#
1.260 |
|
11-Oct-2023 |
djm |
in olde rcp/scp protocol mode, when rejecting a path from the server as not matching the glob that the client sent, log (at debug level) the received pathname as well as the list of possible expected paths expanded from the glob. bz2966
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.259 |
|
10-Sep-2023 |
djm |
rename remote_glob() -> sftp_glob() to match other API
|
#
1.258 |
|
08-Sep-2023 |
djm |
the sftp code was one of my first contributions to OpenSSH and it shows - the function names are terrible.
Rename do_blah() to sftp_blah() to make them less so.
Completely mechanical except for sftp_stat() and sftp_lstat() which change from returning a pointer to a static variable (error-prone) to taking a pointer to a caller-provided receiver.
|
#
1.257 |
|
14-Jul-2023 |
djm |
add defence-in-depth checks for some unreachable integer overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@
|
#
1.256 |
|
31-Mar-2023 |
dtucker |
Explicitly ignore return from waitpid here too.
|
#
1.255 |
|
31-Mar-2023 |
dtucker |
Explictly ignore return codes where we don't check them. From Dmitry Belyavskiy via github PR#238, ok djm@
|
#
1.254 |
|
27-Mar-2023 |
djm |
scp: when copying local->remote, check that source file exists before opening SFTP connection to the server. Based on GHPR#370 ok dtucker, markus
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.253 |
|
03-Mar-2023 |
dtucker |
Check return values of dup2. Spotted by Coverity, ok djm@
|
#
1.252 |
|
10-Jan-2023 |
millert |
Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.259 |
|
10-Sep-2023 |
djm |
rename remote_glob() -> sftp_glob() to match other API
|
#
1.258 |
|
08-Sep-2023 |
djm |
the sftp code was one of my first contributions to OpenSSH and it shows - the function names are terrible.
Rename do_blah() to sftp_blah() to make them less so.
Completely mechanical except for sftp_stat() and sftp_lstat() which change from returning a pointer to a static variable (error-prone) to taking a pointer to a caller-provided receiver.
|
#
1.257 |
|
14-Jul-2023 |
djm |
add defence-in-depth checks for some unreachable integer overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@
|
#
1.256 |
|
31-Mar-2023 |
dtucker |
Explicitly ignore return from waitpid here too.
|
#
1.255 |
|
31-Mar-2023 |
dtucker |
Explictly ignore return codes where we don't check them. From Dmitry Belyavskiy via github PR#238, ok djm@
|
#
1.254 |
|
27-Mar-2023 |
djm |
scp: when copying local->remote, check that source file exists before opening SFTP connection to the server. Based on GHPR#370 ok dtucker, markus
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.253 |
|
03-Mar-2023 |
dtucker |
Check return values of dup2. Spotted by Coverity, ok djm@
|
#
1.252 |
|
10-Jan-2023 |
millert |
Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.258 |
|
08-Sep-2023 |
djm |
the sftp code was one of my first contributions to OpenSSH and it shows - the function names are terrible.
Rename do_blah() to sftp_blah() to make them less so.
Completely mechanical except for sftp_stat() and sftp_lstat() which change from returning a pointer to a static variable (error-prone) to taking a pointer to a caller-provided receiver.
|
#
1.257 |
|
14-Jul-2023 |
djm |
add defence-in-depth checks for some unreachable integer overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@
|
#
1.256 |
|
31-Mar-2023 |
dtucker |
Explicitly ignore return from waitpid here too.
|
#
1.255 |
|
31-Mar-2023 |
dtucker |
Explictly ignore return codes where we don't check them. From Dmitry Belyavskiy via github PR#238, ok djm@
|
#
1.254 |
|
27-Mar-2023 |
djm |
scp: when copying local->remote, check that source file exists before opening SFTP connection to the server. Based on GHPR#370 ok dtucker, markus
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.253 |
|
03-Mar-2023 |
dtucker |
Check return values of dup2. Spotted by Coverity, ok djm@
|
#
1.252 |
|
10-Jan-2023 |
millert |
Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.257 |
|
14-Jul-2023 |
djm |
add defence-in-depth checks for some unreachable integer overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@
|
#
1.256 |
|
31-Mar-2023 |
dtucker |
Explicitly ignore return from waitpid here too.
