X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/6f34e365eed04c1b4ebcf6d90511dd9e4400880a..0965bee0865fd8ea129b2de62a3c50e09c59a184:/scp.c diff --git a/scp.c b/scp.c index 7466e433..c13be5ec 100644 --- a/scp.c +++ b/scp.c @@ -9,7 +9,13 @@ */ #include +#ifndef AUTO_WINSOCK +#ifdef WINSOCK_TWO +#include +#else #include +#endif +#endif #include #include #include @@ -20,7 +26,8 @@ #define PUTTY_DO_GLOBALS #include "putty.h" -#include "scp.h" +#include "winstuff.h" +#include "storage.h" #define TIME_POSIX_TO_WIN(t, ft) (*(LONGLONG*)&(ft) = \ ((LONGLONG) (t) + (LONGLONG) 11644473600) * (LONGLONG) 10000000) @@ -46,57 +53,117 @@ static int statistics = 1; static int portnumber = 0; static char *password = NULL; static int errs = 0; -static int connection_open = 0; /* GUI Adaptation - Sept 2000 */ #define NAME_STR_MAX 2048 static char statname[NAME_STR_MAX+1]; static unsigned long statsize = 0; static int statperct = 0; -static time_t statelapsed = 0; +static unsigned long statelapsed = 0; static int gui_mode = 0; static char *gui_hwnd = NULL; static void source(char *src); static void rsource(char *src); -static void sink(char *targ); +static void sink(char *targ, char *src); /* GUI Adaptation - Sept 2000 */ static void tell_char(FILE *stream, char c); static void tell_str(FILE *stream, char *str); static void tell_user(FILE *stream, char *fmt, ...); static void send_char_msg(unsigned int msg_id, char c); static void send_str_msg(unsigned int msg_id, char *str); -static void gui_update_stats(char *name, unsigned long size, int percentage, time_t elapsed); - -/* - * These functions are needed to link with ssh.c, but never get called. - */ -void term_out(void) -{ - abort(); -} -void begin_session(void) { +static void gui_update_stats(char *name, unsigned long size, + int percentage, unsigned long elapsed); + +void logevent(char *string) { } + +void verify_ssh_host_key(char *host, int port, char *keytype, + char *keystr, char *fingerprint) { + int ret; + + static const char absentmsg[] = + "The server's host key is not cached in the registry. You\n" + "have no guarantee that the server is the computer you\n" + "think it is.\n" + "The server's key fingerprint is:\n" + "%s\n" + "If you trust this host, enter \"y\" to add the key to\n" + "PuTTY's cache and carry on connecting.\n" + "If you do not trust this host, enter \"n\" to abandon the\n" + "connection.\n" + "Continue connecting? (y/n) "; + + static const char wrongmsg[] = + "WARNING - POTENTIAL SECURITY BREACH!\n" + "The server's host key does not match the one PuTTY has\n" + "cached in the registry. This means that either the\n" + "server administrator has changed the host key, or you\n" + "have actually connected to another computer pretending\n" + "to be the server.\n" + "The new key fingerprint is:\n" + "%s\n" + "If you were expecting this change and trust the new key,\n" + "enter Yes to update PuTTY's cache and continue connecting.\n" + "If you want to carry on connecting but without updating\n" + "the cache, enter No.\n" + "If you want to abandon the connection completely, press\n" + "Return to cancel. Pressing Return is the ONLY guaranteed\n" + "safe choice.\n" + "Update cached key? (y/n, Return cancels connection) "; + + static const char abandoned[] = "Connection abandoned.