Attachment #53482 for bug #82372

Lines 103-108 Link Here

(-)openssh-3.9p1/servconf.c (+91 lines)
103	options->authorized_keys_file2 = NULL;	103	options->authorized_keys_file2 = NULL;
104	options->num_accept_env = 0;	104	options->num_accept_env = 0;
105		105
		106	options->log_sftp = LOG_SFTP_NOT_SET;
		107	options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
		108	options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
		109
		110	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
		111
		112	options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
		113	options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
		114
106	/* Needs to be accessable in many places */	115	/* Needs to be accessable in many places */
107	use_privsep = -1;	116	use_privsep = -1;
108	}	117	}
Lines 231-236 Link Here
231	if (options->authorized_keys_file == NULL)	240	if (options->authorized_keys_file == NULL)
232	options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;	241	options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
233		242
		243	/* Turn sftp-server logging off by default */
		244	if (options->log_sftp == LOG_SFTP_NOT_SET)
		245	options->log_sftp = LOG_SFTP_NO;
		246	if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET)
		247	options->sftp_log_facility = SYSLOG_FACILITY_AUTH;
		248	if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET)
		249	options->sftp_log_level = SYSLOG_LEVEL_INFO;
		250
		251	/* Don't set sftp-server umask */
		252	if (!options->sftp_umask)
		253	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
		254
		255	/* allow sftp client to issue chmod, chown / chgrp commands */
		256	if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET)
		257	options->sftp_permit_chmod = SFTP_PERMIT_YES;
		258	if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET)
		259	options->sftp_permit_chown = SFTP_PERMIT_YES;
		260
234	/* Turn privilege separation on by default */	261	/* Turn privilege separation on by default */
235	if (use_privsep == -1)	262	if (use_privsep == -1)
236	use_privsep = 1;	263	use_privsep = 1;
Lines 252-257 Link Here
252	/* Portable-specific options */	279	/* Portable-specific options */
253	sUsePAM,	280	sUsePAM,
254	/* Standard Options */	281	/* Standard Options */
		282	sLogSftp, sSftpLogFacility, sSftpLogLevel,
		283	sSftpUmask,
		284	sSftpPermitChown, sSftpPermitChmod,
255	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,	285	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
256	sPermitRootLogin, sLogFacility, sLogLevel,	286	sPermitRootLogin, sLogFacility, sLogLevel,
257	sRhostsRSAAuthentication, sRSAAuthentication,	287	sRhostsRSAAuthentication, sRSAAuthentication,
Lines 338-343 Link Here
338	{ "printmotd", sPrintMotd },	368	{ "printmotd", sPrintMotd },
339	{ "printlastlog", sPrintLastLog },	369	{ "printlastlog", sPrintLastLog },
340	{ "ignorerhosts", sIgnoreRhosts },	370	{ "ignorerhosts", sIgnoreRhosts },
		371	{ "logsftp", sLogSftp},
		372	{ "sftplogfacility", sSftpLogFacility},
		373	{ "sftploglevel", sSftpLogLevel},
		374	{ "sftpumask", sSftpUmask},
		375	{ "sftppermitchmod", sSftpPermitChmod},
		376	{ "sftppermitchown", sSftpPermitChown},
341	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },	377	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
342	{ "x11forwarding", sX11Forwarding },	378	{ "x11forwarding", sX11Forwarding },
343	{ "x11displayoffset", sX11DisplayOffset },	379	{ "x11displayoffset", sX11DisplayOffset },
Lines 437-442 Link Here
437	char cp, charptr, arg, *p;	473	char cp, charptr, arg, *p;
438	int *intptr, value, i, n;	474	int *intptr, value, i, n;
439	ServerOpCodes opcode;	475	ServerOpCodes opcode;
		476	unsigned int umaskvalue = 0;
		477	char *umaskptr;
440		478
441	cp = line;	479	cp = line;
442	arg = strdelim(&cp);	480	arg = strdelim(&cp);
Lines 881-886 Link Here
881	case sBanner:	919	case sBanner:
882	charptr = &options->banner;	920	charptr = &options->banner;
883	goto parse_filename;	921	goto parse_filename;
		922
		923	case sLogSftp:
		924	intptr = &options->log_sftp;
		925	goto parse_flag;
		926
		927	case sSftpLogFacility:
		928	intptr = (int *) &options->sftp_log_facility;
		929	arg = strdelim(&cp);
		930	value = log_facility_number(arg);
		931	if (value == SYSLOG_FACILITY_NOT_SET)
		932	fatal("%.200s line %d: unsupported log facility '%s'",
		933	filename, linenum, arg ? arg : "<NONE>");
		934	if (*intptr == -1)
		935	*intptr = (SyslogFacility) value;
		936	break;
		937
		938	case sSftpLogLevel:
		939	intptr = (int *) &options->sftp_log_level;
		940	arg = strdelim(&cp);
		941	value = log_level_number(arg);
		942	if (value == SYSLOG_LEVEL_NOT_SET)
		943	fatal("%.200s line %d: unsupported log level '%s'",
		944	filename, linenum, arg ? arg : "<NONE>");
		945	if (*intptr == -1)
		946	*intptr = (LogLevel) value;
		947	break;
		948
		949	case sSftpUmask:
		950	arg = strdelim(&cp);
		951	umaskptr = arg;
		952	while (arg && arg && arg >= '0' && *arg <= '9')
		953	umaskvalue = umaskvalue * 8 + *arg++ - '0';
		954	if (!arg \|\| *arg \|\| umaskvalue > 0777)
		955	fatal("%s line %d: bad value for sSftpUmask",
		956	filename, linenum);
		957	else {
		958	while (umaskptr && umaskptr == '0')
		959	*umaskptr++;
		960	strncpy(options->sftp_umask, umaskptr,
		961	SFTP_UMASK_LENGTH);
		962	}
		963
		964	break;
		965
		966	case sSftpPermitChmod:
		967	intptr = &options->sftp_permit_chmod;
		968	goto parse_flag;
		969
		970	case sSftpPermitChown:
		971	intptr = &options->sftp_permit_chown;
		972	goto parse_flag;
		973
884	/*	974	/*
885	* These options can contain %X options expanded at	975	* These options can contain %X options expanded at
886	* connect time, so that you can specify paths like:	976	* connect time, so that you can specify paths like:
Lines 936-941 Link Here
936	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')	1026	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
937	fatal("%s line %d: garbage at end of line; \"%.200s\".",	1027	fatal("%s line %d: garbage at end of line; \"%.200s\".",
938	filename, linenum, arg);	1028	filename, linenum, arg);
		1029
939	return 0;	1030	return 0;
940	}	1031	}
941		1032