|
#
1.255 |
|
31-Mar-2023 |
dtucker |
Explictly ignore return codes where we don't check them. From Dmitry Belyavskiy via github PR#238, ok djm@
|
#
1.254 |
|
27-Mar-2023 |
djm |
scp: when copying local->remote, check that source file exists before opening SFTP connection to the server. Based on GHPR#370 ok dtucker, markus
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.253 |
|
03-Mar-2023 |
dtucker |
Check return values of dup2. Spotted by Coverity, ok djm@
|
#
1.252 |
|
10-Jan-2023 |
millert |
Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.256 |
|
31-Mar-2023 |
dtucker |
Explicitly ignore return from waitpid here too.
|
#
1.255 |
|
31-Mar-2023 |
dtucker |
Explictly ignore return codes where we don't check them. From Dmitry Belyavskiy via github PR#238, ok djm@
|
#
1.254 |
|
27-Mar-2023 |
djm |
scp: when copying local->remote, check that source file exists before opening SFTP connection to the server. Based on GHPR#370 ok dtucker, markus
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.253 |
|
03-Mar-2023 |
dtucker |
Check return values of dup2. Spotted by Coverity, ok djm@
|
#
1.252 |
|
10-Jan-2023 |
millert |
Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.253 |
|
03-Mar-2023 |
dtucker |
Check return values of dup2. Spotted by Coverity, ok djm@
|
#
1.252 |
|
10-Jan-2023 |
millert |
Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.252 |
|
10-Jan-2023 |
millert |
Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.251 |
|
16-Dec-2022 |
jmc |
add -X to usage();
|
#
1.250 |
|
16-Dec-2022 |
djm |
add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol knobs: the copy buffer length and the number of inflight requests, both of which are used during upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options. This makes them available in both SFTP protocol clients using the same option character sequence.
ok dtucker@
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.249 |
|
24-Oct-2022 |
djm |
when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer "foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.248 |
|
13-May-2022 |
djm |
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.247 |
|
20-Mar-2022 |
djm |
don't leak argument list; bz3404, reported by Balu Gajjala ok dtucker@
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.246 |
|
23-Feb-2022 |
deraadt |
and we go back to testing sftp-scp after the 8.9 release...
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.245 |
|
10-Feb-2022 |
djm |
revert for imminent OpenSSH release, which wil ship with scp in RCP mode.
> revision 1.106 > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP > protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.244 |
|
01-Feb-2022 |
djm |
better match legacy scp behaviour: show un-expanded paths in error messages. Spotted by and ok tb@
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.243 |
|
17-Jan-2022 |
djm |
when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.242 |
|
08-Jan-2022 |
djm |
fix some corner-case bugs in scp sftp-mode handling of ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.241 |
|
24-Oct-2021 |
deraadt |
For open/openat, if the flags parameter does not contain O_CREAT, the 3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.240 |
|
15-Oct-2021 |
deraadt |
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP protocol for copying. Let's get back to testing the SFTP protocol.
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.239 |
|
20-Sep-2021 |
djm |
fix missing -s in SYNOPSYS and usage() as well as a capitalisation mistake; spotted by jmc@
|
#
1.238 |
|
20-Sep-2021 |
djm |
Switch scp back to use the old protocol by default, ahead of release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.237 |
|
18-Sep-2021 |
djm |
better error message for ~user failures when the sftp-server lacks the expand-path extension; ok deraadt@
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.236 |
|
16-Sep-2021 |
djm |
make some more scp-in-SFTP mode better match Unix idioms
suggested by deraadt@
|
#
1.235 |
|
16-Sep-2021 |
djm |
allow log_stderr==2 to prefix log messages with argv[0]
use this to make scp's SFTP mode error messages more scp-like
prompted by and ok deraadt@
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.234 |
|
11-Sep-2021 |
djm |
when using SFTP protocol, continue transferring files after a transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.233 |
|
08-Sep-2021 |
djm |
Use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.232 |
|
11-Aug-2021 |
naddy |
scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R".
