;
390 		}
391 		if (known) {
392 			debug2("Server supports extension \"%s\" revision %s",
393 			    name, value);
394 		} else {
395 			debug2("Unrecognised server extension \"%s\"", name);
396 		}
397 		xfree(name);
398 		xfree(value);
399 	}
400 
401 	buffer_free(&msg);
402 
403 	/* Some filexfer v.0 servers don't support large packets */
404 	if (ret->version == 0)
405 		ret->transfer_buflen = MIN(ret->transfer_buflen, 20480);
406 
407 	ret->limit_kbps = limit_kbps;
408 	if (ret->limit_kbps > 0) {
409 		bandwidth_limit_init(&ret->bwlimit_in, ret->limit_kbps,
410 		    ret->transfer_buflen);
411 		bandwidth_limit_init(&ret->bwlimit_out, ret->limit_kbps,
412 		    ret->transfer_buflen);
413 	}
414 
415 	return ret;
416 }
417 
418 u_int
sftp_proto_version(struct sftp_conn * conn)419 sftp_proto_version(struct sftp_conn *conn)
420 {
421 	return conn->version;
422 }
423 
424 int
do_close(struct sftp_conn * conn,char * handle,u_int handle_len)425 do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
426 {
427 	u_int id, status;
428 	Buffer msg;
429 
430 	buffer_init(&msg);
431 
432 	id = conn->msg_id++;
433 	buffer_put_char(&msg, SSH2_FXP_CLOSE);
434 	buffer_put_int(&msg, id);
435 	buffer_put_string(&msg, handle, handle_len);
436 	send_msg(conn, &msg);
437 	debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
438 
439 	status = get_status(conn, id);
440 	if (status != SSH2_FX_OK)
441 		error("Couldn't close file: %s", fx2txt(status));
442 
443 	buffer_free(&msg);
444 
445 	return status;
446 }
447 
448 
449 static int
do_lsreaddir(struct sftp_conn * conn,char * path,int printflag,SFTP_DIRENT *** dir)450 do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
451     SFTP_DIRENT ***dir)
452 {
453 	Buffer msg;
454 	u_int count, type, id, handle_len, i, expected_id, ents = 0;
455 	char *handle;
456 
457 	id = conn->msg_id++;
458 
459 	buffer_init(&msg);
460 	buffer_put_char(&msg, SSH2_FXP_OPENDIR);
461 	buffer_put_int(&msg, id);
462 	buffer_put_cstring(&msg, path);
463 	send_msg(conn, &msg);
464 
465 	buffer_clear(&msg);
466 
467 	handle = get_handle(conn, id, &handle_len,
468 	    "remote readdir(\"%s\")", path);
469 	if (handle == NULL)
470 		return -1;
471 
472 	if (dir) {
473 		ents = 0;
474 		*dir = xmalloc(sizeof(**dir));
475 		(*dir)[0] = NULL;
476 	}
477 
478 	for (; !interrupted;) {
479 		id = expected_id = conn->msg_id++;
480 
481 		debug3("Sending SSH2_FXP_READDIR I:%u", id);
482 
483 		buffer_clear(&msg);
484 		buffer_put_char(&msg, SSH2_FXP_READDIR);
485 		buffer_put_int(&msg, id);
486 		buffer_put_string(&msg, handle, handle_len);
487 		send_msg(conn, &msg);
488 
489 		buffer_clear(&msg);
490 
491 		get_msg(conn, &msg);
492 
493 		type = buffer_get_char(&msg);
494 		id = buffer_get_int(&msg);
495 
496 		debug3("Received reply T:%u I:%u", type, id);
497 
498 		if (id != expected_id)
499 			fatal("ID mismatch (%u != %u)", id, expected_id);
500 
501 		if (type == SSH2_FXP_STATUS) {
502 			int status = buffer_get_int(&msg);
503 
504 			debug3("Received SSH2_FXP_STATUS %d", status);
505 
506 			if (status == SSH2_FX_EOF) {
507 				break;
508 			} else {
509 				error("Couldn't read directory: %s",
510 				    fx2txt(status));
511 				do_close(conn, handle, handle_len);
512 				xfree(handle);
513 				return(status);
514 			}
515 		} else if (type != SSH2_FXP_NAME)
516 			fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
517 			    SSH2_FXP_NAME, type);
518 
519 		count = buffer_get_int(&msg);
520 		if (count == 0)
521 			break;
522 		debug3("Received %d SSH2_FXP_NAME responses", count);
523 		for (i = 0; i < count; i++) {
524 			char *filename, *longname;
525 			Attrib *a;
526 
527 			filename = buffer_get_string(&msg, NULL);
528 			longname = buffer_get_string(&msg, NULL);
529 			a = decode_attrib(&msg);
530 
531 			if (printflag)
532 				printf("%s\n", longname);
533 
534 			/*
535 			 * Directory entries should never contain '/'
536 			 * These can be used to attack recursive ops
537 			 * (e.g. send '../../../../etc/passwd')
538 			 */
539 			if (strchr(filename, '/') != NULL) {
540 				error("Server sent suspect path \"%s\" "
541 				    "during readdir of \"%s\"", filename, path);
542 				goto next;
543 			}
544 
545 			if (dir) {
546 				*dir = xrealloc(*dir, ents + 2, sizeof(**dir));
547 				(*dir)[ents] = xmalloc(sizeof(***dir));
548 				(*dir)[ents]->filename = xstrdup(filename);
549 				(*dir)[ents]->longname = xstrdup(longname);
550 				memcpy(&(*dir)[ents]->a, a, sizeof(*a));
551 				(*dir)[++ents] = NULL;
552 			}
553  next:
554 			xfree(filename);
555 			xfree(longname);
556 		}
557 	}