Lines 20-25 Link Here

(-)openssh-3.9p1/servconf.h (+19 lines)
20		20
21	#define MAX_PORTS 256 /* Max # ports. */	21	#define MAX_PORTS 256 /* Max # ports. */
22		22
		23	/* sftp-server logging */
		24	#define LOG_SFTP_NOT_SET -1
		25	#define LOG_SFTP_NO 0
		26	#define LOG_SFTP_YES 1
		27
		28	/* sftp-server umask control */
		29	#define SFTP_UMASK_LENGTH 5
		30
		31	/* sftp-server client priviledge */
		32	#define SFTP_PERMIT_NOT_SET -1
		33	#define SFTP_PERMIT_NO 0
		34	#define SFTP_PERMIT_YES 1
		35
23	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */	36	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
24	#define MAX_DENY_USERS 256 /* Max # users on deny list. */	37	#define MAX_DENY_USERS 256 /* Max # users on deny list. */
25	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */	38	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
Lines 98-103 Link Here
98	int use_login; /* If true, login(1) is used */	111	int use_login; /* If true, login(1) is used */
99	int compression; /* If true, compression is allowed */	112	int compression; /* If true, compression is allowed */
100	int allow_tcp_forwarding;	113	int allow_tcp_forwarding;
		114	int log_sftp; /* perform sftp-server logging */
		115	SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */
		116	LogLevel sftp_log_level; /* Level for sftp subsystem logging. */
		117	char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */
		118	int sftp_permit_chmod;
		119	int sftp_permit_chown;
101	u_int num_allow_users;	120	u_int num_allow_users;
102	char *allow_users[MAX_ALLOW_USERS];	121	char *allow_users[MAX_ALLOW_USERS];
103	u_int num_deny_users;	122	u_int num_deny_users;