ok djm@
|
#
1.231 |
|
11-Aug-2021 |
naddy |
scp: do not spawn ssh with two -s flags for remote-to-remote copies
Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set.
ok djm@
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.230 |
|
10-Aug-2021 |
djm |
Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
|
#
1.229 |
|
09-Aug-2021 |
djm |
make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host.
thanks naddy@ for catching the missing argument in usage()
"Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@
|
#
1.228 |
|
09-Aug-2021 |
djm |
make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers.
prompted by and much discussion deraadt@ ok markus@
|
#
1.227 |
|
09-Aug-2021 |
djm |
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does.
prompted by and much discussion deraadt@ ok markus@
|
#
1.226 |
|
09-Aug-2021 |
djm |
when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come)
prompted by and discussed with deraadt@ ok markus@
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.225 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
(this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224)
|
#
1.224 |
|
09-Aug-2021 |
djm |
rever r1.223 - I accidentally committed unrelated changes
|
#
1.223 |
|
09-Aug-2021 |
djm |
on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.222 |
|
07-Aug-2021 |
dtucker |
Fix prototype mismatch for do_cmd. ok djm@
|
#
1.221 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@
|
#
1.220 |
|
07-Aug-2021 |
djm |
make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@
|
#
1.219 |
|
07-Aug-2021 |
djm |
use sftp_client crossloading to implement scp -3
feedback/ok markus@
|
#
1.218 |
|
07-Aug-2021 |
djm |
prepare for scp -3 implemented via sftp
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.217 |
|
04-Aug-2021 |
dtucker |
Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code.
POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.216 |
|
02-Aug-2021 |
djm |
support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.215 |
|
05-Jul-2021 |
djm |
allow spaces to appear in usernames for local to remote, and scp -3 remote to remote copies. with & ok dtucker bz#1164
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.214 |
|
03-Apr-2021 |
djm |
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.213 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.212 |
|
03-Aug-2020 |
djm |
allow -A to explicitly enable agent forwarding in scp and sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.211 |
|
29-May-2020 |
millert |
Fix error message on close(2) and add printf format attributes. From Christos Zoulas, OK markus@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.210 |
|
06-May-2020 |
djm |
another case where a utimes() failure could make scp send a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.209 |
|
01-May-2020 |
djm |
when receving a file in sink(), be careful to send at most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
#
1.208 |
|
30-Apr-2020 |
markus |
run the 2nd ssh with BatchMode for scp -3
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.207 |
|
23-Jan-2020 |
dtucker |
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.206 |
|
09-Sep-2019 |
dtucker |
Fix potential truncation warning. ok deraadt.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.205 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.204 |
|
10-Feb-2019 |
djm |
when checking that filenames sent by the server side match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy deraadt@
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.203 |
|
27-Jan-2019 |
jmc |
add -T to usage();
|
#
1.202 |
|
26-Jan-2019 |
djm |
check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.201 |
|
24-Jan-2019 |
dtucker |
Have progressmeter force an update at the beginning and end of each transfer. Fixes the problem recently introduces where very quick transfers do not display the progressmeter at all. Spotted by naddy@
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.200 |
|
23-Jan-2019 |
dtucker |
Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR too. bz#2434 with contributions from djm and jjelen at redhat.com, ok djm@
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.199 |
|
21-Jan-2019 |
tb |
Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1) to match ssh(1)'s interface.
ok djm
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.198 |
|
16-Nov-2018 |
djm |
disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.197 |
|
01-Jun-2018 |
dtucker |
Apply umask to all incoming files and directories not just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.196 |
|
10-Apr-2018 |
djm |
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.195 |
|
10-Feb-2018 |
djm |
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.194 |
|
18-Dec-2017 |
millert |
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@
|
#
1.193 |
|
21-Oct-2017 |
millert |
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.192 |
|
31-May-2017 |
deraadt |
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
|
#
1.191 |
|
02-May-2017 |
jmc |
remove options -12 from usage();
|
#
1.190 |
|
30-Apr-2017 |
djm |
exterminate the -1 flag from scp
ok markus@
|
#
1.189 |
|
28-Apr-2017 |
millert |
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@
|
#
1.188 |
|
27-Apr-2017 |
millert |
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.187 |
|
12-Sep-2016 |
deraadt |
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.186 |
|
25-May-2016 |
schwarze |
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter.