558 
559 	buffer_free(&msg);
560 	do_close(conn, handle, handle_len);
561 	xfree(handle);
562 
563 	/* Don't return partial matches on interrupt */
564 	if (interrupted && dir != NULL && *dir != NULL) {
565 		free_sftp_dirents(*dir);
566 		*dir = xmalloc(sizeof(**dir));
567 		**dir = NULL;
568 	}
569 
570 	return 0;
571 }
572 
573 int
do_readdir(struct sftp_conn * conn,char * path,SFTP_DIRENT *** dir)574 do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir)
575 {
576 	return(do_lsreaddir(conn, path, 0, dir));
577 }
578 
free_sftp_dirents(SFTP_DIRENT ** s)579 void free_sftp_dirents(SFTP_DIRENT **s)
580 {
581 	int i;
582 
583 	for (i = 0; s[i]; i++) {
584 		xfree(s[i]->filename);
585 		xfree(s[i]->longname);
586 		xfree(s[i]);
587 	}
588 	xfree(s);
589 }
590 
591 int
do_rm(struct sftp_conn * conn,char * path)592 do_rm(struct sftp_conn *conn, char *path)
593 {
594 	u_int status, id;
595 
596 	debug2("Sending SSH2_FXP_REMOVE \"%s\"", path);
597 
598 	id = conn->msg_id++;
599 	send_string_request(conn, id, SSH2_FXP_REMOVE, path, strlen(path));
600 	status = get_status(conn, id);
601 	if (status != SSH2_FX_OK)
602 		error("Couldn't delete file: %s", fx2txt(status));
603 	return(status);
604 }
605 
606 int
do_mkdir(struct sftp_conn * conn,char * path,Attrib * a,int printflag)607 do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag)
608 {
609 	u_int status, id;
610 
611 	id = conn->msg_id++;
612 	send_string_attrs_request(conn, id, SSH2_FXP_MKDIR, path,
613 	    strlen(path), a);
614 
615 	status = get_status(conn, id);
616 	if (status != SSH2_FX_OK && printflag)
617 		error("Couldn't create directory: %s", fx2txt(status));
618 
619 	return(status);
620 }
621 
622 int
do_rmdir(struct sftp_conn * conn,char * path)623 do_rmdir(struct sftp_conn *conn, char *path)
624 {
625 	u_int status, id;
626 
627 	id = conn->msg_id++;
628 	send_string_request(conn, id, SSH2_FXP_RMDIR, path,
629 	    strlen(path));
630 
631 	status = get_status(conn, id);
632 	if (status != SSH2_FX_OK)
633 		error("Couldn't remove directory: %s", fx2txt(status));
634 
635 	return(status);
636 }
637 
638 Attrib *
do_stat(struct sftp_conn * conn,char * path,int quiet)639 do_stat(struct sftp_conn *conn, char *path, int quiet)
640 {
641 	u_int id;
642 
643 	id = conn->msg_id++;
644 
645 	send_string_request(conn, id,
646 	    conn->version == 0 ? SSH2_FXP_STAT_VERSION_0 : SSH2_FXP_STAT,
647 	    path, strlen(path));
648 
649 	return(get_decode_stat(conn, id, quiet));
650 }
651 
652 Attrib *
do_lstat(struct sftp_conn * conn,char * path,int quiet)653 do_lstat(struct sftp_conn *conn, char *path, int quiet)
654 {
655 	u_int id;
656 
657 	if (conn->version == 0) {
658 		if (quiet)
659 			debug("Server version does not support lstat operation");
660 		else
661 			logit("Server version does not support lstat operation");
662 		return(do_stat(conn, path, quiet));
663 	}
664 
665 	id = conn->msg_id++;
666 	send_string_request(conn, id, SSH2_FXP_LSTAT, path,
667 	    strlen(path));
668 
669 	return(get_decode_stat(conn, id, quiet));
670 }
671 
672 #ifdef notyet
673 Attrib *
do_fstat(struct sftp_conn * conn,char * handle,u_int handle_len,int quiet)674 do_fstat(struct sftp_conn *conn, char *handle, u_int handle_len, int quiet)
675 {
676 	u_int id;
677 
678 	id = conn->msg_id++;
679 	send_string_request(conn, id, SSH2_FXP_FSTAT, handle,
680 	    handle_len);
681 
682 	return(get_decode_stat(conn, id, quiet));
683 }
684 #endif
685 
686 int
do_setstat(struct sftp_conn * conn,char * path,Attrib * a)687 do_setstat(struct sftp_conn *conn, char *path, Attrib *a)
688 {
689 	u_int status, id;
690 
691 	id = conn->msg_id++;
692 	send_string_attrs_request(conn, id, SSH2_FXP_SETSTAT, path,
693 	    strlen(path), a);
694 
695 	status = get_status(conn, id);
696 	if (status != SSH2_FX_OK)
697 		error("Couldn't setstat on \"%s\": %s", path,
698 		    fx2txt(status));
699 
700 	return(status);
701 }
702 
703 int
do_fsetstat(struct sftp_conn * conn,char * handle,u_int handle_len,Attrib * a)704 do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len,
705     Attrib *a)
706 {
707 	u_int status, id;
708 
709 	id = conn->msg_id++;
710 	send_string_attrs_request(conn, id, SSH2_FXP_FSETSTAT, handle,
711 	    handle_len, a);
712 
713 	status = get_status(conn, id);
714 	if (status != SSH2_FX_OK)
715 		error("Couldn't fsetstat: %s", fx2txt(status));
716 
717 	return(status);
718 }
719 
720 char *
do_realpath(struct sftp_conn * conn,char * path)721 do_realpath(struct sftp_conn *conn, char *path)
722 {
723 	Buffer msg;
724 	u_int type, expected_id, count, id;
725 	char *filename, *longname;
