Home Explore Help
Sign In
openpkg
/
openpkg-packages
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0
Tree: c3057322ab
Branches Tags
openpkg-pack...
/
openssh
/
openssh.patch.sftplogging

openssh.patch.sftplogging 20 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706 
  1. Index: servconf.c
    2. 

  2. --- servconf.c.orig	2004-08-13 13:30:24 +0200
    3. 

  3. +++ servconf.c	2004-08-17 19:57:16 +0200
    4. 

  4. @@ -103,6 +103,15 @@
    5. 

  5.  	options->authorized_keys_file2 = NULL;
    6. 

  6.  	options->num_accept_env = 0;
    7. 

  7.  
    8. 

  8. +	options->log_sftp = LOG_SFTP_NOT_SET;
    9. 

  9. +        options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
    10. 

  10. +        options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
    11. 

  11. +
    12. 

  12. +	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
    13. 

  13. +
    14. 

  14. +	options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
    15. 

  15. +	options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
    16. 

  16. +
    17. 

  17.  	/* Needs to be accessable in many places */
    18. 

  18.  	use_privsep = -1;
    19. 

  19.  }
    20. 

  20. @@ -231,6 +240,24 @@
    21. 

  21.  	if (options->authorized_keys_file == NULL)
    22. 

  22.  		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
    23. 

  23.  
    24. 

  24. +	/* Turn sftp-server logging off by default */
    25. 

  25. +	if (options->log_sftp == LOG_SFTP_NOT_SET)
    26. 

  26. +		options->log_sftp = LOG_SFTP_NO;
    27. 

  27. +        if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET)
    28. 

  28. +                options->sftp_log_facility = SYSLOG_FACILITY_AUTH;
    29. 

  29. +        if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET)
    30. 

  30. +                options->sftp_log_level = SYSLOG_LEVEL_INFO;
    31. 

  31. +
    32. 

  32. +	/* Don't set sftp-server umask */
    33. 

  33. +	if (!options->sftp_umask)
    34. 

  34. +		memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
    35. 

  35. +
    36. 

  36. +	/* allow sftp client to issue chmod, chown / chgrp commands */
    37. 

  37. +	if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET)
    38. 

  38. +		options->sftp_permit_chmod = SFTP_PERMIT_YES;
    39. 

  39. +	if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET)
    40. 

  40. +		options->sftp_permit_chown = SFTP_PERMIT_YES;
    41. 

  41. +
    42. 

  42.  	/* Turn privilege separation on by default */
    43. 

  43.  	if (use_privsep == -1)
    44. 

  44.  		use_privsep = 1;
    45. 

  45. @@ -272,6 +299,9 @@
    46. 

  46.  	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
    47. 

  47.  	sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
    48. 

  48.  	sUsePrivilegeSeparation,
    49. 

  49. +	sLogSftp, sSftpLogFacility, sSftpLogLevel,
    50. 

  50. +	sSftpUmask,
    51. 

  51. +	sSftpPermitChown, sSftpPermitChmod,
    52. 

  52.  	sDeprecated, sUnsupported
    53. 

  53.  } ServerOpCodes;
    54. 

  54.  
    55. 

  55. @@ -281,6 +311,12 @@
    56. 

  56.  	ServerOpCodes opcode;
    57. 

  57.  } keywords[] = {
    58. 

  58.  	/* Portable-specific options */
    59. 

  59. + 	{ "logsftp", sLogSftp},
    60. 

  60. + 	{ "sftplogfacility", sSftpLogFacility},
    61. 

  61. + 	{ "sftploglevel", sSftpLogLevel},
    62. 

  62. + 	{ "sftpumask", sSftpUmask},
    63. 

  63. + 	{ "sftppermitchmod", sSftpPermitChmod},
    64. 

  64. + 	{ "sftppermitchown", sSftpPermitChown},
    65. 

  65.  #ifdef USE_PAM
    66. 

  66.  	{ "usepam", sUsePAM },
    67. 

  67.  #else
    68. 

  68. @@ -437,6 +473,8 @@
    69. 

  69.  	char *cp, **charptr, *arg, *p;
    70. 

  70.  	int *intptr, value, i, n;
    71. 

  71.  	ServerOpCodes opcode;
    72. 

  72. +	unsigned int umaskvalue = 0;
    73. 

  73. +	char *umaskptr;
    74. 

  74.  
    75. 

  75.  	cp = line;
    76. 

  76.  	arg = strdelim(&cp);
    77. 

  77. @@ -881,6 +919,58 @@
    78. 

  78.  	case sBanner:
    79. 

  79.  		charptr = &options->banner;
    80. 

  80.  		goto parse_filename;
    81. 

  81. +
    82. 