\n"; + + char line[32]; + + /* + * Verify the key against the registry. + */ + ret = verify_host_key(host, port, keytype, keystr); + + if (ret == 0) /* success - key matched OK */ + return; + if (ret == 2) { /* key was different */ + fprintf(stderr, wrongmsg, fingerprint); + if (fgets(line, sizeof(line), stdin) && + line[0] != '\0' && line[0] != '\n') { + if (line[0] == 'y' || line[0] == 'Y') + store_host_key(host, port, keytype, keystr); + } else { + fprintf(stderr, abandoned); + exit(0); + } + } + if (ret == 1) { /* key was absent */ + fprintf(stderr, absentmsg, fingerprint); + if (fgets(line, sizeof(line), stdin) && + (line[0] == 'y' || line[0] == 'Y')) + store_host_key(host, port, keytype, keystr); + else { + fprintf(stderr, abandoned); + exit(0); + } + } } /* GUI Adaptation - Sept 2000 */ -void send_msg(HWND h, UINT message, WPARAM wParam) +static void send_msg(HWND h, UINT message, WPARAM wParam) { while (!PostMessage( h, message, wParam, 0)) SleepEx(1000,TRUE); } -void tell_char(FILE *stream, char c) +static void tell_char(FILE *stream, char c) { if (!gui_mode) fputc(c, stream); else { unsigned int msg_id = WM_STD_OUT_CHAR; - if (stream = stderr) msg_id = WM_STD_ERR_CHAR; + if (stream == stderr) msg_id = WM_STD_ERR_CHAR; send_msg( (HWND)atoi(gui_hwnd), msg_id, (WPARAM)c ); } } -void tell_str(FILE *stream, char *str) +static void tell_str(FILE *stream, char *str) { unsigned int i; @@ -104,7 +171,7 @@ void tell_str(FILE *stream, char *str) tell_char(stream, str[i]); } -void tell_user(FILE *stream, char *fmt, ...) +static void tell_user(FILE *stream, char *fmt, ...) { char str[0x100]; /* Make the size big enough */ va_list ap; @@ -115,7 +182,7 @@ void tell_user(FILE *stream, char *fmt, ...) tell_str(stream, str); } -void gui_update_stats(char *name, unsigned long size, int percentage, time_t elapsed) +static void gui_update_stats(char *name, unsigned long size, int percentage, unsigned long elapsed) { unsigned int i; @@ -174,6 +241,128 @@ void connection_fatal(char *fmt, ...) } /* + * Be told what socket we're supposed to be using. + */ +static SOCKET scp_ssh_socket; +char *do_select(SOCKET skt, int startup) { + if (startup) + scp_ssh_socket = skt; + else + scp_ssh_socket = INVALID_SOCKET; + return NULL; +} +extern int select_result(WPARAM, LPARAM); + +/* + * Receive a block of data from the SSH link. Block until all data + * is available. + * + * To do this, we repeatedly call the SSH protocol module, with our + * own trap in from_backend() to catch the data that comes back. We + * do this until we have enough data. + */ + +static unsigned char *outptr; /* where to put the data */ +static unsigned outlen; /* how much data required */ +static unsigned char *pending = NULL; /* any spare data */ +static unsigned pendlen=0, pendsize=0; /* length and phys. size of buffer */ +void from_backend(int is_stderr, char *data, int datalen) { + unsigned char *p = (unsigned char *)data; + unsigned len = (unsigned)datalen; + + /* + * stderr data is just spouted to local stderr and otherwise + * ignored. + */ + if (is_stderr) { + fwrite(data, 1, len, stderr); + return; + } + + inbuf_head = 0; + + /* + * If this is before the real session begins, just return. + */ + if (!outptr) + return; + + if (outlen > 0) { + unsigned used = outlen; + if (used > len) used = len; + memcpy(outptr, p, used); + outptr += used; outlen -= used; + p += used; len -= used; + } + + if (len > 0) { + if (pendsize < pendlen + len) { + pendsize = pendlen + len + 4096; + pending = (pending ? srealloc(pending, pendsize) : + smalloc(pendsize)); + if (!pending) + fatalbox("Out of memory"); + } + memcpy(pending+pendlen, p, len); + pendlen += len; + } +} +static int ssh_scp_recv(unsigned char *buf, int len) { + outptr = buf; + outlen = len; + + /* + * See if the pending-input block contains some of what we + * need. + */ + if (pendlen > 0) { + unsigned pendused = pendlen; + if (pendused > outlen) + pendused = outlen; + memcpy(outptr, pending, pendused); + memmove(pending, pending+pendused, pendlen-pendused); + outptr += pendused; + outlen -= pendused; + pendlen -= pendused; + if (pendlen == 0) { + pendsize = 0; + sfree(pending); + pending = NULL; + } + if (outlen == 0) + return len; + } + + while (outlen > 0) { + fd_set readfds; + + FD_ZERO(&readfds); + FD_SET(scp_ssh_socket, &readfds); + if (select(1, &readfds, NULL, NULL, NULL) < 0) + return 0; /* doom */ + select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ); + } + + return len; +} + +/* + * Loop through the ssh connection and authentication process. + */ +static void ssh_scp_init(void) { + if (scp_ssh_socket == INVALID_SOCKET) + return; + while (!back->sendok()) { + fd_set readfds; + FD_ZERO(&readfds); + FD_SET(scp_ssh_socket, &readfds); + if (select(1, &readfds, NULL, NULL, NULL) < 0) + return; /* doom */ + select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ); + } +} + +/* * Print an error message and exit after closing the SSH link. */ static void bump(char *fmt, ...) @@ -187,9 +376,9 @@ static void bump(char *fmt, ...) strcat(str, "\n"); tell_str(stderr, str); - if (connection_open) { + if (back != NULL && back->socket() != NULL) { char ch; - ssh_scp_send_eof(); + back->special(TS_EOF); ssh_scp_recv(&ch, 1); } exit(1); @@ -246,14 +435,16 @@ static int get_password(const char *prompt, char *str, int maxlen) static void do_cmd(char *host, char *user, char *cmd) { char *err, *realhost; + DWORD namelen; if (host == NULL || host[0] == '\0') bump("Empty host name"); /* Try to load settings for this host */ - do_defaults(host); + do_defaults(host, &cfg); if (cfg.host[0] == '\0') { /* No settings for this host; use defaults */ + do_defaults(NULL, &cfg); strncpy(cfg.host, host, sizeof(cfg.host)-1); cfg.host[sizeof(cfg.host)-1] = '\0'; cfg.port = 22; @@ -264,7 +455,15 @@ static void do_cmd(char *host, char *user, char *cmd) strncpy(cfg.username, user, sizeof(cfg.username)-1); cfg.username[sizeof(cfg.username)-1] = '\0'; } else if (cfg.username[0] == '\0') { - bump("Empty user name"); + namelen = 0; + if (GetUserName(user, &namelen) == FALSE) + bump("Empty user name"); + user = smalloc(namelen * sizeof(char)); + GetUserName(user, &namelen); + if (verbose) tell_user(stderr, "Guessing user name: %s", user); + strncpy(cfg.username, user, sizeof(cfg.username)-1); + cfg.username[sizeof(cfg.username)-1] = '\0'; + free(user); } if (cfg.protocol != PROT_SSH) @@ -273,13 +472,18 @@ static void do_cmd(char *host, char *user, char *cmd) if (portnumber) cfg.port = portnumber; - err = ssh_scp_init(cfg.host, cfg.port, cmd, &realhost); + strncpy(cfg.remote_cmd, cmd, sizeof(cfg.remote_cmd)); + cfg.remote_cmd[sizeof(cfg.remote_cmd)-1] = '\0'; + cfg.nopty = TRUE; + + back = &ssh_backend; + + err = back->init(cfg.host, cfg.port, &realhost); if (err != NULL) bump("ssh_init: %s", err); + ssh_scp_init(); if (verbose && realhost != NULL) tell_user(stderr, "Connected to %s\n", realhost); - - connection_open = 1; } /* @@ -295,7 +499,8 @@ static void print_stats(char *name, unsigned long size, unsigned long done, /* GUI Adaptation - Sept 2000 */ if (gui_mode) - gui_update_stats(name, size, ((done *100) / size), now-start); + gui_update_stats(name, size, (int)(100 * (done*1.0/size)), + (unsigned long)difftime(now, start)); else { if (now > start) ratebs = (float) done / (now - start); @@ -390,10 +595,10 @@ static void run_err(const char *fmt, ...) va_list ap; va_start(ap, fmt); errs++; - strcpy(str, "\01scp: "); + strcpy(str, "scp: "); vsprintf(str+strlen(str), fmt, ap); strcat(str, "\n"); - ssh_scp_send(str, strlen(str)); + back->send(str, strlen(str)); tell_user(stderr, "%s",str); va_end(ap); } @@ -464,7 +669,7 @@ static void source(char *src) TIME_WIN_TO_POSIX(actime, atime); TIME_WIN_TO_POSIX(wrtime, mtime); sprintf(buf, "T%lu 0 %lu 0\n", mtime, atime); - ssh_scp_send(buf, strlen(buf)); + back->send(buf, strlen(buf)); if (response()) return; } @@ -473,7 +678,7 @@ static void source(char *src) sprintf(buf, "C0644 %lu %s\n", size, last); if (verbose) tell_user(stderr, "Sending file modes: %s", buf); - ssh_scp_send(buf, strlen(buf)); + back->send(buf, strlen(buf)); if (response()) return; @@ -491,7 +696,7 @@ static void source(char *src) if (statistics) printf("\n"); bump("%s: Read error", src); } - ssh_scp_send(transbuf, k); + back->send(transbuf, k); if (statistics) { stat_bytes += k; if (time(NULL) != stat_lasttime || @@ -504,7 +709,7 @@ static void source(char *src) } CloseHandle(f); - ssh_scp_send("", 1); + back->send("", 1); (void) response(); } @@ -533,7 +738,7 @@ static void rsource(char *src) sprintf(buf, "D0755 0 %s\n", last); if (verbose) tell_user(stderr, "Entering directory: %s", buf); - ssh_scp_send(buf, strlen(buf)); + back->send(buf, strlen(buf)); if (response()) return; @@ -555,14 +760,14 @@ static void rsource(char *src) FindClose(dir); sprintf(buf, "E\n"); - ssh_scp_send(buf, strlen(buf)); + back->send(buf, strlen(buf)); (void) response(); } /* * Execute the sink part of the SCP protocol. */ -static void sink(char *targ) +static void sink(char *targ, char *src) { char buf[2048]; char namebuf[2048]; @@ -587,7 +792,7 @@ static void sink(char *targ) if (targetshouldbedirectory && !targisdir) bump("%s: Not a directory", targ); - ssh_scp_send("", 1); + back->send("", 1); while (1) { settime = 0; gottime: @@ -611,13 +816,13 @@ static void sink(char *targ) case '\02': /* fatal error */ bump("%s", buf+1); case 'E': - ssh_scp_send("", 1); + back->send("", 1); return; case 'T': if (sscanf(buf, "T%ld %*d %ld %*d", &mtime, &atime) == 2) { settime = 1; - ssh_scp_send("", 1); + back->send("", 1); goto gottime; } bump("Protocol error: Illegal time format"); @@ -630,12 +835,17 @@ static void sink(char *targ) if (sscanf(buf+1, "%u %lu %[^\n]", &mode, &size, namebuf) != 3) bump("Protocol error: Illegal file descriptor format"); + /* Security fix: ensure the file ends up where we asked for it. */ if (targisdir) { char t[2048]; + char *p; strcpy(t, targ); if (targ[0] != '\0') strcat(t, "/"); - strcat(t, namebuf); + p = namebuf + strlen(namebuf); + while (p > namebuf && p[-1] != '/' && p[-1] != '\\') + p--; + strcat(t, p); strcpy(namebuf, t); } else { strcpy(namebuf, targ); @@ -655,7 +865,7 @@ static void sink(char *targ) continue; } } - sink(namebuf); + sink(namebuf, NULL); /* can we set the timestamp for directories ? */ continue; } @@ -667,7 +877,7 @@ static void sink(char *targ) continue; } - ssh_scp_send("", 1); + back->send("", 1); if (statistics) { stat_bytes = 0; @@ -720,7 +930,7 @@ static void sink(char *targ) run_err("%s: Write error", namebuf); continue; } - ssh_scp_send("", 1); + back->send("", 1); } } @@ -801,6 +1011,27 @@ static void toremote(int argc, char *argv[]) do { char *last; char namebuf[2048]; + /* + * Ensure that . and .. are never matched by wildcards, + * but only by deliberate action. + */ + if (!strcmp(fdat.cFileName, ".") || + !strcmp(fdat.cFileName, "..")) { + /* + * Find*File has returned a special dir. We require + * that _either_ `src' ends in a backslash followed + * by that string, _or_ `src' is precisely that + * string. + */ + int len = strlen(src), dlen = strlen(fdat.cFileName); + if (len == dlen && !strcmp(src, fdat.cFileName)) { + /* ok */; + } else if (len > dlen+1 && src[len-dlen-1] == '\\' && + !strcmp(src+len-dlen, fdat.cFileName)) { + /* ok */; + } else + continue; /* ignore this one */ + } if (strlen(src) + strlen(fdat.cFileName) >= sizeof(namebuf)) { tell_user(stderr, "%s: Name too long", src); @@ -868,7 +1099,7 @@ static void tolocal(int argc, char *argv[]) do_cmd(host, user, cmd); sfree(cmd); - sink(targ); + sink(targ, src); } /* @@ -975,6 +1206,7 @@ int main(int argc, char *argv[]) flags = FLAG_STDERR; ssh_get_password = &get_password; init_winsock(); + sk_init(); for (i = 1; i < argc; i++) { if (argv[i][0] != '-') @@ -1006,6 +1238,7 @@ int main(int argc, char *argv[]) } argc -= i; argv += i; + back = NULL; if (list) { if (argc != 1) @@ -1025,9 +1258,9 @@ int main(int argc, char *argv[]) tolocal(argc, argv); } - if (connection_open) { + if (back != NULL && back->socket() != NULL) { char ch; - ssh_scp_send_eof(); + back->special(TS_EOF); ssh_scp_recv(&ch, 1); } WSACleanup();