726 	Attrib *a;
727 
728 	expected_id = id = conn->msg_id++;
729 	send_string_request(conn, id, SSH2_FXP_REALPATH, path,
730 	    strlen(path));
731 
732 	buffer_init(&msg);
733 
734 	get_msg(conn, &msg);
735 	type = buffer_get_char(&msg);
736 	id = buffer_get_int(&msg);
737 
738 	if (id != expected_id)
739 		fatal("ID mismatch (%u != %u)", id, expected_id);
740 
741 	if (type == SSH2_FXP_STATUS) {
742 		u_int status = buffer_get_int(&msg);
743 
744 		error("Couldn't canonicalise: %s", fx2txt(status));
745 		buffer_free(&msg);
746 		return NULL;
747 	} else if (type != SSH2_FXP_NAME)
748 		fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
749 		    SSH2_FXP_NAME, type);
750 
751 	count = buffer_get_int(&msg);
752 	if (count != 1)
753 		fatal("Got multiple names (%d) from SSH_FXP_REALPATH", count);
754 
755 	filename = buffer_get_string(&msg, NULL);
756 	longname = buffer_get_string(&msg, NULL);
757 	a = decode_attrib(&msg);
758 
759 	debug3("SSH_FXP_REALPATH %s -> %s", path, filename);
760 
761 	xfree(longname);
762 
763 	buffer_free(&msg);
764 
765 	return(filename);
766 }
767 
768 int
do_rename(struct sftp_conn * conn,char * oldpath,char * newpath)769 do_rename(struct sftp_conn *conn, char *oldpath, char *newpath)
770 {
771 	Buffer msg;
772 	u_int status, id;
773 
774 	buffer_init(&msg);
775 
776 	/* Send rename request */
777 	id = conn->msg_id++;
778 	if ((conn->exts & SFTP_EXT_POSIX_RENAME)) {
779 		buffer_put_char(&msg, SSH2_FXP_EXTENDED);
780 		buffer_put_int(&msg, id);
781 		buffer_put_cstring(&msg, "posix-rename@openssh.com");
782 	} else {
783 		buffer_put_char(&msg, SSH2_FXP_RENAME);
784 		buffer_put_int(&msg, id);
785 	}
786 	buffer_put_cstring(&msg, oldpath);
787 	buffer_put_cstring(&msg, newpath);
788 	send_msg(conn, &msg);
789 	debug3("Sent message %s \"%s\" -> \"%s\"",
790 	    (conn->exts & SFTP_EXT_POSIX_RENAME) ? "posix-rename@openssh.com" :
791 	    "SSH2_FXP_RENAME", oldpath, newpath);
792 	buffer_free(&msg);
793 
794 	status = get_status(conn, id);
795 	if (status != SSH2_FX_OK)
796 		error("Couldn't rename file \"%s\" to \"%s\": %s", oldpath,
797 		    newpath, fx2txt(status));
798 
799 	return(status);
800 }
801 
802 int
do_hardlink(struct sftp_conn * conn,char * oldpath,char * newpath)803 do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath)
804 {
805 	Buffer msg;
806 	u_int status, id;
807 
808 	buffer_init(&msg);
809 
810 	/* Send link request */
811 	id = conn->msg_id++;
812 	if ((conn->exts & SFTP_EXT_HARDLINK) == 0) {
813 		error("Server does not support hardlink@openssh.com extension");
814 		return -1;
815 	}
816 
817 	buffer_put_char(&msg, SSH2_FXP_EXTENDED);
818 	buffer_put_int(&msg, id);
819 	buffer_put_cstring(&msg, "hardlink@openssh.com");
820 	buffer_put_cstring(&msg, oldpath);
821 	buffer_put_cstring(&msg, newpath);
822 	send_msg(conn, &msg);
823 	debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"",
824 	       oldpath, newpath);
825 	buffer_free(&msg);
826 
827 	status = get_status(conn, id);
828 	if (status != SSH2_FX_OK)
829 		error("Couldn't link file \"%s\" to \"%s\": %s", oldpath,
830 		    newpath, fx2txt(status));
831 
832 	return(status);
833 }
834 
835 int
do_symlink(struct sftp_conn * conn,char * oldpath,char * newpath)836 do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath)
837 {
838 	Buffer msg;
839 	u_int status, id;
840 
841 	if (conn->version < 3) {
842 		error("This server does not support the symlink operation");
843 		return(SSH2_FX_OP_UNSUPPORTED);
844 	}
845 
846 	buffer_init(&msg);
847 
848 	/* Send symlink request */
849 	id = conn->msg_id++;
850 	buffer_put_char(&msg, SSH2_FXP_SYMLINK);
851 	buffer_put_int(&msg, id);
852 	buffer_put_cstring(&msg, oldpath);
853 	buffer_put_cstring(&msg, newpath);
854 	send_msg(conn, &msg);
855 	debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath,
856 	    newpath);
857 	buffer_free(&msg);
858 
859 	status = get_status(conn, id);
860 	if (status != SSH2_FX_OK)
861 		error("Couldn't symlink file \"%s\" to \"%s\": %s", oldpath,
862 		    newpath, fx2txt(status));
863 
864 	return(status);
865 }
866 
867 #ifdef notyet
868 char *
do_readlink(struct sftp_conn * conn,char * path)869 do_readlink(struct sftp_conn *conn, char *path)
870 {
871 	Buffer msg;
872 	u_int type, expected_id, count, id;
873 	char *filename, *longname;
874 	Attrib *a;
875 
876 	expected_id = id = conn->msg_id++;
877 	send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path));
878 
879 	buffer_init(&msg);
880 
881 	get_msg(conn, &msg);
882 	type = buffer_get_char(&msg);
883 	id = buffer_get_int(&msg);
884 
