search for: ssh2_fx_failure

I'm working on setting up a semi-trusted sftp service, and to get it working, I need chroot capability. I've taken the /./ wuftpd magic token code from contrib/chroot.diff and put it into the sftp server. The main problem is that privileges have been dropped by the time the subsystem is exec'ed, so my patch requires that sftp-server be setuid root. Not ideal, I know, but I drop all

...+ if (handle < 0) + goto out; off = get_int64(); len = get_int(); @@ -450,6 +455,7 @@ process_read(void) } } } +out: if (status != SSH2_FX_OK) send_status(id, status); } @@ -461,10 +467,12 @@ process_write(void) u_int64_t off; u_int len; int handle, fd, ret, status = SSH2_FX_FAILURE; - char *data; + char *data = NULL; id = get_int(); handle = get_handle(); + if (handle < 0) + goto out; off = get_int64(); data = get_string(&len); @@ -488,8 +496,10 @@ process_write(void) } } } +out: send_status(id, status); - xfree(data); + if (data) + xfree(data...

...[MAXPATHLEN]; > if (realpath(name, resolvedname) == NULL) { > send_status(id, errno_to_portable(errno)); > free(name); > return; > } > char* jailed_resolvedname = actual_to_jail(xstrdup(resolvedname)); > if (jailed_resolvedname == NULL) { > send_status(id,SSH2_FX_FAILURE); > free(name); > return; > } > > } 589d730 < 695a837 > name = jail_to_actual(name); 771a914 > name = jail_to_actual(name); 889a1033,1048 > path = jail_to_actual(path); > if (jail != NULL) { > char resolvedname[MAXPATHLEN]; > if (realpath(pat...

There are a couple of races in sftp-server as this patch shows: --- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2 +++ sftp-server.c 5 Feb 2003 19:19:42 -0000 @@ -832,19 +832,22 @@ process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); TRACE("rename id %u old %s new %s", id, oldpath, newpath); /* fail if 'newpath' exists */ - if (stat(newpath, &st) == -1) { - ret = rename(oldpath, newpath); - status = (ret ==...

...nly write, move but not delete the file. This will be used to store logs so, I need to make sure once the logs written to my server the user cannot remove it. I tried doing this by changing the code of process_remove from: static void process_remove(void) { char *name; u_int32_t id; int status = SSH2_FX_FAILURE; int ret; id = get_int(); name = get_string(NULL); debug3("request %u: remove", id); logit("remove name \"%s\"", name); if (readonly) status = SSH2_FX_PERMISSION_DENIED; else { ret = unlink(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; } send_st...

...ER_ATTR_UIDGID) { ret = chown(name, a->uid, a->gid); if (ret == -1) status = errno_to_portable(errno); } + #endif send_status(id, status); xfree(name); } *************** *** 591,600 **** status = SSH2_FX_FAILURE; } else { if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { #ifdef HAVE_FCHMOD ! ret = fchmod(fd, a->perm & 0777); #else ! ret = chmod(name, a->perm & 0777); #endif if (ret == -1)...

...UNAME, version); buffer_init(&msg); buffer_put_char(&msg, SSH2_FXP_VERSION); buffer_put_int(&msg, SSH2_FILEXFER_VERSION); @@ -382,7 +411,7 @@ { u_int32_t id, pflags; Attrib *a; - char *name; + char *name, sflags[7] = "------"; int handle, fd, flags, mode, status = SSH2_FX_FAILURE; id = get_int(); @@ -390,8 +419,10 @@ pflags = get_int(); /* portable flags */ a = get_attrib(); flags = flags_from_portable(pflags); + sflags_from_portable(&sflags[0], pflags); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; TRACE("open id %d...

...ar(&msg, SSH2_FXP_VERSION); buffer_put_int(&msg, SSH2_FILEXFER_VERSION); *************** *** 383,388 **** --- 439,447 ---- u_int32_t id, pflags; Attrib *a; char *name; + #ifdef SFTP_LOGGING + char sflags[7] = "------"; + #endif int handle, fd, flags, mode, status = SSH2_FX_FAILURE; id = get_int(); *************** *** 390,407 **** --- 449,478 ---- pflags = get_int(); /* portable flags */ a = get_attrib(); flags = flags_from_portable(pflags); + #ifdef SFTP_LOGGING + sflags_from_portable(&sflags[0], pflags); + #endif mode = (a->flags & SSH2_FILEXF...

https://bugzilla.mindrot.org/show_bug.cgi?id=2948 Bug ID: 2948 Summary: implement "copy-data" sftp extension Product: Portable OpenSSH Version: -current Hardware: All URL: https://tools.ietf.org/html/draft-ietf-secsh-filexfer- extensions-00#section-7 OS: All Status: NEW

Hello. These patches add a new mode of operation for the sftp server. It is located between the ordinary, unrestricted mode and read-only mode. It allows you to add files to the server, but only if these files do not exist on the server before. Changes to existing files - are prohibited. Please review them, maybe these patches will be useful not only to me. Thank you. -------------- next part

..."rename") || ! allowed_access(newpath, "rename")) { /* RestrictDirectory ? */ + send_status(id, errno_to_portable(EPERM)); + xfree(oldpath); + xfree(newpath); + return; + } + logit("rename old \"%s\" new \"%s\"", oldpath, newpath); status = SSH2_FX_FAILURE; if (lstat(oldpath, &sb) == -1) @@ -1038,17 +1208,22 @@ id = get_int(); path = get_string(NULL); debug3("request %u: readlink", id); - verbose("readlink \"%s\"", path); - if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1) - send_status(id, errno_to_po...