This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@, various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
|
#
1.185 |
|
02-Mar-2016 |
dtucker |
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.184 |
|
27-Nov-2015 |
deraadt |
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker
|
#
1.183 |
|
16-Oct-2015 |
mmcc |
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.182 |
|
24-Apr-2015 |
deraadt |
rename xrealloc() to xreallocarray() since it follows that form. ok djm
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.181 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.180 |
|
24-Jun-2014 |
djm |
when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.179 |
|
20-Nov-2013 |
deraadt |
unsigned casts for ctype macros where neccessary ok guenther millert markus
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.178 |
|
22-Jun-2013 |
djm |
improved time_t overflow check suggested by guenther@
|
#
1.177 |
|
21-Jun-2013 |
djm |
make this -Wsign-compare clean after time_t conversion
|
#
1.176 |
|
17-Jun-2013 |
guenther |
Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
#
1.175 |
|
04-Jun-2013 |
dtucker |
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
#
1.174 |
|
01-Jun-2013 |
dtucker |
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2085. ok deraadt.
|
#
1.173 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
#
1.172 |
|
16-May-2013 |
dtucker |
Fix some "unused result" warnings found via clang and -portable. ok markus@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.171 |
|
09-Sep-2011 |
djm |
suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.170 |
|
09-Dec-2010 |
jmc |
scp.1: grammer fix scp.c: add -3 to usage()
|
#
1.169 |
|
08-Dec-2010 |
markus |
add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
#
1.168 |
|
26-Nov-2010 |
djm |
Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
|
#
1.167 |
|
22-Sep-2010 |
djm |
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.166 |
|
01-Jul-2010 |
millert |
Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.165 |
|
20-Dec-2009 |
guenther |
When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'.
Based on a diff by halex@ ok halex@ djm@ deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.164 |
|
10-Oct-2008 |
stevesk |
spelling in comment; ok djm@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.163 |
|
13-Jun-2008 |
dtucker |
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.162 |
|
01-Jan-2008 |
dtucker |
If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
|
#
1.161 |
|
24-Oct-2007 |
djm |
factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.160 |
|
06-Aug-2007 |
sobrado |
the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
#
1.159 |
|
13-Jun-2007 |
djm |
don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
|
#
1.158 |
|
12-Jun-2007 |
dtucker |
Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
|
#
1.157 |
|
12-Jun-2007 |
djm |
make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.156 |
|
22-Jan-2007 |
djm |
fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.155 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.154 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.153 |
|
26-Jul-2006 |
stevesk |
move #include <stdlib.h> out of includes.h
|
#
1.152 |
|
26-Jul-2006 |
stevesk |
move #include <sys/param.h> out of includes.h
|
#
1.151 |
|
25-Jul-2006 |
stevesk |
move #include <sys/time.h> out of includes.h
|
#
1.150 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.149 |
|
22-Jul-2006 |
stevesk |
move #include <time.h> out of includes.h
|
#
1.148 |
|
17-Jul-2006 |
stevesk |
move #include <unistd.h> out of includes.h
|
#
1.147 |
|
11-Jul-2006 |
stevesk |
move #include <errno.h> out of includes.h; ok markus@
|
#
1.146 |
|
10-Jul-2006 |
stevesk |
move #include <stdarg.h> out of includes.h; ok markus@
|
#
1.145 |
|
10-Jul-2006 |
djm |
duplicate argv at the start of main() because it gets modified later; pointed out by deraadt@ ok markus@
|
#
1.144 |
|
09-Jul-2006 |
stevesk |
move #include <fcntl.h> out of includes.h
|
#
1.143 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.142 |