885 	if (id != expected_id)
886 		fatal("ID mismatch (%u != %u)", id, expected_id);
887 
888 	if (type == SSH2_FXP_STATUS) {
889 		u_int status = buffer_get_int(&msg);
890 
891 		error("Couldn't readlink: %s", fx2txt(status));
892 		return(NULL);
893 	} else if (type != SSH2_FXP_NAME)
894 		fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
895 		    SSH2_FXP_NAME, type);
896 
897 	count = buffer_get_int(&msg);
898 	if (count != 1)
899 		fatal("Got multiple names (%d) from SSH_FXP_READLINK", count);
900 
901 	filename = buffer_get_string(&msg, NULL);
902 	longname = buffer_get_string(&msg, NULL);
903 	a = decode_attrib(&msg);
904 
905 	debug3("SSH_FXP_READLINK %s -> %s", path, filename);
906 
907 	xfree(longname);
908 
909 	buffer_free(&msg);
910 
911 	return(filename);
912 }
913 #endif
914 
915 int
do_statvfs(struct sftp_conn * conn,const char * path,struct sftp_statvfs * st,int quiet)916 do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st,
917     int quiet)
918 {
919 	Buffer msg;
920 	u_int id;
921 
922 	if ((conn->exts & SFTP_EXT_STATVFS) == 0) {
923 		error("Server does not support statvfs@openssh.com extension");
924 		return -1;
925 	}
926 
927 	id = conn->msg_id++;
928 
929 	buffer_init(&msg);
930 	buffer_clear(&msg);
931 	buffer_put_char(&msg, SSH2_FXP_EXTENDED);
932 	buffer_put_int(&msg, id);
933 	buffer_put_cstring(&msg, "statvfs@openssh.com");
934 	buffer_put_cstring(&msg, path);
935 	send_msg(conn, &msg);
936 	buffer_free(&msg);
937 
938 	return get_decode_statvfs(conn, st, id, quiet);
939 }
940 
941 #ifdef notyet
942 int
do_fstatvfs(struct sftp_conn * conn,const char * handle,u_int handle_len,struct sftp_statvfs * st,int quiet)943 do_fstatvfs(struct sftp_conn *conn, const char *handle, u_int handle_len,
944     struct sftp_statvfs *st, int quiet)
945 {
946 	Buffer msg;
947 	u_int id;
948 
949 	if ((conn->exts & SFTP_EXT_FSTATVFS) == 0) {
950 		error("Server does not support fstatvfs@openssh.com extension");
951 		return -1;
952 	}
953 
954 	id = conn->msg_id++;
955 
956 	buffer_init(&msg);
957 	buffer_clear(&msg);
958 	buffer_put_char(&msg, SSH2_FXP_EXTENDED);
959 	buffer_put_int(&msg, id);
960 	buffer_put_cstring(&msg, "fstatvfs@openssh.com");
961 	buffer_put_string(&msg, handle, handle_len);
962 	send_msg(conn, &msg);
963 	buffer_free(&msg);
964 
965 	return get_decode_statvfs(conn, st, id, quiet);
966 }
967 #endif
968 
969 static void
send_read_request(struct sftp_conn * conn,u_int id,u_int64_t offset,u_int len,char * handle,u_int handle_len)970 send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
971     u_int len, char *handle, u_int handle_len)
972 {
973 	Buffer msg;
974 
975 	buffer_init(&msg);
976 	buffer_clear(&msg);
977 	buffer_put_char(&msg, SSH2_FXP_READ);
978 	buffer_put_int(&msg, id);
979 	buffer_put_string(&msg, handle, handle_len);
980 	buffer_put_int64(&msg, offset);
981 	buffer_put_int(&msg, len);
982 	send_msg(conn, &msg);
983 	buffer_free(&msg);
984 }
985 
986 int
do_download(struct sftp_conn * conn,char * remote_path,char * local_path,Attrib * a,int pflag)987 do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
988     Attrib *a, int pflag)
989 {
990 	Attrib junk;
991 	Buffer msg;
992 	char *handle;
993 	int local_fd, status = 0, write_error;
994 	int read_error, write_errno;
995 	u_int64_t offset, size;
996 	u_int handle_len, mode, type, id, buflen, num_req, max_req;
997 	off_t progress_counter;
998 	struct request {
999 		u_int id;
1000 		u_int len;
1001 		u_int64_t offset;
1002 		TAILQ_ENTRY(request) tq;
1003 	};
1004 	TAILQ_HEAD(reqhead, request) requests;
1005 	struct request *req;
1006 
1007 	TAILQ_INIT(&requests);
1008 
1009 	if (a == NULL && (a = do_stat(conn, remote_path, 0)) == NULL)
1010 		return -1;
1011 
1012 	/* Do not preserve set[ug]id here, as we do not preserve ownership */
1013 	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
1014 		mode = a->perm & 0777;
1015 	else
1016 		mode = 0666;
1017 
1018 	if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
1019 	    (!S_ISREG(a->perm))) {
1020 		error("Cannot download non-regular file: %s", remote_path);
1021 		return(-1);
1022 	}
1023 
1024 	if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
1025 		size = a->size;
1026 	else
1027 		size = 0;
1028 
1029 	buflen = conn->transfer_buflen;
1030 	buffer_init(&msg);
1031 
1032 	/* Send open request */
1033 	id = conn->msg_id++;
1034 	buffer_put_char(&msg, SSH2_FXP_OPEN);
1035 	buffer_put_int(&msg, id);
1036 	buffer_put_cstring(&msg, remote_path);
1037 	buffer_put_int(&msg, SSH2_FXF_READ);
1038 	attrib_clear(&junk); /* Send empty attributes */