Lines 112-117 Link Here

(-)openssh-3.9p1/session.c (+71 lines)
112		112
113	static int is_child = 0;	113	static int is_child = 0;
114		114
		115	/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the
		116	environment to the sftp-server subsystem. */
		117	static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
		118	"7", "8", "9", "10", "11", "-1" };
		119	static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
		120	"7", "-1" };
		121
		122	static char *sftpumask;
		123
115	/* Name and directory of socket for authentication agent forwarding. */	124	/* Name and directory of socket for authentication agent forwarding. */
116	static char *auth_sock_name = NULL;	125	static char *auth_sock_name = NULL;
117	static char *auth_sock_dir = NULL;	126	static char *auth_sock_dir = NULL;
Lines 974-979 Link Here
974	env = xmalloc(envsize * sizeof(char *));	983	env = xmalloc(envsize * sizeof(char *));
975	env[0] = NULL;	984	env[0] = NULL;
976		985
		986
977	#ifdef HAVE_CYGWIN	987	#ifdef HAVE_CYGWIN
978	/*	988	/*
979	* The Windows environment contains some setting which are	989	* The Windows environment contains some setting which are
Lines 1118-1123 Link Here
1118	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,	1128	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
1119	auth_sock_name);	1129	auth_sock_name);
1120		1130
		1131	/* LOG_SFTP */
		1132	if (options.log_sftp == -1 )
		1133	child_set_env(&env, &envsize, "LOG_SFTP", "-1");
		1134	else if (options.log_sftp == 0)
		1135	child_set_env(&env, &envsize, "LOG_SFTP", "0");
		1136	else
		1137	child_set_env(&env, &envsize, "LOG_SFTP", "1");
		1138
		1139	/* SFTP_LOG_FACILITY */
		1140	if (options.sftp_log_facility < 0)
		1141	child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
		1142	"-1");
		1143	else
		1144	child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
		1145	sysfac_to_int[options.sftp_log_facility]);
		1146
		1147	/* SFTP_LOG_LEVEL */
		1148	if (options.sftp_log_level < 0)
		1149	child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
		1150	"-1");
		1151	else
		1152	child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
		1153	syslevel_to_int[options.sftp_log_level]);
		1154
		1155	/* SFTP_UMASK */
		1156
		1157	if (options.sftp_umask[0] == '\0')
		1158	child_set_env(&env, &envsize, "SFTP_UMASK",
		1159	"" );
		1160	else {
		1161	if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) {
		1162
		1163	logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \
		1164	will be turned off.");
		1165
		1166	child_set_env(&env, &envsize, "SFTP_UMASK",
		1167	"" );
		1168	} else {
		1169	strncpy(sftpumask, options.sftp_umask,
		1170	SFTP_UMASK_LENGTH);
		1171	child_set_env(&env, &envsize, "SFTP_UMASK",
		1172	sftpumask );
		1173	}
		1174	}
		1175
		1176	/* SFTP_PERMIT_CHMOD */
		1177	if (options.sftp_permit_chmod == -1 )
		1178	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1");
		1179	else if (options.sftp_permit_chmod == 0)
		1180	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0");
		1181	else
		1182	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1");
		1183
		1184	/* SFTP_PERMIT_CHOWN */
		1185	if (options.sftp_permit_chown == -1 )
		1186	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1");
		1187	else if (options.sftp_permit_chown == 0)
		1188	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0");
		1189	else
		1190	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1");
		1191
1121	/* read $HOME/.ssh/environment. */	1192	/* read $HOME/.ssh/environment. */
1122	if (options.permit_user_env && !options.use_login) {	1193	if (options.permit_user_env && !options.use_login) {
1123	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",	1194	snprintf(buf, sizeof buf, "%.200s/.ssh/environment",




option.
See
.Xr sshd_config 5
for more information. Sftp-server transactions may be logged
using the
.Cm LogSftp ,
.Cm SftpLogFacility ,
and
.Cm SftpLogLevel
options. The administrator may exert control over the file and directory
permission and ownership, with
.Cm SftpUmask ,
.Cm SftpPermitChmod ,
and
.Cm SftpPermitChown
. See
.Xr sshd_config 5
for more information.
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr ssh 1 ,
.Xr sshd_config 5 ,
.Xr sshd 8,
.Xr sshd_config 5
.Rs
.%A T. Ylonen
.%A S. Lehtinen