  82. +        case sLogSftp:
    83. 

  83. +                intptr = &options->log_sftp;
    84. 

  84. +                goto parse_flag;
    85. 

  85. +
    86. 

  86. +        case sSftpLogFacility:
    87. 

  87. +                intptr = (int *) &options->sftp_log_facility;
    88. 

  88. +                arg = strdelim(&cp);
    89. 

  89. +                value = log_facility_number(arg);
    90. 

  90. +                if (value == SYSLOG_FACILITY_NOT_SET)
    91. 

  91. +                        fatal("%.200s line %d: unsupported log facility '%s'",
    92. 

  92. +                            filename, linenum, arg ? arg : "<NONE>");
    93. 

  93. +                if (*intptr == -1)
    94. 

  94. +                        *intptr = (SyslogFacility) value;
    95. 

  95. +                break;
    96. 

  96. +
    97. 

  97. +        case sSftpLogLevel:
    98. 

  98. +                intptr = (int *) &options->sftp_log_level;
    99. 

  99. +                arg = strdelim(&cp);
    100. 

  100. +                value = log_level_number(arg);
    101. 

  101. +                if (value == SYSLOG_LEVEL_NOT_SET)
    102. 

  102. +                        fatal("%.200s line %d: unsupported log level '%s'",
    103. 

  103. +                            filename, linenum, arg ? arg : "<NONE>");
    104. 

  104. +                if (*intptr == -1)
    105. 

  105. +                        *intptr = (LogLevel) value;
    106. 

  106. +                break;
    107. 

  107. +
    108. 

  108. +        case sSftpUmask:
    109. 

  109. +                arg = strdelim(&cp);
    110. 

  110. +		umaskptr = arg;
    111. 

  111. +                while (*arg && *arg >= '0' && *arg <= '9')
    112. 

  112. +                    umaskvalue = umaskvalue * 8 + *arg++ - '0';
    113. 

  113. +                if (*arg || umaskvalue > 0777)
    114. 

  114. +                    fatal("%s line %d: bad value for umask",
    115. 

  115. +			    filename, linenum);
    116. 

  116. +		else {
    117. 

  117. +			while (*umaskptr && *umaskptr == '0')
    118. 

  118. +					*umaskptr++;
    119. 

  119. +			strncpy(options->sftp_umask, umaskptr,
    120. 

  120. +				SFTP_UMASK_LENGTH);
    121. 

  121. +		}
    122. 

  122. +
    123. 

  123. +                break;
    124. 

  124. +
    125. 

  125. +        case sSftpPermitChmod:
    126. 

  126. +                intptr = &options->sftp_permit_chmod;
    127. 

  127. +                goto parse_flag;
    128. 

  128. +
    129. 

  129. +        case sSftpPermitChown:
    130. 

  130. +                intptr = &options->sftp_permit_chown;
    131. 

  131. +                goto parse_flag;
    132. 

  132. +
    133. 

  133.  	/*
    134. 

  134.  	 * These options can contain %X options expanded at
    135. 

  135.  	 * connect time, so that you can specify paths like:
    136. 

  136. Index: servconf.h
    137. 

  137. --- servconf.h.orig	2004-06-25 05:33:20 +0200
    138. 

  138. +++ servconf.h	2004-08-17 19:55:16 +0200
    139. 

  139. @@ -35,6 +35,19 @@
    140. 

  140.  #define	PERMIT_NO_PASSWD	2
    141. 

  141.  #define	PERMIT_YES		3
    142. 

  142.  
    143. 

  143. +/* sftp-server logging */
    144. 

  144. +#define LOG_SFTP_NOT_SET	-1
    145. 

  145. +#define LOG_SFTP_NO		0
    146. 

  146. +#define LOG_SFTP_YES		1
    147. 

  147. +
    148. 

  148. +/* sftp-server umask control */
    149. 

  149. +#define SFTP_UMASK_LENGTH	5
    150. 

  150. +
    151. 

  151. +/* sftp-server client priviledge */
    152. 

  152. +#define SFTP_PERMIT_NOT_SET	-1
    153. 

  153. +#define SFTP_PERMIT_NO		0
    154. 

  154. +#define SFTP_PERMIT_YES		1
    155. 

  155. +
    156. 

  156.  #define DEFAULT_AUTH_FAIL_MAX	6	/* Default for MaxAuthTries */
    157. 

  157.  
    158. 

  158.  typedef struct {
    159. 

  159. @@ -133,6 +146,13 @@
    160. 

  160.  	char   *authorized_keys_file;	/* File containing public keys */
    161. 

  161.  	char   *authorized_keys_file2;
    162. 

  162.  	int	use_pam;		/* Enable auth via PAM */
    163. 