1039 	encode_attrib(&msg, &junk);
1040 	send_msg(conn, &msg);
1041 	debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
1042 
1043 	handle = get_handle(conn, id, &handle_len,
1044 	    "remote open(\"%s\")", remote_path);
1045 	if (handle == NULL) {
1046 		buffer_free(&msg);
1047 		return(-1);
1048 	}
1049 
1050 	local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
1051 	    mode | S_IWUSR);
1052 	if (local_fd == -1) {
1053 		error("Couldn't open local file \"%s\" for writing: %s",
1054 		    local_path, strerror(errno));
1055 		do_close(conn, handle, handle_len);
1056 		buffer_free(&msg);
1057 		xfree(handle);
1058 		return(-1);
1059 	}
1060 
1061 	/* Read from remote and write to local */
1062 	write_error = read_error = write_errno = num_req = offset = 0;
1063 	max_req = 1;
1064 	progress_counter = 0;
1065 
1066 	if (showprogress && size != 0)
1067 		start_progress_meter(remote_path, size, &progress_counter);
1068 
1069 	while (num_req > 0 || max_req > 0) {
1070 		char *data;
1071 		u_int len;
1072 
1073 		/*
1074 		 * Simulate EOF on interrupt: stop sending new requests and
1075 		 * allow outstanding requests to drain gracefully
1076 		 */
1077 		if (interrupted) {
1078 			if (num_req == 0) /* If we haven't started yet... */
1079 				break;
1080 			max_req = 0;
1081 		}
1082 
1083 		/* Send some more requests */
1084 		while (num_req < max_req) {
1085 			debug3("Request range %llu -> %llu (%d/%d)",
1086 			    (unsigned long long)offset,
1087 			    (unsigned long long)offset + buflen - 1,
1088 			    num_req, max_req);
1089 			req = xmalloc(sizeof(*req));
1090 			req->id = conn->msg_id++;
1091 			req->len = buflen;
1092 			req->offset = offset;
1093 			offset += buflen;
1094 			num_req++;
1095 			TAILQ_INSERT_TAIL(&requests, req, tq);
1096 			send_read_request(conn, req->id, req->offset,
1097 			    req->len, handle, handle_len);
1098 		}
1099 
1100 		buffer_clear(&msg);
1101 		get_msg(conn, &msg);
1102 		type = buffer_get_char(&msg);
1103 		id = buffer_get_int(&msg);
1104 		debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
1105 
1106 		/* Find the request in our queue */
1107 		for (req = TAILQ_FIRST(&requests);
1108 		    req != NULL && req->id != id;
1109 		    req = TAILQ_NEXT(req, tq))
1110 			;
1111 		if (req == NULL)
1112 			fatal("Unexpected reply %u", id);
1113 
1114 		switch (type) {
1115 		case SSH2_FXP_STATUS:
1116 			status = buffer_get_int(&msg);
1117 			if (status != SSH2_FX_EOF)
1118 				read_error = 1;
1119 			max_req = 0;
1120 			TAILQ_REMOVE(&requests, req, tq);
1121 			xfree(req);
1122 			num_req--;
1123 			break;
1124 		case SSH2_FXP_DATA:
1125 			data = buffer_get_string(&msg, &len);
1126 			debug3("Received data %llu -> %llu",
1127 			    (unsigned long long)req->offset,
1128 			    (unsigned long long)req->offset + len - 1);
1129 			if (len > req->len)
1130 				fatal("Received more data than asked for "
1131 				    "%u > %u", len, req->len);
1132 			if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
1133 			    atomicio(vwrite, local_fd, data, len) != len) &&
1134 			    !write_error) {
1135 				write_errno = errno;
1136 				write_error = 1;
1137 				max_req = 0;
1138 			}
1139 			progress_counter += len;
1140 			xfree(data);
1141 
1142 			if (len == req->len) {
1143 				TAILQ_REMOVE(&requests, req, tq);
1144 				xfree(req);
1145 				num_req--;
1146 			} else {
1147 				/* Resend the request for the missing data */
1148 				debug3("Short data block, re-requesting "
1149 				    "%llu -> %llu (%2d)",
1150 				    (unsigned long long)req->offset + len,
1151 				    (unsigned long long)req->offset +
1152 				    req->len - 1, num_req);
1153 				req->id = conn->msg_id++;
1154 				req->len -= len;
1155 				req->offset += len;
1156 				send_read_request(conn, req->id,
1157 				    req->offset, req->len, handle, handle_len);
1158 				/* Reduce the request size */
1159 				if (len < buflen)
1160 					buflen = MAX(MIN_READ_SIZE, len);
1161 			}
1162 			if (max_req > 0) { /* max_req = 0 iff EOF received */
1163 				if (size > 0 && offset > size) {
1164 					/* Only one request at a time
1165 					 * after the expected EOF */
1166 					debug3("Finish at %llu (%2d)",
1167 					    (unsigned long long)offset,
1168 					    num_req);
1169 					max_req = 1;
1170 				} else if (max_req <= conn->num_requests) {
1171 					++max_req;
1172 				}
1173 			}
1174 			break;
1175 		default:
1176 			fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
1177 			    SSH2_FXP_DATA, type);
1178 		}
1179 	}
1180 
1181 	if (showprogress && size)
1182 		stop_progress_meter();
1183 