Lines 31-36 Link Here

(-)openssh-3.9p1/sftp-server.c (-14 / +155 lines)
31	#define get_string(lenp) buffer_get_string(&iqueue, lenp);	31	#define get_string(lenp) buffer_get_string(&iqueue, lenp);
32	#define TRACE debug	32	#define TRACE debug
33		33
		34	/* SFTP_UMASK */
		35	static mode_t setumask = 0;
		36
		37	static int permit_chmod = 1;
		38	static int permit_chown = 1;
		39	static int permit_logging = 0;
		40
34	extern char *__progname;	41	extern char *__progname;
35		42
36	/* input and output queue */	43	/* input and output queue */
Lines 381-386 Link Here
381	a = get_attrib();	388	a = get_attrib();
382	flags = flags_from_portable(pflags);	389	flags = flags_from_portable(pflags);
383	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;	390	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
		391
		392	if (setumask != 0) {
		393	if ( permit_logging == 1 )
		394	logit("setting file creation mode to 0666 and umask to %o", setumask);
		395	mode = 0666;
		396	umask(setumask);
		397	}
		398
384	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);	399	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
385	fd = open(name, flags, mode);	400	fd = open(name, flags, mode);
386	if (fd < 0) {	401	if (fd < 0) {
Lines 394-399 Link Here
394	status = SSH2_FX_OK;	409	status = SSH2_FX_OK;
395	}	410	}
396	}	411	}
		412	if ( permit_logging == 1 )
		413	logit("open %s", name);
397	if (status != SSH2_FX_OK)	414	if (status != SSH2_FX_OK)
398	send_status(id, status);	415	send_status(id, status);
399	xfree(name);	416	xfree(name);
Lines 430-435 Link Here
430	(u_int64_t)off, len);	447	(u_int64_t)off, len);
431	if (len > sizeof buf) {	448	if (len > sizeof buf) {
432	len = sizeof buf;	449	len = sizeof buf;
		450	if ( permit_logging == 1 )
433	logit("read change len %d", len);	451	logit("read change len %d", len);
434	}	452	}
435	fd = handle_to_fd(handle);	453	fd = handle_to_fd(handle);
Lines 449-454 Link Here
449	}	467	}
450	}	468	}
451	}	469	}
		470	if ( permit_logging == 1 )
		471	logit("reading file");
452	if (status != SSH2_FX_OK)	472	if (status != SSH2_FX_OK)
453	send_status(id, status);	473	send_status(id, status);
454	}	474	}
Lines 483-492 Link Here
483	} else if (ret == len) {	503	} else if (ret == len) {
484	status = SSH2_FX_OK;	504	status = SSH2_FX_OK;
485	} else {	505	} else {
		506	if ( permit_logging == 1 )
486	logit("nothing at all written");	507	logit("nothing at all written");
487	}	508	}
488	}	509	}
489	}	510	}
		511	if ( permit_logging == 1 )
		512	logit("writing file");
490	send_status(id, status);	513	send_status(id, status);
491	xfree(data);	514	xfree(data);
492	}	515	}
Lines 579-602 Link Here
579	a = get_attrib();	602	a = get_attrib();
580	TRACE("setstat id %u name %s", id, name);	603	TRACE("setstat id %u name %s", id, name);
581	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {	604	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
		605	if ( permit_logging == 1 )
		606	logit("process_setstat: truncate");
582	ret = truncate(name, a->size);	607	ret = truncate(name, a->size);
583	if (ret == -1)	608	if (ret == -1)
584	status = errno_to_portable(errno);	609	status = errno_to_portable(errno);
585	}	610	}
586	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {	611	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
587	ret = chmod(name, a->perm & 0777);	612	if (permit_chmod == 1) {
588	if (ret == -1)	613	ret = chmod(name, a->perm & 0777);
589	status = errno_to_portable(errno);	614	if (ret == -1)