  163. +	int	log_sftp;		/* perform sftp-server logging */
    164. 

  164. +        SyslogFacility sftp_log_facility;    /* Facility for sftp subsystem logging. */
    165. 

  165. +        LogLevel sftp_log_level;     /* Level for sftp subsystem logging. */
    166. 

  166. +	char	sftp_umask[SFTP_UMASK_LENGTH];		/* Sftp Umask */
    167. 

  167. +	int	sftp_permit_chmod;
    168. 

  168. +	int	sftp_permit_chown;
    169. 

  169. +
    170. 

  170.  }       ServerOptions;
    171. 

  171.  
    172. 

  172.  void	 initialize_server_options(ServerOptions *);
    173. 

  173. Index: session.c
    174. 

  174. --- session.c.orig	2004-08-12 14:40:25 +0200
    175. 

  175. +++ session.c	2004-08-17 19:54:21 +0200
    176. 

  176. @@ -112,6 +112,15 @@
    177. 

  177.  
    178. 

  178.  static int is_child = 0;
    179. 

  179.  
    180. 

  180. +/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the 
    181. 

  181. +   environment to the sftp-server subsystem. */
    182. 

  182. +static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
    183. 

  183. +	"7", "8", "9", "10", "11", "-1" };
    184. 

  184. +static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
    185. 

  185. +	"7", "-1" };
    186. 

  186. +
    187. 

  187. +static char *sftpumask;
    188. 

  188. +
    189. 

  189.  /* Name and directory of socket for authentication agent forwarding. */
    190. 

  190.  static char *auth_sock_name = NULL;
    191. 

  191.  static char *auth_sock_dir = NULL;
    192. 

  192. @@ -974,6 +983,7 @@
    193. 

  193.  	env = xmalloc(envsize * sizeof(char *));
    194. 

  194.  	env[0] = NULL;
    195. 

  195.  
    196. 

  196. +
    197. 

  197.  #ifdef HAVE_CYGWIN
    198. 

  198.  	/*
    199. 

  199.  	 * The Windows environment contains some setting which are
    200. 

  200. @@ -1118,6 +1128,67 @@
    201. 

  201.  		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
    202. 

  202.  		    auth_sock_name);
    203. 

  203.  
    204. 

  204. +	/* LOG_SFTP */
    205. 

  205. +	if (options.log_sftp == -1 )
    206. 

  206. +		child_set_env(&env, &envsize, "LOG_SFTP", "-1");
    207. 

  207. +	else if (options.log_sftp == 0)
    208. 

  208. +		child_set_env(&env, &envsize, "LOG_SFTP", "0");
    209. 

  209. +	else
    210. 

  210. +		child_set_env(&env, &envsize, "LOG_SFTP", "1");
    211. 

  211. +
    212. 

  212. +	/* SFTP_LOG_FACILITY */
    213. 

  213. +	if (options.sftp_log_facility < 0)
    214. 

  214. +		child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
    215. 

  215. +			"-1");
    216. 

  216. +	else
    217. 

  217. +		child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", 
    218. 

  218. +			sysfac_to_int[options.sftp_log_facility]);
    219. 

  219. +
    220. 

  220. +	/* SFTP_LOG_LEVEL */
    221. 

  221. +        if (options.sftp_log_level < 0)
    222. 

  222. +                child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
    223. 

  223. +                        "-1");
    224. 

  224. +        else
    225. 

  225. +                child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
    226. 

  226. +                        syslevel_to_int[options.sftp_log_level]);
    227. 

  227. +
    228. 

  228. +	/* SFTP_UMASK */
    229. 

  229. +
    230. 

  230. +	if (options.sftp_umask[0] == '\0')
    231. 

  231. +		child_set_env(&env, &envsize, "SFTP_UMASK", 
    232. 

  232. +			"" );
    233. 

  233. +	else {
    234. 

  234. +		if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) {
    235. 

  235. +
    236. 

  236. +logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \
    237. 

  237. +will be turned off.");
    238. 

  238. +
    239. 

  239. +		child_set_env(&env, &envsize, "SFTP_UMASK", 
    240. 

  240. +			"" );
    241. 

  241. +		} else {
    242. 

  242. +			strncpy(sftpumask, options.sftp_umask,
    243. 

  243. +				SFTP_UMASK_LENGTH);
    244. 

  244. +			child_set_env(&env, &envsize, "SFTP_UMASK", 
    245. 

  245. +				sftpumask );
    246. 

  246. +		}
    247. 

  247. +	}
    248. 

  248. +
    249. 

  249. +        /* SFTP_PERMIT_CHMOD */
    250. 

  250. +        if (options.sftp_permit_chmod == -1 )
    251. 

  251. +                child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1");
    252. 