|
17-May-2006 |
markus |
fix leak; coverity via Kylene Jo Hall
|
#
1.141 |
|
01-Apr-2006 |
djm |
xasprintification; ok deraadt@
|
#
1.140 |
|
01-Apr-2006 |
deraadt |
minimal lint cleanup (unused crud, and some size_t); ok djm
|
#
1.139 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.138 |
|
25-Mar-2006 |
djm |
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
|
#
1.137 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
#
1.136 |
|
16-Mar-2006 |
biorn |
Try to display errormessage even if remout == -1
ok djm@, markus@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.135 |
|
22-Feb-2006 |
stevesk |
branches: 1.135.2; move #include <ctype.h> out of includes.h; ok djm@
|
#
1.134 |
|
20-Feb-2006 |
stevesk |
move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.133 |
|
20-Feb-2006 |
stevesk |
move #include <signal.h> out of includes.h; ok markus@
|
#
1.132 |
|
10-Feb-2006 |
stevesk |
move #include <sys/wait.h> out of includes.h; ok markus@
|
#
1.131 |
|
08-Feb-2006 |
stevesk |
move #include <dirent.h> out of includes.h; ok markus@
|
#
1.130 |
|
31-Jan-2006 |
djm |
"scp a b c" shouldn't clobber "c" when it is not a directory, report and fix from biorn@; ok markus@
|
#
1.129 |
|
31-Jan-2006 |
djm |
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
|
#
1.128 |
|
06-Dec-2005 |
reyk |
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
|
#
1.127 |
|
12-Nov-2005 |
deraadt |
avoid close(-1), as in rcp; ok cloder
|
#
1.126 |
|
13-Sep-2005 |
djm |
ensure that stdio fds are attached; ok deraadt@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.125 |
|
27-Jul-2005 |
dtucker |
branches: 1.125.2; Silence bogus -Wuninitialized warnings; ok djm@
|
#
1.124 |
|
17-Jun-2005 |
djm |
make this -Wsign-compare clean; ok avsm@ markus@
|
#
1.123 |
|
26-May-2005 |
avsm |
If copying multiple files to a target file (which normally fails, as it must be a target directory), kill the spawned ssh child before exiting. This stops it trying to authenticate and spewing lots of output. deraadt@ ok
|
#
1.122 |
|
24-May-2005 |
avsm |
Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes:
if (atomicio(read, ..., len) != len) err(1,"read");
ok deraadt@, cloder@, djm@
|
#
1.121 |
|
02-Apr-2005 |
djm |
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror build
|
#
1.120 |
|
31-Mar-2005 |
deraadt |
copy argv[] element instead of smashing the one that ps will see; ok otto
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.119 |
|
24-Jan-2005 |
dtucker |
branches: 1.119.2; Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
|
#
1.118 |
|
15-Sep-2004 |
deraadt |
scratch that do { } while (0) wrapper in this case
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.117 |
|
11-Aug-2004 |
avsm |
branches: 1.117.2; use atomicio instead of homegrown equivalents or read/write. markus@ ok
|
#
1.116 |
|
08-Jul-2004 |
dtucker |
Prevent scp from skipping the file following a double-error. bz #863, ok markus@
|
#
1.115 |
|
21-Jun-2004 |
avsm |
make ssh -Wshadow clean, no functional changes markus@ ok
|
#
1.114 |
|
01-Apr-2004 |
markus |
limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.113 |
|
23-Nov-2003 |
djm |
branches: 1.113.2; from portable: rename clashing variable limit-> limit_rate; ok markus@
|
#
1.112 |
|
21-Nov-2003 |
djm |
unexpand and delete whitespace at EOL; ok markus@
|
#
1.111 |
|
12-Nov-2003 |
dtucker |
When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@
|
#
1.110 |
|
08-Oct-2003 |
jmc |
scp and sftp: add options list and sort options. options list requested by deraadt@ sshd: use same format as ssh ssh: remove wrong option from list sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
|
#
1.109 |
|
19-Sep-2003 |
markus |
error handling for remote-remote copy; #638; report Harald Koenig; ok millert, fgs, henning, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.108 |
|
18-Jul-2003 |
deraadt |
branches: 1.108.2; userid is unsigned, but well, force it anyways; andrushock@korovino.net
|
#
1.107 |
|
28-Jun-2003 |
deraadt |
deal with typing of write vs read in atomicio
|
#
1.106 |
|
12-Jun-2003 |
nino |
Typo.