		615	status = errno_to_portable(errno);
		616	else
		617	if ( permit_logging == 1 )
		618	logit("chmod'ed %s", name);
		619	} else {
		620	status = SSH2_FX_PERMISSION_DENIED;
		621	if ( permit_logging == 1 )
		622	logit("chmod %s: operation prohibited by sftp-server configuration.", name);
		623	}
590	}	624	}
591	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {	625	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
		626	if ( permit_logging == 1 )
		627	logit("process_setstat: utimes");
592	ret = utimes(name, attrib_to_tv(a));	628	ret = utimes(name, attrib_to_tv(a));
593	if (ret == -1)	629	if (ret == -1)
594	status = errno_to_portable(errno);	630	status = errno_to_portable(errno);
595	}	631	}
596	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {	632	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
597	ret = chown(name, a->uid, a->gid);	633	if (permit_chown == 1) {
598	if (ret == -1)	634	ret = chown(name, a->uid, a->gid);
599	status = errno_to_portable(errno);	635	if (ret == -1)
		636	status = errno_to_portable(errno);
		637	else
		638	if ( permit_logging == 1 )
		639	logit("chown'ed %s.", name);
		640	} else {
		641	status = SSH2_FX_PERMISSION_DENIED;
		642	if ( permit_logging == 1 )
		643	logit("chown %s: operation prohibited by sftp-server configuration.", name);
		644	}
600	}	645	}
601	send_status(id, status);	646	send_status(id, status);
602	xfree(name);	647	xfree(name);
Lines 611-616 Link Here
611	int status = SSH2_FX_OK;	656	int status = SSH2_FX_OK;
612	char *name;	657	char *name;
613		658
		659	if ( permit_logging == 1 )
		660	logit("process_fsetstat");
		661
614	id = get_int();	662	id = get_int();
615	handle = get_handle();	663	handle = get_handle();
616	a = get_attrib();	664	a = get_attrib();
Lines 621-640 Link Here
621	status = SSH2_FX_FAILURE;	669	status = SSH2_FX_FAILURE;
622	} else {	670	} else {
623	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {	671	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
		672	if ( permit_logging == 1 )
		673	logit("process_fsetstat: ftruncate");
624	ret = ftruncate(fd, a->size);	674	ret = ftruncate(fd, a->size);
625	if (ret == -1)	675	if (ret == -1)
626	status = errno_to_portable(errno);	676	status = errno_to_portable(errno);
627	}	677	}
628	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {	678	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
		679	if (permit_chmod == 1) {
629	#ifdef HAVE_FCHMOD	680	#ifdef HAVE_FCHMOD
630	ret = fchmod(fd, a->perm & 0777);	681	ret = fchmod(fd, a->perm & 0777);
631	#else	682	#else
632	ret = chmod(name, a->perm & 0777);	683	ret = chmod(name, a->perm & 0777);
633	#endif	684	#endif
634	if (ret == -1)	685	if (ret == -1)
635	status = errno_to_portable(errno);	686	status = errno_to_portable(errno);
		687	else
		688	if ( permit_logging == 1 )
		689	logit("chmod: succeeded.");
		690	} else {
		691	status = SSH2_FX_PERMISSION_DENIED;
		692	if ( permit_logging == 1 )
		693	logit("chmod: operation prohibited by sftp-server configuration.");
		694	}
636	}	695	}
637	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {	696	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
		697	if ( permit_logging == 1 )
		698	logit("process_fsetstat: utimes");
638	#ifdef HAVE_FUTIMES	699	#ifdef HAVE_FUTIMES
639	ret = futimes(fd, attrib_to_tv(a));	700	ret = futimes(fd, attrib_to_tv(a));
640	#else	701	#else
Lines 644-656 Link Here
644	status = errno_to_portable(errno);	705	status = errno_to_portable(errno);
645	}	706	}