  252. +        else if (options.sftp_permit_chmod == 0)
    253. 

  253. +                child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0");
    254. 

  254. +        else
    255. 

  255. +                child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1");
    256. 

  256. +
    257. 

  257. +        /* SFTP_PERMIT_CHOWN */
    258. 

  258. +        if (options.sftp_permit_chown == -1 )
    259. 

  259. +                child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1");
    260. 

  260. +        else if (options.sftp_permit_chown == 0)
    261. 

  261. +                child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0");
    262. 

  262. +        else
    263. 

  263. +                child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1");
    264. 

  264. +
    265. 

  265.  	/* read $HOME/.ssh/environment. */
    266. 

  266.  	if (options.permit_user_env && !options.use_login) {
    267. 

  267.  		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
    268. 

  268. Index: sftp-server.8
    269. 

  269. --- sftp-server.8.orig	2003-10-15 07:50:43 +0200
    270. 

  270. +++ sftp-server.8	2004-08-17 19:54:21 +0200
    271. 

  271. @@ -41,6 +41,20 @@
    272. 

  272.  .Cm Subsystem
    273. 

  273.  option.
    274. 

  274.  See
    275. 

  275. +.Xr sshd 8
    276. 

  276. +for more information. Sftp-server transactions may be logged
    277. 

  277. +using the
    278. 

  278. +.Cm LogSftp , 
    279. 

  279. +.Cm SftpLogFacility ,
    280. 

  280. +and
    281. 

  281. +.Cm SftpLogLevel
    282. 

  282. +options. The administrator may exert control over the file and directory
    283. 

  283. +permission and ownership, with
    284. 

  284. +.Cm SftpUmask ,
    285. 

  285. +.Cm SftpPermitChmod ,
    286. 

  286. +and
    287. 

  287. +.Cm SftpPermitChown
    288. 

  288. +. See
    289. 

  289.  .Xr sshd_config 5
    290. 

  290.  for more information.
    291. 

  291.  .Sh SEE ALSO
    292. 

  292. Index: sftp-server.c
    293. 

  293. --- sftp-server.c.orig	2004-07-17 06:07:42 +0200
    294. 

  294. +++ sftp-server.c	2004-08-17 19:56:22 +0200
    295. 

  295. @@ -31,6 +31,13 @@
    296. 

  296.  #define get_string(lenp)		buffer_get_string(&iqueue, lenp);
    297. 

  297.  #define TRACE				debug
    298. 

  298.  
    299. 

  299. +/* SFTP_UMASK */
    300. 

  300. +static mode_t setumask = 0;
    301. 

  301. +
    302. 

  302. +static int permit_chmod = 1;
    303. 

  303. +static int permit_chown = 1;
    304. 

  304. +static int permit_logging = 0;
    305. 

  305. +
    306. 

  306.  extern char *__progname;
    307. 

  307.  
    308. 

  308.  /* input and output queue */
    309. 

  309. @@ -381,6 +388,14 @@
    310. 

  310.  	a = get_attrib();
    311. 

  311.  	flags = flags_from_portable(pflags);
    312. 

  312.  	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
    313. 

  313. +
    314. 

  314. +	if (setumask != 0) {
    315. 

  315. +		if ( permit_logging == 1 )
    316. 

  316. +		logit("setting file creation mode to 0666 and umask to %o", setumask);
    317. 

  317. +		mode = 0666;
    318. 

  318. +		umask(setumask);
    319. 

  319. +	}
    320. 

  320. +
    321. 

  321.  	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
    322. 

  322.  	fd = open(name, flags, mode);
    323. 

  323.  	if (fd < 0) {
    324. 

  324. @@ -394,6 +409,8 @@
    325. 

  325.  			status = SSH2_FX_OK;
    326. 

  326.  		}
    327. 

  327.  	}
    328. 

  328. +	if ( permit_logging == 1 )
    329. 

  329. +	logit("open %s", name);
    330. 

  330.  	if (status != SSH2_FX_OK)
    331. 

  331.  		send_status(id, status);
    332. 

  332.  	xfree(name);
    333. 

  333. @@ -430,6 +447,7 @@
    334. 

  334.  	    (u_int64_t)off, len);
    335. 

  335.  	if (len > sizeof buf) {
    336. 

  336.  		len = sizeof buf;
    337. 

  337. +		if ( permit_logging == 1 )
    338. 

  338.  		logit("read change len %d", len);
    339. 

  339.  	}
    340. 

  340.  	fd = handle_to_fd(handle);
    341. 

  341. @@ -449,6 +467,8 @@
    342. 

  342.  			}
    343. 

  343.  		}
    344. 

  344.  	}
    345. 

  345. +	if ( permit_logging == 1 )
    346. 