Ok markus@.
|
#
1.105 |
|
04-Jun-2003 |
djm |
kill ssh process upon receipt of signal, bz #241. based on patch from esb AT hawaii.edu; ok markus@
|
#
1.104 |
|
04-Jun-2003 |
djm |
ansify; ok markus@
|
#
1.103 |
|
03-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.102 |
|
05-Mar-2003 |
markus |
branches: 1.102.2; fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
#
1.101 |
|
02-Feb-2003 |
markus |
call okname() only when using system(3) for remote-remote copy; fixes bugs #483, #472; ok deraadt@, mouring@
|
#
1.100 |
|
23-Jan-2003 |
markus |
scp -12; Sam Smith and others; ok provos@, deraadt@
|
#
1.99 |
|
23-Jan-2003 |
markus |
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
|
#
1.98 |
|
10-Jan-2003 |
djm |
Don't ftruncate after write error, creating sparse files of incorrect length mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
|
#
1.97 |
|
10-Jan-2003 |
fgsch |
sftp progress meter support. original diffs by Nils Nordman <nino at nforced dot com> via markus@, merged to -current by me, djm@ ok.
|
#
1.96 |
|
13-Dec-2002 |
markus |
1) include stalling time in total time 2) truncate filenames to 45 instead of 20 characters 3) print rate instead of progress bar, no more stars 4) scale output to tty width based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
|
#
1.95 |
|
05-Dec-2002 |
markus |
use roundup() similar to rcp/util.c and avoid problems with strange filesystem block sizes, noted by tjr@freebsd.org; ok djm@
|
#
1.94 |
|
27-Nov-2002 |
markus |
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp; http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
|
#
1.93 |
|
26-Nov-2002 |
wcobb |
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default. ok markus@
|
#
1.92 |
|
07-Nov-2002 |
markus |
check exit status from ssh, and exit(1) if ssh fails; bug#369; binder@arago.de
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.91 |
|
19-Jun-2002 |
deraadt |
branches: 1.91.2; KNF done automatically while reading....
|
#
1.90 |
|
17-Jun-2002 |
deraadt |
make usage like man page
|
#
1.89 |
|
08-Jun-2002 |
markus |
remove FallBackToRsh
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.88 |
|
06-Apr-2002 |
mouring |
branches: 1.88.2; Fixes potental double // within path. http://bugzilla.mindrot.org/show_bug.cgi?id=76
|
#
1.87 |
|
30-Mar-2002 |
deraadt |
stretch banners
|
#
1.86 |
|
05-Dec-2001 |
itojun |
make it compile with more strict prototype checking
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.85 |
|
01-Oct-2001 |
markus |
branches: 1.85.2; skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
|
#
1.84 |
|
19-Sep-2001 |
stevesk |
add ClearAllForwardings ssh option and set it in scp and sftp; ok markus@
|
#
1.83 |
|
17-Sep-2001 |
stevesk |
add -Fssh_config option; ok markus@
|
#
1.82 |
|
12-Sep-2001 |
stevesk |
don't forward agent for non third-party copies; ok markus@
|
#
1.81 |
|
29-Aug-2001 |
markus |
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok theo@
|
#
1.80 |
|
13-Aug-2001 |
stevesk |
don't need main prototype (also sync with rcp); ok markus@
|
#
1.79 |
|
06-Aug-2001 |
stevesk |
use alarm vs. setitimer for portable; ok markus@
|
#
1.78 |
|
27-Jul-2001 |
deraadt |
shorten lines
|
#
1.77 |
|
18-Jul-2001 |
mouring |
Missing -o in scp usage()
|
#
1.76 |
|
23-Jun-2001 |
itojun |
more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
#
1.75 |
|
23-Jun-2001 |
deraadt |
slightly better care
|
#
1.74 |
|
16-Jun-2001 |
markus |
no stdio or exit() in signal handlers.