646	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {	707	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
		708	if (permit_chown == 1) {
647	#ifdef HAVE_FCHOWN	709	#ifdef HAVE_FCHOWN
648	ret = fchown(fd, a->uid, a->gid);	710	ret = fchown(fd, a->uid, a->gid);
649	#else	711	#else
650	ret = chown(name, a->uid, a->gid);	712	ret = chown(name, a->uid, a->gid);
651	#endif	713	#endif
652	if (ret == -1)	714	if (ret == -1)
653	status = errno_to_portable(errno);	715	status = errno_to_portable(errno);
		716	else
		717	if ( permit_logging == 1 )
		718	logit("chown: succeeded");
		719	} else {
		720	status = SSH2_FX_PERMISSION_DENIED;
		721	if ( permit_logging == 1 )
		722	logit("chown: operation prohibited by sftp-server configuration.");
		723	}
654	}	724	}
655	}	725	}
656	send_status(id, status);	726	send_status(id, status);
Lines 680-685 Link Here
680	}	750	}
681		751
682	}	752	}
		753	if ( permit_logging == 1 )
		754	logit("opendir %s", path);
683	if (status != SSH2_FX_OK)	755	if (status != SSH2_FX_OK)
684	send_status(id, status);	756	send_status(id, status);
685	xfree(path);	757	xfree(path);
Lines 753-758 Link Here
753	TRACE("remove id %u name %s", id, name);	825	TRACE("remove id %u name %s", id, name);
754	ret = unlink(name);	826	ret = unlink(name);
755	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	827	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		828	if ( permit_logging == 1 )
		829	logit("remove file %s", name);
756	send_status(id, status);	830	send_status(id, status);
757	xfree(name);	831	xfree(name);
758	}	832	}
Lines 770-778 Link Here
770	a = get_attrib();	844	a = get_attrib();
771	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?	845	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
772	a->perm & 0777 : 0777;	846	a->perm & 0777 : 0777;
		847
		848	if (setumask != 0) {
		849	if ( permit_logging == 1 )
		850	logit("setting directory creation mode to 0777 and umask to %o.", setumask);
		851	mode = 0777;
		852	umask(setumask);
		853	}
		854
773	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);	855	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
774	ret = mkdir(name, mode);	856	ret = mkdir(name, mode);
775	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	857	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		858	if ( permit_logging == 1 )
		859	logit("mkdir %s", name);
776	send_status(id, status);	860	send_status(id, status);
777	xfree(name);	861	xfree(name);
778	}	862	}
Lines 789-794 Link Here
789	TRACE("rmdir id %u name %s", id, name);	873	TRACE("rmdir id %u name %s", id, name);
790	ret = rmdir(name);	874	ret = rmdir(name);
791	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	875	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		876	if ( permit_logging == 1 )
		877	logit("rmdir %s", name);
792	send_status(id, status);	878	send_status(id, status);
793	xfree(name);	879	xfree(name);
794	}	880	}
Lines 815-820 Link Here
815	s.name = s.long_name = resolvedname;	901	s.name = s.long_name = resolvedname;
816	send_names(id, 1, &s);	902	send_names(id, 1, &s);
817	}	903	}
		904	if ( permit_logging == 1 )
		905	logit("realpath %s", path);
818	xfree(path);	906	xfree(path);
819	}	907	}
820		908
Lines 870-875 Link Here
870	status = SSH2_FX_OK;	958	status = SSH2_FX_OK;
871	}	959	}
872	send_status(id, status);	960	send_status(id, status);
		961	if ( permit_logging == 1 )
		962	logit("rename old %s new %s", oldpath, newpath);
873	xfree(oldpath);	963	xfree(oldpath);
874	xfree(newpath);	964	xfree(newpath);
