Attachment #2981 for bug #2718

View | Details | Raw Unified | Return to bug 2718
Collapse All | Expand All

Lines 37-42 Link Here

(-)a/sftp-server.8 (+6 lines)
37	.Op Fl l Ar log_level	37	.Op Fl l Ar log_level
38	.Op Fl P Ar blacklisted_requests	38	.Op Fl P Ar blacklisted_requests
39	.Op Fl p Ar whitelisted_requests	39	.Op Fl p Ar whitelisted_requests
		40	.Op Fl t Ar idle_timeout
40	.Op Fl u Ar umask	41	.Op Fl u Ar umask
41	.Ek	42	.Ek
42	.Nm	43	.Nm
Lines 133-138 Places this instance of Link Here
133	into a read-only mode.	134	into a read-only mode.
134	Attempts to open files for writing, as well as other operations that change	135	Attempts to open files for writing, as well as other operations that change
135	the state of the filesystem, will be denied.	136	the state of the filesystem, will be denied.
		137	.It Fl t Ar idle_timeout
		138	Sets idle timeout for sftp sessions. When there is no client request for
		139	.Pa idle_timeout
		140	seconds, the session is forcibly closed by the server.
		141	The default value 0 means no time limit.
136	.It Fl u Ar umask	142	.It Fl u Ar umask
137	Sets an explicit	143	Sets an explicit
138	.Xr umask 2	144	.Xr umask 2

Lines 39-44 Link Here

(-)a/sftp-server.c (-3 / +33 lines)
39	#include <time.h>	39	#include <time.h>
40	#include <unistd.h>	40	#include <unistd.h>
41	#include <stdarg.h>	41	#include <stdarg.h>
		42	#include <signal.h>
42		43
43	#include "xmalloc.h"	44	#include "xmalloc.h"
44	#include "sshbuf.h"	45	#include "sshbuf.h"
Lines 83-88 struct Stat { Link Here
83	Attrib attrib;	84	Attrib attrib;
84	};	85	};
85		86
		87	/* sftp idle timeout */
		88	static volatile sig_atomic_t g_timed_out = 0;
		89
86	/* Packet handlers */	90	/* Packet handlers */
87	static void process_open(u_int32_t id);	91	static void process_open(u_int32_t id);
88	static void process_close(u_int32_t id);	92	static void process_close(u_int32_t id);
Lines 1490-1506 sftp_server_usage(void) Link Here
1490	fprintf(stderr,	1494	fprintf(stderr,
1491	"usage: %s [-ehR] [-d start_directory] [-f log_facility] "	1495	"usage: %s [-ehR] [-d start_directory] [-f log_facility] "
1492	"[-l log_level]\n\t[-P blacklisted_requests] "	1496	"[-l log_level]\n\t[-P blacklisted_requests] "
1493	"[-p whitelisted_requests] [-u umask]\n"	1497	"[-p whitelisted_requests] [-t idle_timeout] [-u umask]\n"
1494	" %s -Q protocol_feature\n",	1498	" %s -Q protocol_feature\n",
1495	__progname, __progname);	1499	__progname, __progname);
1496	exit(1);	1500	exit(1);
1497	}	1501	}
1498		1502
		1503	static void
		1504	sftp_alarm_handler(int sig)
		1505	{
		1506	g_timed_out = 1;
		1507	}
		1508
1499	int	1509	int
1500	sftp_server_main(int argc, char *argv, struct passwd user_pw)	1510	sftp_server_main(int argc, char *argv, struct passwd user_pw)
1501	{	1511	{
1502	fd_set rset, wset;	1512	fd_set rset, wset;
1503	int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;	1513	int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
		1514	int timeout = 0;
1504	ssize_t len, olen, set_size;	1515	ssize_t len, olen, set_size;
1505	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;	1516	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1506	char cp, homedir = NULL, buf[4*4096];	1517	char cp, homedir = NULL, buf[4*4096];
Lines 1516-1522 sftp_server_main(int argc, char *argv, struct passwd user_pw) Link Here
1516	pw = pwcopy(user_pw);	1527	pw = pwcopy(user_pw);
1517		1528
1518	while (!skipargs && (ch = getopt(argc, argv,	1529	while (!skipargs && (ch = getopt(argc, argv,
1519	"d:f:l:P:p:Q:u:cehR")) != -1) {	1530	"d:f:l:P:p:Q:u:t:cehR")) != -1) {
1520	switch (ch) {	1531	switch (ch) {
1521	case 'Q':	1532	case 'Q':
1522	if (strcasecmp(optarg, "requests") != 0) {	1533	if (strcasecmp(optarg, "requests") != 0) {
Lines 1576-1581 sftp_server_main(int argc, char *argv, struct passwd user_pw) Link Here
1576	fatal("Invalid umask \"%s\"", optarg);	1587	fatal("Invalid umask \"%s\"", optarg);
1577	(void)umask((mode_t)mask);	1588	(void)umask((mode_t)mask);
1578	break;	1589	break;
		1590	case 't':
		1591	timeout = atoi(optarg);
		1592	if (timeout <= 0) {
		1593	/* -t0 is redundant, though technically valid */
		1594	error("Invalid timeout: \"%s\". Ignored.",
		1595	optarg);
		1596	timeout = 0;
		1597	}
		1598	break;
1579	case 'h':	1599	case 'h':
1580	default:	1600	default:
1581	sftp_server_usage();	1601	sftp_server_usage();
Lines 1639-1644 sftp_server_main(int argc, char *argv, struct passwd user_pw) Link Here
1639	}	1659	}
1640		1660
1641	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);	1661	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
		1662	signal(SIGALRM, sftp_alarm_handler);
1642	for (;;) {	1663	for (;;) {
1643	memset(rset, 0, set_size);	1664	memset(rset, 0, set_size);
1644	memset(wset, 0, set_size);	1665	memset(wset, 0, set_size);
Lines 1660-1672 sftp_server_main(int argc, char *argv, struct passwd user_pw) Link Here
1660	if (olen > 0)	1681	if (olen > 0)
1661	FD_SET(out, wset);	1682	FD_SET(out, wset);
1662		1683
		1684	if (timeout > 0)
		1685	alarm(timeout);
		1686
1663	if (select(max+1, rset, wset, NULL, NULL) < 0) {	1687	if (select(max+1, rset, wset, NULL, NULL) < 0) {
		1688	if (g_timed_out){
		1689	debug("SFTP idle timeout, closing session.");
		1690	sftp_server_cleanup_exit(3);
		1691	}
1664	if (errno == EINTR)	1692	if (errno == EINTR)
1665	continue;	1693	continue;
1666	error("select: %s", strerror(errno));	1694	error("select: %s", strerror(errno));
1667	sftp_server_cleanup_exit(2);	1695	sftp_server_cleanup_exit(2);
1668	}	1696	}
1669		1697
		1698	if (timeout > 0)
		1699	alarm(0);
		1700
1670	/* copy stdin to iqueue */	1701	/* copy stdin to iqueue */
1671	if (FD_ISSET(in, rset)) {	1702	if (FD_ISSET(in, rset)) {
1672	len = read(in, buf, sizeof buf);	1703	len = read(in, buf, sizeof buf);
1673	-

Return to bug 2718