|
#
1.73 |
|
10-Jun-2001 |
markus |
you cannot vfprintf(fp, fmt, ap) twice, from portable, via drahn@
|
#
1.72 |
|
03-Jun-2001 |
markus |
pass -v to ssh; from slade@shore.net
|
#
1.71 |
|
19-May-2001 |
markus |
ftruncate() instead of open()+O_TRUNC like rcp.c does allows scp /path/to/file localhost:/path/to/file
|
#
1.70 |
|
08-May-2001 |
mouring |
Use addargs() in sftp plus some clean up of addargs(). OK Markus
|
#
1.69 |
|
03-May-2001 |
mouring |
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.68 |
|
22-Apr-2001 |
markus |
branches: 1.68.2; scp > 2GB; niles@scyld.com; ok deraadt@, djm@
|
#
1.67 |
|
16-Apr-2001 |
mouring |
IPv6 support for sftp (which I bungled in my last patch) which is borrowed from scp.c. Thanks to Markus@ for pointing it out.
|
#
1.66 |
|
14-Apr-2001 |
stevesk |
'T' handling rcp/scp sync; ok markus@
|
#
1.65 |
|
06-Apr-2001 |
deraadt |
remove trailing / from source paths; fixes pr#1756
|
#
1.64 |
|
28-Mar-2001 |
stevesk |
usage more like rcp and add missing -B to usage; ok markus@
|
#
1.63 |
|
28-Mar-2001 |
stevesk |
start to sync scp closer to rcp; ok markus@
|
#
1.62 |
|
21-Mar-2001 |
markus |
alpha fixes, from simonb@wasabisystems.com
|
#
1.61 |
|
15-Mar-2001 |
markus |
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
|
#
1.60 |
|
02-Mar-2001 |
deraadt |
make copyright lines the same format
|
#
1.59 |
|
19-Feb-2001 |
deraadt |
np is changed by recursion; vinschen@redhat.com
|
#
1.58 |
|
10-Feb-2001 |
danh |
fix memory leak; ok markus@
|
#
1.57 |
|
10-Feb-2001 |
danh |
revert a small change to allow -r option to work again; ok deraadt@
|
#
1.56 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.55 |
|
08-Feb-2001 |
deraadt |
memory leak fix, and snprintf throughout
|
#
1.54 |
|
07-Feb-2001 |
itojun |
unsigned long long -> %llu, not %qu. markus ok
|
#
1.53 |
|
04-Feb-2001 |
deraadt |
alpha happiness
|
#
1.52 |
|
04-Feb-2001 |
stevesk |
unexpand and remove end-of-line whitespace; ok markus@
|
#
1.51 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.50 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.49 |
|
13-Jan-2001 |
markus |
getopt() returns -1 not EOF; stevesk@pobox.com
|
#
1.48 |
|
01-Jan-2001 |
markus |
use shared fatal(); from stevesk@pobox.com
|
#
1.47 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
#
1.46 |
|
16-Dec-2000 |
markus |
allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
|
#
1.45 |
|
16-Dec-2000 |
markus |
unused; from stevesk@pobox.com
|
#
1.44 |
|
11-Dec-2000 |
deraadt |
when copying 0-sized files, do not re-print ETA time at completion
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.43 |
|
18-Oct-2000 |
markus |
branches: 1.43.2; replace atomicio(read,...) with read(); ok deraadt@
|
#
1.42 |
|
14-Oct-2000 |
markus |
remove spaces from arguments; from djm@mindrot.org
|
#
1.41 |
|
11-Oct-2000 |
markus |
support 'scp -o' with help from mouring@pconline.com
|
#
1.40 |
|
21-Sep-2000 |
markus |
utime() to utimes(); mouring@pconline.com
|
#
1.39 |
|
07-Sep-2000 |
markus |
typo
|
#
1.38 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.37 |
|
01-Sep-2000 |
deraadt |
cleanup and fix -S support; stevesk@sweden.hp.com
|
#
1.36 |
|
24-Aug-2000 |
deraadt |
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