  346. +	logit("reading file");
    347. 

  347.  	if (status != SSH2_FX_OK)
    348. 

  348.  		send_status(id, status);
    349. 

  349.  }
    350. 

  350. @@ -483,10 +503,13 @@
    351. 

  351.  			} else if (ret == len) {
    352. 

  352.  				status = SSH2_FX_OK;
    353. 

  353.  			} else {
    354. 

  354. +				if ( permit_logging == 1 )
    355. 

  355.  				logit("nothing at all written");
    356. 

  356.  			}
    357. 

  357.  		}
    358. 

  358.  	}
    359. 

  359. +	if ( permit_logging == 1 )
    360. 

  360. +	logit("writing file");
    361. 

  361.  	send_status(id, status);
    362. 

  362.  	xfree(data);
    363. 

  363.  }
    364. 

  364. @@ -579,24 +602,46 @@
    365. 

  365.  	a = get_attrib();
    366. 

  366.  	TRACE("setstat id %u name %s", id, name);
    367. 

  367.  	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
    368. 

  368. +if ( permit_logging == 1 )
    369. 

  369. +logit("process_setstat: truncate");
    370. 

  370.  		ret = truncate(name, a->size);
    371. 

  371.  		if (ret == -1)
    372. 

  372.  			status = errno_to_portable(errno);
    373. 

  373.  	}
    374. 

  374.  	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
    375. 

  375. +		if (permit_chmod == 1) {
    376. 

  376.  		ret = chmod(name, a->perm & 0777);
    377. 

  377.  		if (ret == -1)
    378. 

  378.  			status = errno_to_portable(errno);
    379. 

  379. +			else
    380. 

  380. +				if ( permit_logging == 1 )
    381. 

  381. +				logit("chmod'ed %s", name);
    382. 

  382. +		} else {
    383. 

  383. +			status = SSH2_FX_PERMISSION_DENIED;
    384. 

  384. +			if ( permit_logging == 1 )
    385. 

  385. +			logit("chmod %s: operation prohibited by sftp-server configuration.", name);
    386. 

  386. +		}
    387. 

  387.  	}
    388. 

  388.  	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
    389. 

  389. +if ( permit_logging == 1 )
    390. 

  390. +logit("process_setstat: utimes");
    391. 

  391.  		ret = utimes(name, attrib_to_tv(a));
    392. 

  392.  		if (ret == -1)
    393. 

  393.  			status = errno_to_portable(errno);
    394. 

  394.  	}
    395. 

  395.  	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
    396. 

  396. +		if (permit_chown == 1) {
    397. 

  397.  		ret = chown(name, a->uid, a->gid);
    398. 

  398.  		if (ret == -1)
    399. 

  399.  			status = errno_to_portable(errno);
    400. 

  400. +			else
    401. 

  401. +				if ( permit_logging == 1 )
    402. 

  402. +				logit("chown'ed %s.", name);
    403. 

  403. +		} else {
    404. 

  404. +			status = SSH2_FX_PERMISSION_DENIED;
    405. 

  405. +			if ( permit_logging == 1 )
    406. 

  406. +			logit("chown %s: operation prohibited by sftp-server configuration.", name);
    407. 

  407. +		}
    408. 

  408.  	}
    409. 

  409.  	send_status(id, status);
    410. 

  410.  	xfree(name);
    411. 

  411. @@ -611,6 +656,9 @@
    412. 

  412.  	int status = SSH2_FX_OK;
    413. 

  413.  	char *name;
    414. 

  414.  
    415. 

  415. +if ( permit_logging == 1 )
    416. 

  416. +logit("process_fsetstat");
    417. 

  417. +
    418. 

  418.  	id = get_int();
    419. 

  419.  	handle = get_handle();
    420. 

  420.  	a = get_attrib();
    421. 

  421. @@ -621,11 +669,14 @@
    422. 

  422.  		status = SSH2_FX_FAILURE;
    423. 

  423.  	} else {
    424. 

  424.  		if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
    425. 

  425. +if ( permit_logging == 1 )
    426. 

  426. +logit("process_fsetstat: ftruncate");
    427. 

  427.  			ret = ftruncate(fd, a->size);
    428. 

  428.  			if (ret == -1)
    429. 

  429.  				status = errno_to_portable(errno);
    430. 

  430.  		}
    431. 

  431.  		if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
    432. 

  432. +			if (permit_chmod == 1) {
    433. 

  433.  #ifdef HAVE_FCHMOD
    434. 

  434.  			ret = fchmod(fd, a->perm & 0777);
    435. 

  435.  #else
    436. 

  436. @@ -633,8 +684,18 @@
    437. 

  437.  #endif
    438. 