1184 	/* Sanity check */
1185 	if (TAILQ_FIRST(&requests) != NULL)
1186 		fatal("Transfer complete, but requests still in queue");
1187 
1188 	if (read_error) {
1189 		error("Couldn't read from remote file \"%s\" : %s",
1190 		    remote_path, fx2txt(status));
1191 		do_close(conn, handle, handle_len);
1192 	} else if (write_error) {
1193 		error("Couldn't write to \"%s\": %s", local_path,
1194 		    strerror(write_errno));
1195 		status = -1;
1196 		do_close(conn, handle, handle_len);
1197 	} else {
1198 		status = do_close(conn, handle, handle_len);
1199 
1200 		/* Override umask and utimes if asked */
1201 #ifdef HAVE_FCHMOD
1202 		if (pflag && fchmod(local_fd, mode) == -1)
1203 #else
1204 		if (pflag && chmod(local_path, mode) == -1)
1205 #endif /* HAVE_FCHMOD */
1206 			error("Couldn't set mode on \"%s\": %s", local_path,
1207 			    strerror(errno));
1208 		if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
1209 			struct timeval tv[2];
1210 			tv[0].tv_sec = a->atime;
1211 			tv[1].tv_sec = a->mtime;
1212 			tv[0].tv_usec = tv[1].tv_usec = 0;
1213 			if (utimes(local_path, tv) == -1)
1214 				error("Can't set times on \"%s\": %s",
1215 				    local_path, strerror(errno));
1216 		}
1217 	}
1218 	close(local_fd);
1219 	buffer_free(&msg);
1220 	xfree(handle);
1221 
1222 	return(status);
1223 }
1224 
1225 static int
download_dir_internal(struct sftp_conn * conn,char * src,char * dst,Attrib * dirattrib,int pflag,int printflag,int depth)1226 download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
1227     Attrib *dirattrib, int pflag, int printflag, int depth)
1228 {
1229 	int i, ret = 0;
1230 	SFTP_DIRENT **dir_entries;
1231 	char *filename, *new_src, *new_dst;
1232 	mode_t mode = 0777;
1233 
1234 	if (depth >= MAX_DIR_DEPTH) {
1235 		error("Maximum directory depth exceeded: %d levels", depth);
1236 		return -1;
1237 	}
1238 
1239 	if (dirattrib == NULL &&
1240 	    (dirattrib = do_stat(conn, src, 1)) == NULL) {
1241 		error("Unable to stat remote directory \"%s\"", src);
1242 		return -1;
1243 	}
1244 	if (!S_ISDIR(dirattrib->perm)) {
1245 		error("\"%s\" is not a directory", src);
1246 		return -1;
1247 	}
1248 	if (printflag)
1249 		printf("Retrieving %s\n", src);
1250 
1251 	if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
1252 		mode = dirattrib->perm & 01777;
1253 	else {
1254 		debug("Server did not send permissions for "
1255 		    "directory \"%s\"", dst);
1256 	}
1257 
1258 	if (mkdir(dst, mode) == -1 && errno != EEXIST) {
1259 		error("mkdir %s: %s", dst, strerror(errno));
1260 		return -1;
1261 	}
1262 
1263 	if (do_readdir(conn, src, &dir_entries) == -1) {
1264 		error("%s: Failed to get directory contents", src);
1265 		return -1;
1266 	}
1267 
1268 	for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {
1269 		filename = dir_entries[i]->filename;
1270 
1271 		new_dst = path_append(dst, filename);
1272 		new_src = path_append(src, filename);
1273 
1274 		if (S_ISDIR(dir_entries[i]->a.perm)) {
1275 			if (strcmp(filename, ".") == 0 ||
1276 			    strcmp(filename, "..") == 0)
1277 				continue;
1278 			if (download_dir_internal(conn, new_src, new_dst,
1279 			    &(dir_entries[i]->a), pflag, printflag,
1280 			    depth + 1) == -1)
1281 				ret = -1;
1282 		} else if (S_ISREG(dir_entries[i]->a.perm) ) {
1283 			if (do_download(conn, new_src, new_dst,
1284 			    &(dir_entries[i]->a), pflag) == -1) {
1285 				error("Download of file %s to %s failed",
1286 				    new_src, new_dst);
1287 				ret = -1;
1288 			}
1289 		} else
1290 			logit("%s: not a regular file\n", new_src);
1291 
1292 		xfree(new_dst);
1293 		xfree(new_src);
1294 	}
1295 
1296 	if (pflag) {
1297 		if (dirattrib->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
1298 			struct timeval tv[2];
1299 			tv[0].tv_sec = dirattrib->atime;
1300 			tv[1].tv_sec = dirattrib->mtime;
1301 			tv[0].tv_usec = tv[1].tv_usec = 0;
1302 			if (utimes(dst, tv) == -1)
1303 				error("Can't set times on \"%s\": %s",
1304 				    dst, strerror(errno));
1305 		} else
1306 			debug("Server did not send times for directory "
1307 			    "\"%s\"", dst);
1308 	}
1309 
1310 	free_sftp_dirents(dir_entries);
1311 
1312 	return ret;
1313 }
1314 
1315 int
download_dir(struct sftp_conn * conn,char * src,char * dst,Attrib * dirattrib,int pflag,int printflag)1316 download_dir(struct sftp_conn *conn, char *src, char *dst,
1317     Attrib *dirattrib, int pflag, int printflag)
1318 {
1319 	char *src_canon;
1320 	int ret;
1321 
1322 	if ((src_canon = do_realpath(conn, src)) == NULL) {
1323 		error("Unable to canonicalise path \"%s\"", src);
1324 		return -1;