|
#
1.35 |
|
19-Aug-2000 |
deraadt |
knf
|
#
1.34 |
|
19-Aug-2000 |
deraadt |
-S prog support; tv@debian.org
|
#
1.33 |
|
13-Jul-2000 |
provos |
close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
|
#
1.32 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
#
1.31 |
|
18-Jun-2000 |
markus |
typo
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.30 |
|
02-May-2000 |
deraadt |
branches: 1.30.2; more atomicio
|
#
1.29 |
|
01-May-2000 |
deraadt |
fix very rare EAGAIN/EINTR issues; based on work by djm
|
#
1.28 |
|
16-Apr-2000 |
deraadt |
after completion, replace the progress bar ETA counter with a final elapsed time; my idea, aaron wrote the patch
|
#
1.27 |
|
14-Apr-2000 |
markus |
whitespace cleanup
|
#
1.26 |
|
16-Mar-2000 |
markus |
-pedantic: signed vs. unsigned, void*-arithm, etc
|
#
1.25 |
|
24-Jan-2000 |
markus |
allow '.' in usernames; from jedgar@fxp.org
|
#
1.24 |
|
04-Jan-2000 |
markus |
document -4, -6, and 'ssh -L 2022/::1/22'
|
#
1.23 |
|
04-Jan-2000 |
markus |
ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from <kick@kyoto.wide.ad.jp> and fujiwara@rcac.tdi.co.jp)
|
#
1.22 |
|
06-Dec-1999 |
deraadt |
move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls.
|
#
1.21 |
|
24-Nov-1999 |
markus |
progress meter overflow fix from damien@ibs.com.au
|
#
1.20 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.19 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.18 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.17 |
|
22-Nov-1999 |
markus |
syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE
|
#
1.16 |
|
17-Nov-1999 |
deraadt |
foregroundproc() in scp
|
#
1.15 |
|
12-Nov-1999 |
markus |
fix overflow reported by damien@ibs.com.au: off_t totalsize, ok niels,aaron
|
#
1.14 |
|
27-Oct-1999 |
aaron |
Calculation fix in progressmeter() for ETA > 1hr; pasto on my part.
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.13 |
|
08-Oct-1999 |
aaron |
Print out the progress meter for 0 length files, too; deraadt@
|
#
1.12 |
|
05-Oct-1999 |
aaron |
- Fix the progress meter for receiving files, too. - Add a check for totalbytes <= 0 in progressmeter(), so we don't / 0. - Reset statbytes when we issue progressmeter(1), just to be safe.
|
#
1.11 |
|
05-Oct-1999 |
aaron |
Show filenames in the progress meter while transferring.
|
#
1.10 |
|
04-Oct-1999 |
deraadt |
it is incredible what some people try to do in signal handlers
|
#
1.9 |
|
03-Oct-1999 |
deraadt |
errno trashing considered harmfull
|
#
1.8 |
|
02-Oct-1999 |
deraadt |
Wall
|
#
1.7 |
|
02-Oct-1999 |
deraadt |
isatty() fixes for the progress meter; markus.friedl@informatik.uni-erlangen.de
|
#
1.6 |
|
30-Sep-1999 |
aaron |
- Add -q option to shutup the progressmeter; markus friedl - Describe -q in man page (needs conversion to mdoc still). - Cleanup usage string. - Correct a typo; espie@
|
#
1.5 |
|
30-Sep-1999 |
deraadt |
do not bother with dinosaur pacification
|
#
1.4 |
|
30-Sep-1999 |
aaron |
Put our ftp(1) progress meter into scp(1).
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
we have setsid
|
#
1.2 |
|
29-Sep-1999 |
dugsong |
update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpages
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|