  438.  			if (ret == -1)
    439. 

  439.  				status = errno_to_portable(errno);
    440. 

  440. +				else
    441. 

  441. +					if ( permit_logging == 1 )
    442. 

  442. +					logit("chmod: succeeded.");
    443. 

  443. +			} else {
    444. 

  444. +	                        status = SSH2_FX_PERMISSION_DENIED;
    445. 

  445. +				if ( permit_logging == 1 )
    446. 

  446. +				logit("chmod: operation prohibited by sftp-server configuration.");
    447. 

  447. +			}
    448. 

  448.  		}
    449. 

  449.  		if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
    450. 

  450. +if ( permit_logging == 1 )
    451. 

  451. +logit("process_fsetstat: utimes");
    452. 

  452.  #ifdef HAVE_FUTIMES
    453. 

  453.  			ret = futimes(fd, attrib_to_tv(a));
    454. 

  454.  #else
    455. 

  455. @@ -644,6 +705,7 @@
    456. 

  456.  				status = errno_to_portable(errno);
    457. 

  457.  		}
    458. 

  458.  		if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
    459. 

  459. +			if (permit_chown == 1) {
    460. 

  460.  #ifdef HAVE_FCHOWN
    461. 

  461.  			ret = fchown(fd, a->uid, a->gid);
    462. 

  462.  #else
    463. 

  463. @@ -651,6 +713,14 @@
    464. 

  464.  #endif
    465. 

  465.  			if (ret == -1)
    466. 

  466.  				status = errno_to_portable(errno);
    467. 

  467. +				else
    468. 

  468. +					if ( permit_logging == 1 )
    469. 

  469. +					logit("chown: succeeded");
    470. 

  470. +			} else {
    471. 

  471. +				status = SSH2_FX_PERMISSION_DENIED;
    472. 

  472. +				if ( permit_logging == 1 )
    473. 

  473. +				logit("chown: operation prohibited by sftp-server configuration.");
    474. 

  474. +			}
    475. 

  475.  		}
    476. 

  476.  	}
    477. 

  477.  	send_status(id, status);
    478. 

  478. @@ -680,6 +750,8 @@
    479. 

  479.  		}
    480. 

  480.  
    481. 

  481.  	}
    482. 

  482. +	if ( permit_logging == 1 )
    483. 

  483. +	logit("opendir %s", path);
    484. 

  484.  	if (status != SSH2_FX_OK)
    485. 

  485.  		send_status(id, status);
    486. 

  486.  	xfree(path);
    487. 

  487. @@ -753,6 +825,8 @@
    488. 

  488.  	TRACE("remove id %u name %s", id, name);
    489. 

  489.  	ret = unlink(name);
    490. 

  490.  	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
    491. 

  491. +	if ( permit_logging == 1 )
    492. 

  492. +	logit("remove file %s", name);
    493. 

  493.  	send_status(id, status);
    494. 

  494.  	xfree(name);
    495. 

  495.  }
    496. 

  496. @@ -770,9 +844,19 @@
    497. 

  497.  	a = get_attrib();
    498. 

  498.  	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
    499. 

  499.  	    a->perm & 0777 : 0777;
    500. 

  500. +
    501. 

  501. +        if (setumask != 0) {
    502. 

  502. +		if ( permit_logging == 1 )
    503. 

  503. +                logit("setting directory creation mode to 0777 and umask to %o.", setumask);
    504. 

  504. +                mode = 0777;
    505. 

  505. +                umask(setumask);
    506. 

  506. +        }
    507. 

  507. +
    508. 

  508.  	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
    509. 

  509.  	ret = mkdir(name, mode);
    510. 

  510.  	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
    511. 

  511. +	if ( permit_logging == 1 )
    512. 

  512. +	logit("mkdir %s", name);
    513. 

  513.  	send_status(id, status);
    514. 

  514.  	xfree(name);
    515. 

  515.  }
    516. 

  516. @@ -789,6 +873,8 @@
    517. 

  517.  	TRACE("rmdir id %u name %s", id, name);
    518. 

  518.  	ret = rmdir(name);
    519. 

  519.  	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
    520. 

  520. +	if ( permit_logging == 1 )
    521. 

  521. +	logit("rmdir %s", name);
    522. 

  522.  	send_status(id, status);
    523. 

  523.  	xfree(name);
    524. 

  524.  }
    525. 

  525. @@ -815,6 +901,8 @@
    526. 

  526.  		s.name = s.long_name = resolvedname;
    527. 

  527.  		send_names(id, 1, &s);
    528. 

  528.  	}
    529. 

  529. +	if ( permit_logging == 1 )
    530. 

  530. +	logit("realpath %s", path);
    531. 