1325 	}
1326 
1327 	ret = download_dir_internal(conn, src_canon, dst,
1328 	    dirattrib, pflag, printflag, 0);
1329 	xfree(src_canon);
1330 	return ret;
1331 }
1332 
1333 int
do_upload(struct sftp_conn * conn,char * local_path,char * remote_path,int pflag)1334 do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1335     int pflag)
1336 {
1337 	int local_fd;
1338 	int status = SSH2_FX_OK;
1339 	u_int handle_len, id, type;
1340 	off_t offset;
1341 	char *handle, *data;
1342 	Buffer msg;
1343 	struct stat sb;
1344 	Attrib a;
1345 	u_int32_t startid;
1346 	u_int32_t ackid;
1347 	struct outstanding_ack {
1348 		u_int id;
1349 		u_int len;
1350 		off_t offset;
1351 		TAILQ_ENTRY(outstanding_ack) tq;
1352 	};
1353 	TAILQ_HEAD(ackhead, outstanding_ack) acks;
1354 	struct outstanding_ack *ack = NULL;
1355 
1356 	TAILQ_INIT(&acks);
1357 
1358 	if ((local_fd = open(local_path, O_RDONLY, 0)) == -1) {
1359 		error("Couldn't open local file \"%s\" for reading: %s",
1360 		    local_path, strerror(errno));
1361 		return(-1);
1362 	}
1363 	if (fstat(local_fd, &sb) == -1) {
1364 		error("Couldn't fstat local file \"%s\": %s",
1365 		    local_path, strerror(errno));
1366 		close(local_fd);
1367 		return(-1);
1368 	}
1369 	if (!S_ISREG(sb.st_mode)) {
1370 		error("%s is not a regular file", local_path);
1371 		close(local_fd);
1372 		return(-1);
1373 	}
1374 	stat_to_attrib(&sb, &a);
1375 
1376 	a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
1377 	a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
1378 	a.perm &= 0777;
1379 	if (!pflag)
1380 		a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
1381 
1382 	buffer_init(&msg);
1383 
1384 	/* Send open request */
1385 	id = conn->msg_id++;
1386 	buffer_put_char(&msg, SSH2_FXP_OPEN);
1387 	buffer_put_int(&msg, id);
1388 	buffer_put_cstring(&msg, remote_path);
1389 	buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC);
1390 	encode_attrib(&msg, &a);
1391 	send_msg(conn, &msg);
1392 	debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
1393 
1394 	buffer_clear(&msg);
1395 
1396 	handle = get_handle(conn, id, &handle_len,
1397 	    "remote open(\"%s\")", remote_path);
1398 	if (handle == NULL) {
1399 		close(local_fd);
1400 		buffer_free(&msg);
1401 		return -1;
1402 	}
1403 
1404 	startid = ackid = id + 1;
1405 	data = xmalloc(conn->transfer_buflen);
1406 
1407 	/* Read from local and write to remote */
1408 	offset = 0;
1409 	if (showprogress)
1410 		start_progress_meter(local_path, sb.st_size, &offset);
1411 
1412 	for (;;) {
1413 		int len;
1414 
1415 		/*
1416 		 * Can't use atomicio here because it returns 0 on EOF,
1417 		 * thus losing the last block of the file.
1418 		 * Simulate an EOF on interrupt, allowing ACKs from the
1419 		 * server to drain.
1420 		 */
1421 		if (interrupted || status != SSH2_FX_OK)
1422 			len = 0;
1423 		else do
1424 			len = read(local_fd, data, conn->transfer_buflen);
1425 		while ((len == -1) &&
1426 		    (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
1427 
1428 		if (len == -1)
1429 			fatal("Couldn't read from \"%s\": %s", local_path,
1430 			    strerror(errno));
1431 
1432 		if (len != 0) {
1433 			ack = xmalloc(sizeof(*ack));
1434 			ack->id = ++id;
1435 			ack->offset = offset;
1436 			ack->len = len;
1437 			TAILQ_INSERT_TAIL(&acks, ack, tq);
1438 
1439 			buffer_clear(&msg);
1440 			buffer_put_char(&msg, SSH2_FXP_WRITE);
1441 			buffer_put_int(&msg, ack->id);
1442 			buffer_put_string(&msg, handle, handle_len);
1443 			buffer_put_int64(&msg, offset);
1444 			buffer_put_string(&msg, data, len);
1445 			send_msg(conn, &msg);
1446 			debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
1447 			    id, (unsigned long long)offset, len);
1448 		} else if (TAILQ_FIRST(&acks) == NULL)
1449 			break;
1450 
1451 		if (ack == NULL)
1452 			fatal("Unexpected ACK %u", id);
1453 
1454 		if (id == startid || len == 0 ||
1455 		    id - ackid >= conn->num_requests) {
1456 			u_int r_id;
1457 
1458 			buffer_clear(&msg);
1459 			get_msg(conn, &msg);
1460 			type = buffer_get_char(&msg);
1461 			r_id = buffer_get_int(&msg);
1462 
1463 			if (type != SSH2_FXP_STATUS)
1464 				fatal("Expected SSH2_FXP_STATUS(%d) packet, "
1465 				    "got %d", SSH2_FXP_STATUS, type);
1466 
1467 			status = buffer_get_int(&msg);
1468 			debug3("SSH2_FXP_STATUS %d", status);
1469 
1470 			/* Find the request in our queue */
1471 			for (ack = TAILQ_FIRST(&acks);
1472 			    ack != NULL && ack->id != r_id;
1473 			    ack = TAILQ_NEXT(ack, tq))
1474 				;
1475 			if (ack == NULL)
1476 				fatal("Can't find request for ID %u", r_id);