875	}	965	}
Lines 895-900 Link Here
895	s.name = s.long_name = buf;	985	s.name = s.long_name = buf;
896	send_names(id, 1, &s);	986	send_names(id, 1, &s);
897	}	987	}
		988	if ( permit_logging == 1 )
		989	logit("readlink %s", path);
898	xfree(path);	990	xfree(path);
899	}	991	}
900		992
Lines 913-918 Link Here
913	ret = symlink(oldpath, newpath);	1005	ret = symlink(oldpath, newpath);
914	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	1006	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
915	send_status(id, status);	1007	send_status(id, status);
		1008	if ( permit_logging == 1 )
		1009	logit("symlink old %s new %s", oldpath, newpath);
916	xfree(oldpath);	1010	xfree(oldpath);
917	xfree(newpath);	1011	xfree(newpath);
918	}	1012	}
Lines 1034-1039 Link Here
1034	{	1128	{
1035	fd_set rset, wset;	1129	fd_set rset, wset;
1036	int in, out, max;	1130	int in, out, max;
		1131	unsigned int val = 0;
		1132	char *umask_env;
1037	ssize_t len, olen, set_size;	1133	ssize_t len, olen, set_size;
1038		1134
1039	/* XXX should use getopt */	1135	/* XXX should use getopt */
Lines 1041-1050 Link Here
1041	__progname = ssh_get_progname(av[0]);	1137	__progname = ssh_get_progname(av[0]);
1042	handle_init();	1138	handle_init();
1043		1139
		1140	/* Transaction logging */
		1141
		1142	if (getenv("LOG_SFTP") && atoi(getenv("LOG_SFTP")) == 1)
		1143	{
		1144	permit_logging = 1;
		1145	log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")),
		1146	atoi(getenv("SFTP_LOG_FACILITY")), 0);
		1147	};
		1148
		1149
1044	#ifdef DEBUG_SFTP_SERVER	1150	#ifdef DEBUG_SFTP_SERVER
1045	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);	1151	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
1046	#endif	1152	#endif
1047		1153
		1154	if ( permit_logging == 1 )
		1155	logit("Starting sftp-server logging for user %s.", ((getenv("USER")!=NULL) ? getenv("USER") : "$USER==NULL"));
		1156
		1157	/* Umask control */
		1158
		1159	umask_env = getenv("SFTP_UMASK");
		1160	while (umask_env && umask_env && umask_env >= '0' && *umask_env <= '9')
		1161	val = val * 8 + *umask_env++ - '0';
		1162
		1163	if (!umask_env \|\| *umask_env \|\| val > 0777 \|\| val == 0) {
		1164	if ( permit_logging == 1 )
		1165	logit("bad value %o for SFTP_UMASK, turning umask control off.", val);
		1166	setumask = 0;
		1167	} else {
		1168	if ( permit_logging == 1 )
		1169	logit("umask control is on.");
		1170	setumask = val;
		1171	};
		1172
		1173
		1174	/* Sensitive client commands */
		1175
		1176	if (!getenv("SFTP_PERMIT_CHMOD") \|\| atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) {
		1177	permit_chmod = 0;
		1178	if ( permit_logging == 1 )
		1179	logit("client is not permitted to chmod.");
		1180	};
		1181	if (!getenv("SFTP_PERMIT_CHOWN") \|\| atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) {
		1182	permit_chown = 0;
		1183	if ( permit_logging == 1 )
		1184	logit("client is not permitted to chown.");
		1185	};
		1186
1048	in = dup(STDIN_FILENO);	1187	in = dup(STDIN_FILENO);
1049	out = dup(STDOUT_FILENO);	1188	out = dup(STDOUT_FILENO);
1050		1189
Lines 1087-1092 Link Here
1087	len = read(in, buf, sizeof buf);	1226	len = read(in, buf, sizeof buf);
1088	if (len == 0) {	1227	if (len == 0) {
1089	debug("read eof");	1228	debug("read eof");
		1229	if ( permit_logging == 1 )
		1230	logit("sftp-server finished.");
1090	exit(0);	1231	exit(0);
1091	} else if (len < 0) {	1232	} else if (len < 0) {
1092	error("read error");	1233	error("read error");





# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# sftp-server logging
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO

# sftp-server umask control
#SftpUmask

#SftpPermitChmod yes
#SftpPermitChown yes

Lines 407-412 Link Here

(-)openssh-3.9p1/sshd_config.5 (+35 lines)
407	DEBUG and DEBUG1 are equivalent.	407	DEBUG and DEBUG1 are equivalent.
408	DEBUG2 and DEBUG3 each specify higher levels of debugging output.	408	DEBUG2 and DEBUG3 each specify higher levels of debugging output.
409	Logging with a DEBUG level violates the privacy of users and is not recommended.	409	Logging with a DEBUG level violates the privacy of users and is not recommended.
		410	.It Cm LogSftp
		411	Specifies whether to perform logging of
		412	.Nm sftp-server
		413	subsystem transactions. Must be "yes" or "no." The default value is "no."
410	.It Cm MACs	414	.It Cm MACs
411	Specifies the available MAC (message authentication code) algorithms.	415	Specifies the available MAC (message authentication code) algorithms.
412	The MAC algorithm is used in protocol version 2	416	The MAC algorithm is used in protocol version 2
Lines 567-572 Link Here
567	.It Cm ServerKeyBits	571	.It Cm ServerKeyBits
568	Defines the number of bits in the ephemeral protocol version 1 server key.	572	Defines the number of bits in the ephemeral protocol version 1 server key.
569	The minimum value is 512, and the default is 768.	573	The minimum value is 512, and the default is 768.
		574	.It Cm SftpLogFacility
		575	Gives the facility code that is used when logging
		576	.Nm sftp-server .
		577	transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0,
		578	LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
		579	The default is AUTH.
		580	.It Cm SftpLogLevel
		581	Gives the verbosity level that is used when logging messages from
		582	.Nm sftp-server .
		583	The possible values are:
		584	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
		585	The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
		586	and DEBUG3 each specify higher levels of debugging output.
		587	Logging with a DEBUG level violates the privacy of users
		588	and is not recommended.
		589	.It Cm SftpPermitChmod
		590	Specifies whether the sftp-server allows the sftp client to execute chmod
		591	commands on the server. The default is yes.
		592	.It Cm SftpPermitChown
		593	Specifies whether the sftp-server allows the sftp client to execute chown
		594	or chgrp commands on the server. Turning this value on means that the client
		595	is allowed to execute both chown and chgrp commands. Turning it off means that
		596	the client is prohibited from executing either chown or chgrp.
		597	The default is yes.
		598	.It Cm SftpUmask
		599	Specifies an optional umask for
		600	.Nm sftp-server
		601	subsystem transactions. If a umask is given, this umask will override all system,
		602	environment or sftp client permission modes. If
		603	no umask or an invalid umask is given, file creation mode defaults to the permission
		604	mode specified by the sftp client. The default is for no umask.
570	.It Cm StrictModes	605	.It Cm StrictModes
571	Specifies whether	606	Specifies whether
572	.Nm sshd	607	.Nm sshd

Return to bug 82372

Lines 42-53 Link Here

(-)openssh-3.9p1/sftp-server.8 (-1 / +16 lines)
42	option.	42	option.
43	See	43	See
44	.Xr sshd_config 5	44	.Xr sshd_config 5
		45	for more information. Sftp-server transactions may be logged
		46	using the
		47	.Cm LogSftp ,
		48	.Cm SftpLogFacility ,
		49	and
		50	.Cm SftpLogLevel
		51	options. The administrator may exert control over the file and directory
		52	permission and ownership, with
		53	.Cm SftpUmask ,
		54	.Cm SftpPermitChmod ,
		55	and
		56	.Cm SftpPermitChown
		57	. See
		58	.Xr sshd_config 5
45	for more information.	59	for more information.
46	.Sh SEE ALSO	60	.Sh SEE ALSO
47	.Xr sftp 1 ,	61	.Xr sftp 1 ,
48	.Xr ssh 1 ,	62	.Xr ssh 1 ,
49	.Xr sshd_config 5 ,	63	.Xr sshd_config 5 ,
50	.Xr sshd 8	64	.Xr sshd 8,
		65	.Xr sshd_config 5
51	.Rs	66	.Rs
52	.%A T. Ylonen	67	.%A T. Ylonen
53	.%A S. Lehtinen	68	.%A S. Lehtinen

Lines 101-103 Link Here

(-)openssh-3.9p1/sshd_config (+11 lines)
101		101
102	# override default of no subsystems	102	# override default of no subsystems
103	Subsystem sftp /usr/libexec/sftp-server	103	Subsystem sftp /usr/libexec/sftp-server
		104
		105	# sftp-server logging
		106	#LogSftp no
		107	#SftpLogFacility AUTH
		108	#SftpLogLevel INFO
		109
		110	# sftp-server umask control
		111	#SftpUmask
		112
		113	#SftpPermitChmod yes
		114	#SftpPermitChown yes