  531.  	xfree(path);
    532. 

  532.  }
    533. 

  533.  
    534. 

  534. @@ -870,6 +958,8 @@
    535. 

  535.  			status = SSH2_FX_OK;
    536. 

  536.  	}
    537. 

  537.  	send_status(id, status);
    538. 

  538. +	if ( permit_logging == 1 )
    539. 

  539. +	logit("rename old %s new %s", oldpath, newpath);
    540. 

  540.  	xfree(oldpath);
    541. 

  541.  	xfree(newpath);
    542. 

  542.  }
    543. 

  543. @@ -895,6 +985,8 @@
    544. 

  544.  		s.name = s.long_name = buf;
    545. 

  545.  		send_names(id, 1, &s);
    546. 

  546.  	}
    547. 

  547. +	if ( permit_logging == 1 )
    548. 

  548. +	logit("readlink %s", path);
    549. 

  549.  	xfree(path);
    550. 

  550.  }
    551. 

  551.  
    552. 

  552. @@ -913,6 +1005,8 @@
    553. 

  553.  	ret = symlink(oldpath, newpath);
    554. 

  554.  	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
    555. 

  555.  	send_status(id, status);
    556. 

  556. +	if ( permit_logging == 1 )
    557. 

  557. +	logit("symlink old %s new %s", oldpath, newpath);
    558. 

  558.  	xfree(oldpath);
    559. 

  559.  	xfree(newpath);
    560. 

  560.  }
    561. 

  561. @@ -1034,6 +1128,8 @@
    562. 

  562.  {
    563. 

  563.  	fd_set *rset, *wset;
    564. 

  564.  	int in, out, max;
    565. 

  565. +	unsigned int val = 0;
    566. 

  566. +	char *umask_env;
    567. 

  567.  	ssize_t len, olen, set_size;
    568. 

  568.  
    569. 

  569.  	/* XXX should use getopt */
    570. 

  570. @@ -1041,6 +1137,16 @@
    571. 

  571.  	__progname = ssh_get_progname(av[0]);
    572. 

  572.  	handle_init();
    573. 

  573.  
    574. 

  574. +	/* Transaction logging */
    575. 

  575. +
    576. 

  576. +	if (atoi(getenv("LOG_SFTP")) == 1)
    577. 

  577. +	{
    578. 

  578. +		permit_logging = 1;
    579. 

  579. +		log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")),
    580. 

  580. +			atoi(getenv("SFTP_LOG_FACILITY")), 0);
    581. 

  581. +	};
    582. 

  582. +
    583. 

  583. +
    584. 

  584.  #ifdef DEBUG_SFTP_SERVER
    585. 

  585.  	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
    586. 

  586.  #endif
    587. 

  587. @@ -1048,6 +1154,39 @@
    588. 

  588.  	in = dup(STDIN_FILENO);
    589. 

  589.  	out = dup(STDOUT_FILENO);
    590. 

  590.  
    591. 

  591. +	if ( permit_logging == 1 )
    592. 

  592. +	logit("Starting sftp-server logging for user %s.", getenv("USER"));
    593. 

  593. +
    594. 

  594. +	/* Umask control */
    595. 

  595. +
    596. 

  596. +	umask_env = getenv("SFTP_UMASK");
    597. 

  597. +	while (*umask_env && *umask_env >= '0' && *umask_env <= '9')
    598. 

  598. +		val = val * 8 + *umask_env++ - '0';
    599. 

  599. +
    600. 

  600. +	if (*umask_env || val > 0777 || val == 0) {
    601. 

  601. +		if ( permit_logging == 1 )
    602. 

  602. +		logit("bad value %o for SFTP_UMASK, turning umask control off.", val);
    603. 

  603. +		setumask = 0;
    604. 

  604. +	} else {
    605. 

  605. +		if ( permit_logging == 1 )
    606. 

  606. +		logit("umask control is on.");
    607. 

  607. +		setumask = val;
    608. 

  608. +	};
    609. 

  609. +
    610. 

  610. +
    611. 

  611. +	/* Sensitive client commands */
    612. 

  612. +	
    613. 

  613. +        if (atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) {
    614. 

  614. +		permit_chmod = 0;
    615. 

  615. +		if ( permit_logging == 1 )
    616. 

  616. +                logit("client is not permitted to chmod.");
    617. 

  617. +	};
    618. 

  618. +        if (atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) {
    619. 

  619. +		permit_chown = 0;
    620. 

  620. +		if ( permit_logging == 1 )
    621. 

  621. +                logit("client is not permitted to chown.");
    622. 

  622. +	};
    623. 

  623. +
    624. 

  624.  #ifdef HAVE_CYGWIN
    625. 

  625.  	setmode(in, O_BINARY);
    626. 