1477 			TAILQ_REMOVE(&acks, ack, tq);
1478 			debug3("In write loop, ack for %u %u bytes at %lld",
1479 			    ack->id, ack->len, (long long)ack->offset);
1480 			++ackid;
1481 			xfree(ack);
1482 		}
1483 		offset += len;
1484 		if (offset < 0)
1485 			fatal("%s: offset < 0", __func__);
1486 	}
1487 	buffer_free(&msg);
1488 
1489 	if (showprogress)
1490 		stop_progress_meter();
1491 	xfree(data);
1492 
1493 	if (status != SSH2_FX_OK) {
1494 		error("Couldn't write to remote file \"%s\": %s",
1495 		    remote_path, fx2txt(status));
1496 		status = -1;
1497 	}
1498 
1499 	if (close(local_fd) == -1) {
1500 		error("Couldn't close local file \"%s\": %s", local_path,
1501 		    strerror(errno));
1502 		status = -1;
1503 	}
1504 
1505 	/* Override umask and utimes if asked */
1506 	if (pflag)
1507 		do_fsetstat(conn, handle, handle_len, &a);
1508 
1509 	if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
1510 		status = -1;
1511 	xfree(handle);
1512 
1513 	return status;
1514 }
1515 
1516 static int
upload_dir_internal(struct sftp_conn * conn,char * src,char * dst,int pflag,int printflag,int depth)1517 upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
1518     int pflag, int printflag, int depth)
1519 {
1520 	int ret = 0, status;
1521 	DIR *dirp;
1522 	struct dirent *dp;
1523 	char *filename, *new_src, *new_dst;
1524 	struct stat sb;
1525 	Attrib a;
1526 
1527 	if (depth >= MAX_DIR_DEPTH) {
1528 		error("Maximum directory depth exceeded: %d levels", depth);
1529 		return -1;
1530 	}
1531 
1532 	if (stat(src, &sb) == -1) {
1533 		error("Couldn't stat directory \"%s\": %s",
1534 		    src, strerror(errno));
1535 		return -1;
1536 	}
1537 	if (!S_ISDIR(sb.st_mode)) {
1538 		error("\"%s\" is not a directory", src);
1539 		return -1;
1540 	}
1541 	if (printflag)
1542 		printf("Entering %s\n", src);
1543 
1544 	attrib_clear(&a);
1545 	stat_to_attrib(&sb, &a);
1546 	a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
1547 	a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
1548 	a.perm &= 01777;
1549 	if (!pflag)
1550 		a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
1551 
1552 	status = do_mkdir(conn, dst, &a, 0);
1553 	/*
1554 	 * we lack a portable status for errno EEXIST,
1555 	 * so if we get a SSH2_FX_FAILURE back we must check
1556 	 * if it was created successfully.
1557 	 */
1558 	if (status != SSH2_FX_OK) {
1559 		if (status != SSH2_FX_FAILURE)
1560 			return -1;
1561 		if (do_stat(conn, dst, 0) == NULL)
1562 			return -1;
1563 	}
1564 
1565 	if ((dirp = opendir(src)) == NULL) {
1566 		error("Failed to open dir \"%s\": %s", src, strerror(errno));
1567 		return -1;
1568 	}
1569 
1570 	while (((dp = readdir(dirp)) != NULL) && !interrupted) {
1571 		if (dp->d_ino == 0)
1572 			continue;
1573 		filename = dp->d_name;
1574 		new_dst = path_append(dst, filename);
1575 		new_src = path_append(src, filename);
1576 
1577 		if (lstat(new_src, &sb) == -1) {
1578 			logit("%s: lstat failed: %s", filename,
1579 			    strerror(errno));
1580 			ret = -1;
1581 		} else if (S_ISDIR(sb.st_mode)) {
1582 			if (strcmp(filename, ".") == 0 ||
1583 			    strcmp(filename, "..") == 0)
1584 				continue;
1585 
1586 			if (upload_dir_internal(conn, new_src, new_dst,
1587 			    pflag, printflag, depth + 1) == -1)
1588 				ret = -1;
1589 		} else if (S_ISREG(sb.st_mode)) {
1590 			if (do_upload(conn, new_src, new_dst, pflag) == -1) {
1591 				error("Uploading of file %s to %s failed!",
1592 				    new_src, new_dst);
1593 				ret = -1;
1594 			}
1595 		} else
1596 			logit("%s: not a regular file\n", filename);
1597 		xfree(new_dst);
1598 		xfree(new_src);
1599 	}
1600 
1601 	do_setstat(conn, dst, &a);
1602 
1603 	(void) closedir(dirp);
1604 	return ret;
1605 }
1606 
1607 int
upload_dir(struct sftp_conn * conn,char * src,char * dst,int printflag,int pflag)1608 upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag,
1609     int pflag)
1610 {
1611 	char *dst_canon;
1612 	int ret;
1613 
1614 	if ((dst_canon = do_realpath(conn, dst)) == NULL) {
1615 		error("Unable to canonicalise path \"%s\"", dst);
1616 		return -1;
1617 	}
1618 
1619 	ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0);
1620 	xfree(dst_canon);
1621 	return ret;
1622 }
1623 
1624 char *
path_append(char * p1,char * p2)1625 path_append(char *p1, char *p2)
1626 {
1627 	char *ret;
1628 	size_t len = strlen(p1) + strlen(p2) + 2;
1629 
1630 	ret = xmalloc(len);
1631 	strlcpy(ret, p1, len);
1632 	if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
1633 		strlcat(ret, "/", len);
1634 	strlcat(ret, p2, len);
1635 
1636 	return(ret);
1637 }
1638 
1639