  626.  	setmode(out, O_BINARY);
    627. 

  627. @@ -1087,6 +1226,8 @@
    628. 

  628.  			len = read(in, buf, sizeof buf);
    629. 

  629.  			if (len == 0) {
    630. 

  630.  				debug("read eof");
    631. 

  631. +				if ( permit_logging == 1 )
    632. 

  632. +				logit("sftp-server finished.");
    633. 

  633.  				exit(0);
    634. 

  634.  			} else if (len < 0) {
    635. 

  635.  				error("read error");
    636. 

  636. Index: sshd_config.5
    637. 

  637. --- sshd_config.5.orig	2004-06-30 14:39:34 +0200
    638. 

  638. +++ sshd_config.5	2004-08-17 19:54:21 +0200
    639. 

  639. @@ -407,6 +407,10 @@
    640. 

  640.  DEBUG and DEBUG1 are equivalent.
    641. 

  641.  DEBUG2 and DEBUG3 each specify higher levels of debugging output.
    642. 

  642.  Logging with a DEBUG level violates the privacy of users and is not recommended.
    643. 

  643. +.It Cm LogSftp
    644. 

  644. +Specifies whether to perform logging of
    645. 

  645. +.Nm sftp-server
    646. 

  646. +subsystem transactions. Must be "yes" or "no." The default value is "no."
    647. 

  647.  .It Cm MACs
    648. 

  648.  Specifies the available MAC (message authentication code) algorithms.
    649. 

  649.  The MAC algorithm is used in protocol version 2
    650. 

  650. @@ -567,6 +571,37 @@
    651. 

  651.  .It Cm ServerKeyBits
    652. 

  652.  Defines the number of bits in the ephemeral protocol version 1 server key.
    653. 

  653.  The minimum value is 512, and the default is 768.
    654. 

  654. +.It Cm SftpLogFacility
    655. 

  655. +Gives the facility code that is used when logging
    656. 

  656. +.Nm sftp-server .
    657. 

  657. +transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0,
    658. 

  658. +LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
    659. 

  659. +The default is AUTH.
    660. 

  660. +.It Cm SftpLogLevel
    661. 

  661. +Gives the verbosity level that is used when logging messages from
    662. 

  662. +.Nm sftp-server .
    663. 

  663. +The possible values are:
    664. 

  664. +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
    665. 

  665. +The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
    666. 

  666. +and DEBUG3 each specify higher levels of debugging output.
    667. 

  667. +Logging with a DEBUG level violates the privacy of users
    668. 

  668. +and is not recommended.
    669. 

  669. +.It Cm SftpPermitChmod
    670. 

  670. +Specifies whether the sftp-server allows the sftp client to execute chmod 
    671. 

  671. +commands on the server. The default is yes.
    672. 

  672. +.It Cm SftpPermitChown
    673. 

  673. +Specifies whether the sftp-server allows the sftp client to execute chown
    674. 

  674. +or chgrp commands on the server. Turning this value on means that the client
    675. 

  675. +is allowed to execute both chown and chgrp commands. Turning it off means that
    676. 

  676. +the client is prohibited from executing either chown or chgrp.
    677. 

  677. + The default is yes.
    678. 

  678. +.It Cm SftpUmask
    679. 

  679. +Specifies an optional umask for 
    680. 

  680. +.Nm sftp-server
    681. 

  681. +subsystem transactions. If a umask is given, this umask will override all system, 
    682. 

  682. +environment or sftp client permission modes. If
    683. 

  683. +no umask or an invalid umask is given, file creation mode defaults to the permission
    684. 

  684. +mode specified by the sftp client. The default is for no umask.
    685. 

  685.  .It Cm StrictModes
    686. 

  686.  Specifies whether
    687. 

  687.  .Nm sshd
    688. 

  688. Index: sshd_config
    689. 

  689. --- sshd_config.orig	2004-05-24 02:36:24 +0200
    690. 

  690. +++ sshd_config	2004-08-17 19:54:21 +0200
    691. 

  691. @@ -101,3 +101,14 @@
    692. 

  692.  
    693. 

  693.  # override default of no subsystems
    694. 

  694.  Subsystem	sftp	/usr/libexec/sftp-server
    695. 

  695. +
    696. 

  696. +# sftp-server logging
    697. 

  697. +#LogSftp no
    698. 

  698. +#SftpLogFacility AUTH
    699. 

  699. +#SftpLogLevel INFO
    700. 

  700. +
    701. 

  701. +# sftp-server umask control
    702. 

  702. +#SftpUmask
    703. 

  703. +
    704. 

  704. +#SftpPermitChmod yes
    705. 

  705. +#SftpPermitChown yes
    706. 

  706.