Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 53483 Details for
Bug 82372
openssh: sftp-server segfaults when "sftplogging" USE flag is enabled
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openssh-4.0_p1-sftplogging-1.2-gentoo.patch
openssh-4.0_p1-sftplogging-1.2-gentoo.patch (text/plain), 21.83 KB, created by
SpanKY
on 2005-03-14 18:36:04 UTC
(
hide
)
Description:
openssh-4.0_p1-sftplogging-1.2-gentoo.patch
Filename:
MIME Type:
Creator:
SpanKY
Created:
2005-03-14 18:36:04 UTC
Size:
21.83 KB
patch
obsolete
>Taken from http://sftplogging.sf.net/ and cleaned up with misc fixes. > >diff -ur openssh-4.0p1/servconf.c openssh-4.0p1_sftp/servconf.c >--- openssh-4.0p1/servconf.c 2005-03-14 16:01:23.000000000 -0500 >+++ openssh-4.0p1_sftp/servconf.c 2005-03-14 16:01:45.000000000 -0500 >@@ -139,6 +139,15 @@ > options->va.responder_url = NULL; > #endif /*def SSH_OCSP_ENABLED*/ > >+ options->log_sftp = LOG_SFTP_NOT_SET; >+ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET; >+ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET; >+ >+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); >+ >+ options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET; >+ options->sftp_permit_chown = SFTP_PERMIT_NOT_SET; >+ > /* Needs to be accessable in many places */ > use_privsep = -1; > } >@@ -288,6 +297,24 @@ > ssh_set_validator(&options->va); > #endif /*def SSH_OCSP_ENABLED*/ > >+ /* Turn sftp-server logging off by default */ >+ if (options->log_sftp == LOG_SFTP_NOT_SET) >+ options->log_sftp = LOG_SFTP_NO; >+ if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET) >+ options->sftp_log_facility = SYSLOG_FACILITY_AUTH; >+ if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET) >+ options->sftp_log_level = SYSLOG_LEVEL_INFO; >+ >+ /* Don't set sftp-server umask */ >+ if (!options->sftp_umask) >+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); >+ >+ /* allow sftp client to issue chmod, chown / chgrp commands */ >+ if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET) >+ options->sftp_permit_chmod = SFTP_PERMIT_YES; >+ if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET) >+ options->sftp_permit_chown = SFTP_PERMIT_YES; >+ > /* Turn privilege separation on by default */ > if (use_privsep == -1) > use_privsep = 1; >@@ -308,6 +335,9 @@ > /* Portable-specific options */ > sUsePAM, > /* Standard Options */ >+ sLogSftp, sSftpLogFacility, sSftpLogLevel, >+ sSftpUmask, >+ sSftpPermitChown, sSftpPermitChmod, > sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, > sPermitRootLogin, sLogFacility, sLogLevel, > sRhostsRSAAuthentication, sRSAAuthentication, >@@ -406,6 +436,12 @@ > { "printmotd", sPrintMotd }, > { "printlastlog", sPrintLastLog }, > { "ignorerhosts", sIgnoreRhosts }, >+ { "logsftp", sLogSftp}, >+ { "sftplogfacility", sSftpLogFacility}, >+ { "sftploglevel", sSftpLogLevel}, >+ { "sftpumask", sSftpUmask}, >+ { "sftppermitchmod", sSftpPermitChmod}, >+ { "sftppermitchown", sSftpPermitChown}, > { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, > { "x11forwarding", sX11Forwarding }, > { "x11displayoffset", sX11DisplayOffset }, >@@ -522,6 +558,8 @@ > int *intptr, value, i, n; > ServerOpCodes opcode; > u_short port; >+ unsigned int umaskvalue = 0; >+ char *umaskptr; > > cp = line; > arg = strdelim(&cp); >@@ -983,6 +1021,58 @@ > case sBanner: > charptr = &options->banner; > goto parse_filename; >+ >+ case sLogSftp: >+ intptr = &options->log_sftp; >+ goto parse_flag; >+ >+ case sSftpLogFacility: >+ intptr = (int *) &options->sftp_log_facility; >+ arg = strdelim(&cp); >+ value = log_facility_number(arg); >+ if (value == SYSLOG_FACILITY_NOT_SET) >+ fatal("%.200s line %d: unsupported log facility '%s'", >+ filename, linenum, arg ? arg : "<NONE>"); >+ if (*intptr == -1) >+ *intptr = (SyslogFacility) value; >+ break; >+ >+ case sSftpLogLevel: >+ intptr = (int *) &options->sftp_log_level; >+ arg = strdelim(&cp); >+ value = log_level_number(arg); >+ if (value == SYSLOG_LEVEL_NOT_SET) >+ fatal("%.200s line %d: unsupported log level '%s'", >+ filename, linenum, arg ? arg : "<NONE>"); >+ if (*intptr == -1) >+ *intptr = (LogLevel) value; >+ break; >+ >+ case sSftpUmask: >+ arg = strdelim(&cp); >+ umaskptr = arg; >+ while (arg && *arg && *arg >= '0' && *arg <= '9') >+ umaskvalue = umaskvalue * 8 + *arg++ - '0'; >+ if (!arg || *arg || umaskvalue > 0777) >+ fatal("%s line %d: bad value for sSftpUmask", >+ filename, linenum); >+ else { >+ while (*umaskptr && *umaskptr == '0') >+ *umaskptr++; >+ strncpy(options->sftp_umask, umaskptr, >+ SFTP_UMASK_LENGTH); >+ } >+ >+ break; >+ >+ case sSftpPermitChmod: >+ intptr = &options->sftp_permit_chmod; >+ goto parse_flag; >+ >+ case sSftpPermitChown: >+ intptr = &options->sftp_permit_chown; >+ goto parse_flag; >+ > /* > * These options can contain %X options expanded at > * connect time, so that you can specify paths like: >diff -ur openssh-4.0p1/servconf.h openssh-4.0p1_sftp/servconf.h >--- openssh-4.0p1/servconf.h 2005-03-14 16:01:23.000000000 -0500 >+++ openssh-4.0p1_sftp/servconf.h 2005-03-14 16:01:45.000000000 -0500 >@@ -44,6 +44,19 @@ > > #define MAX_PORTS 256 /* Max # ports. */ > >+/* sftp-server logging */ >+#define LOG_SFTP_NOT_SET -1 >+#define LOG_SFTP_NO 0 >+#define LOG_SFTP_YES 1 >+ >+/* sftp-server umask control */ >+#define SFTP_UMASK_LENGTH 5 >+ >+/* sftp-server client priviledge */ >+#define SFTP_PERMIT_NOT_SET -1 >+#define SFTP_PERMIT_NO 0 >+#define SFTP_PERMIT_YES 1 >+ > #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ > #define MAX_DENY_USERS 256 /* Max # users on deny list. */ > #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ >@@ -123,6 +136,12 @@ > int use_login; /* If true, login(1) is used */ > int compression; /* If true, compression is allowed */ > int allow_tcp_forwarding; >+ int log_sftp; /* perform sftp-server logging */ >+ SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */ >+ LogLevel sftp_log_level; /* Level for sftp subsystem logging. */ >+ char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */ >+ int sftp_permit_chmod; >+ int sftp_permit_chown; > u_int num_allow_users; > char *allow_users[MAX_ALLOW_USERS]; > u_int num_deny_users; >diff -ur openssh-4.0p1/session.c openssh-4.0p1_sftp/session.c >--- openssh-4.0p1/session.c 2005-03-14 16:01:23.000000000 -0500 >+++ openssh-4.0p1_sftp/session.c 2005-03-14 16:01:45.000000000 -0500 >@@ -112,6 +112,15 @@ > > static int is_child = 0; > >+/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the >+ environment to the sftp-server subsystem. */ >+static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6", >+ "7", "8", "9", "10", "11", "-1" }; >+static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6", >+ "7", "-1" }; >+ >+static char *sftpumask; >+ > /* Name and directory of socket for authentication agent forwarding. */ > static char *auth_sock_name = NULL; > static char *auth_sock_dir = NULL; >@@ -1142,6 +1152,67 @@ > child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, > auth_sock_name); > >+ /* LOG_SFTP */ >+ if (options.log_sftp == -1 ) >+ child_set_env(&env, &envsize, "LOG_SFTP", "-1"); >+ else if (options.log_sftp == 0) >+ child_set_env(&env, &envsize, "LOG_SFTP", "0"); >+ else >+ child_set_env(&env, &envsize, "LOG_SFTP", "1"); >+ >+ /* SFTP_LOG_FACILITY */ >+ if (options.sftp_log_facility < 0) >+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", >+ "-1"); >+ else >+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", >+ sysfac_to_int[options.sftp_log_facility]); >+ >+ /* SFTP_LOG_LEVEL */ >+ if (options.sftp_log_level < 0) >+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", >+ "-1"); >+ else >+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", >+ syslevel_to_int[options.sftp_log_level]); >+ >+ /* SFTP_UMASK */ >+ >+ if (options.sftp_umask[0] == '\0') >+ child_set_env(&env, &envsize, "SFTP_UMASK", >+ "" ); >+ else { >+ if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) { >+ >+logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \ >+will be turned off."); >+ >+ child_set_env(&env, &envsize, "SFTP_UMASK", >+ "" ); >+ } else { >+ strncpy(sftpumask, options.sftp_umask, >+ SFTP_UMASK_LENGTH); >+ child_set_env(&env, &envsize, "SFTP_UMASK", >+ sftpumask ); >+ } >+ } >+ >+ /* SFTP_PERMIT_CHMOD */ >+ if (options.sftp_permit_chmod == -1 ) >+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1"); >+ else if (options.sftp_permit_chmod == 0) >+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0"); >+ else >+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1"); >+ >+ /* SFTP_PERMIT_CHOWN */ >+ if (options.sftp_permit_chown == -1 ) >+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1"); >+ else if (options.sftp_permit_chown == 0) >+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0"); >+ else >+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1"); >+ > /* read $HOME/.ssh/environment. */ > if (options.permit_user_env && !options.use_login) { > snprintf(buf, sizeof buf, "%.200s/.ssh/environment", >diff -ur openssh-4.0p1/sftp-server.8 openssh-4.0p1_sftp/sftp-server.8 >--- openssh-4.0p1/sftp-server.8 2005-03-14 16:01:23.000000000 -0500 >+++ openssh-4.0p1_sftp/sftp-server.8 2005-03-14 16:01:45.000000000 -0500 >@@ -42,12 +42,27 @@ > option. > See > .Xr sshd_config 5 >+for more information. Sftp-server transactions may be logged >+using the >+.Cm LogSftp , >+.Cm SftpLogFacility , >+and >+.Cm SftpLogLevel >+options. The administrator may exert control over the file and directory >+permission and ownership, with >+.Cm SftpUmask , >+.Cm SftpPermitChmod , >+and >+.Cm SftpPermitChown >+. See >+.Xr sshd_config 5 > for more information. > .Sh SEE ALSO > .Xr sftp 1 , > .Xr ssh 1 , > .Xr sshd_config 5 , >-.Xr sshd 8 >+.Xr sshd 8, >+.Xr sshd_config 5 > .Rs > .%A T. Ylonen > .%A S. Lehtinen >diff -ur openssh-4.0p1/sftp-server.c openssh-4.0p1_sftp/sftp-server.c >--- openssh-4.0p1/sftp-server.c 2005-03-14 16:01:23.000000000 -0500 >+++ openssh-4.0p1_sftp/sftp-server.c 2005-03-14 16:01:45.000000000 -0500 >@@ -31,6 +31,13 @@ > #define get_string(lenp) buffer_get_string(&iqueue, lenp); > #define TRACE debug > >+/* SFTP_UMASK */ >+static mode_t setumask = 0; >+ >+static int permit_chmod = 1; >+static int permit_chown = 1; >+static int permit_logging = 0; >+ > extern char *__progname; > > /* input and output queue */ >@@ -381,6 +388,14 @@ > a = get_attrib(); > flags = flags_from_portable(pflags); > mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; >+ >+ if (setumask != 0) { >+ if ( permit_logging == 1 ) >+ logit("setting file creation mode to 0666 and umask to %o", setumask); >+ mode = 0666; >+ umask(setumask); >+ } >+ > TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); > fd = open(name, flags, mode); > if (fd < 0) { >@@ -394,6 +409,8 @@ > status = SSH2_FX_OK; > } > } >+ if ( permit_logging == 1 ) >+ logit("open %s", name); > if (status != SSH2_FX_OK) > send_status(id, status); > xfree(name); >@@ -430,6 +447,7 @@ > (u_int64_t)off, len); > if (len > sizeof buf) { > len = sizeof buf; >+ if ( permit_logging == 1 ) > logit("read change len %d", len); > } > fd = handle_to_fd(handle); >@@ -449,6 +467,8 @@ > } > } > } >+ if ( permit_logging == 1 ) >+ logit("reading file"); > if (status != SSH2_FX_OK) > send_status(id, status); > } >@@ -483,10 +503,13 @@ > } else if (ret == len) { > status = SSH2_FX_OK; > } else { >+ if ( permit_logging == 1 ) > logit("nothing at all written"); > } > } > } >+ if ( permit_logging == 1 ) >+ logit("writing file"); > send_status(id, status); > xfree(data); > } >@@ -579,24 +602,46 @@ > a = get_attrib(); > TRACE("setstat id %u name %s", id, name); > if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { >+if ( permit_logging == 1 ) >+logit("process_setstat: truncate"); > ret = truncate(name, a->size); > if (ret == -1) > status = errno_to_portable(errno); > } > if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { >- ret = chmod(name, a->perm & 0777); >- if (ret == -1) >- status = errno_to_portable(errno); >+ if (permit_chmod == 1) { >+ ret = chmod(name, a->perm & 0777); >+ if (ret == -1) >+ status = errno_to_portable(errno); >+ else >+ if ( permit_logging == 1 ) >+ logit("chmod'ed %s", name); >+ } else { >+ status = SSH2_FX_PERMISSION_DENIED; >+ if ( permit_logging == 1 ) >+ logit("chmod %s: operation prohibited by sftp-server configuration.", name); >+ } > } > if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { >+if ( permit_logging == 1 ) >+logit("process_setstat: utimes"); > ret = utimes(name, attrib_to_tv(a)); > if (ret == -1) > status = errno_to_portable(errno); > } > if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { >- ret = chown(name, a->uid, a->gid); >- if (ret == -1) >- status = errno_to_portable(errno); >+ if (permit_chown == 1) { >+ ret = chown(name, a->uid, a->gid); >+ if (ret == -1) >+ status = errno_to_portable(errno); >+ else >+ if ( permit_logging == 1 ) >+ logit("chown'ed %s.", name); >+ } else { >+ status = SSH2_FX_PERMISSION_DENIED; >+ if ( permit_logging == 1 ) >+ logit("chown %s: operation prohibited by sftp-server configuration.", name); >+ } > } > send_status(id, status); > xfree(name); >@@ -611,6 +656,9 @@ > int status = SSH2_FX_OK; > char *name; > >+if ( permit_logging == 1 ) >+logit("process_fsetstat"); >+ > id = get_int(); > handle = get_handle(); > a = get_attrib(); >@@ -621,20 +669,33 @@ > status = SSH2_FX_FAILURE; > } else { > if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { >+if ( permit_logging == 1 ) >+logit("process_fsetstat: ftruncate"); > ret = ftruncate(fd, a->size); > if (ret == -1) > status = errno_to_portable(errno); > } > if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { >+ if (permit_chmod == 1) { > #ifdef HAVE_FCHMOD >- ret = fchmod(fd, a->perm & 0777); >+ ret = fchmod(fd, a->perm & 0777); > #else >- ret = chmod(name, a->perm & 0777); >+ ret = chmod(name, a->perm & 0777); > #endif >- if (ret == -1) >- status = errno_to_portable(errno); >+ if (ret == -1) >+ status = errno_to_portable(errno); >+ else >+ if ( permit_logging == 1 ) >+ logit("chmod: succeeded."); >+ } else { >+ status = SSH2_FX_PERMISSION_DENIED; >+ if ( permit_logging == 1 ) >+ logit("chmod: operation prohibited by sftp-server configuration."); >+ } > } > if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { >+if ( permit_logging == 1 ) >+logit("process_fsetstat: utimes"); > #ifdef HAVE_FUTIMES > ret = futimes(fd, attrib_to_tv(a)); > #else >@@ -644,13 +705,22 @@ > status = errno_to_portable(errno); > } > if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { >+ if (permit_chown == 1) { > #ifdef HAVE_FCHOWN >- ret = fchown(fd, a->uid, a->gid); >+ ret = fchown(fd, a->uid, a->gid); > #else >- ret = chown(name, a->uid, a->gid); >+ ret = chown(name, a->uid, a->gid); > #endif >- if (ret == -1) >- status = errno_to_portable(errno); >+ if (ret == -1) >+ status = errno_to_portable(errno); >+ else >+ if ( permit_logging == 1 ) >+ logit("chown: succeeded"); >+ } else { >+ status = SSH2_FX_PERMISSION_DENIED; >+ if ( permit_logging == 1 ) >+ logit("chown: operation prohibited by sftp-server configuration."); >+ } > } > } > send_status(id, status); >@@ -680,6 +750,8 @@ > } > > } >+ if ( permit_logging == 1 ) >+ logit("opendir %s", path); > if (status != SSH2_FX_OK) > send_status(id, status); > xfree(path); >@@ -753,6 +825,8 @@ > TRACE("remove id %u name %s", id, name); > ret = unlink(name); > status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; >+ if ( permit_logging == 1 ) >+ logit("remove file %s", name); > send_status(id, status); > xfree(name); > } >@@ -770,9 +844,19 @@ > a = get_attrib(); > mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? > a->perm & 0777 : 0777; >+ >+ if (setumask != 0) { >+ if ( permit_logging == 1 ) >+ logit("setting directory creation mode to 0777 and umask to %o.", setumask); >+ mode = 0777; >+ umask(setumask); >+ } >+ > TRACE("mkdir id %u name %s mode 0%o", id, name, mode); > ret = mkdir(name, mode); > status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; >+ if ( permit_logging == 1 ) >+ logit("mkdir %s", name); > send_status(id, status); > xfree(name); > } >@@ -789,6 +873,8 @@ > TRACE("rmdir id %u name %s", id, name); > ret = rmdir(name); > status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; >+ if ( permit_logging == 1 ) >+ logit("rmdir %s", name); > send_status(id, status); > xfree(name); > } >@@ -815,6 +901,8 @@ > s.name = s.long_name = resolvedname; > send_names(id, 1, &s); > } >+ if ( permit_logging == 1 ) >+ logit("realpath %s", path); > xfree(path); > } > >@@ -870,6 +958,8 @@ > status = SSH2_FX_OK; > } > send_status(id, status); >+ if ( permit_logging == 1 ) >+ logit("rename old %s new %s", oldpath, newpath); > xfree(oldpath); > xfree(newpath); > } >@@ -895,6 +985,8 @@ > s.name = s.long_name = buf; > send_names(id, 1, &s); > } >+ if ( permit_logging == 1 ) >+ logit("readlink %s", path); > xfree(path); > } > >@@ -913,6 +1005,8 @@ > ret = symlink(oldpath, newpath); > status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; > send_status(id, status); >+ if ( permit_logging == 1 ) >+ logit("symlink old %s new %s", oldpath, newpath); > xfree(oldpath); > xfree(newpath); > } >@@ -1034,6 +1128,8 @@ > { > fd_set *rset, *wset; > int in, out, max; >+ unsigned int val = 0; >+ char *umask_env; > ssize_t len, olen, set_size; > > /* XXX should use getopt */ >@@ -1041,10 +1137,53 @@ > __progname = ssh_get_progname(av[0]); > handle_init(); > >+ /* Transaction logging */ >+ >+ if (getenv("LOG_SFTP") && atoi(getenv("LOG_SFTP")) == 1) >+ { >+ permit_logging = 1; >+ log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")), >+ atoi(getenv("SFTP_LOG_FACILITY")), 0); >+ } >+ >+ > #ifdef DEBUG_SFTP_SERVER > log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); > #endif > >+ if ( permit_logging == 1 ) >+ logit("Starting sftp-server logging for user %s.", ((getenv("USER")!=NULL) ? getenv("USER") : "$USER==NULL")); >+ >+ /* Umask control */ >+ >+ umask_env = getenv("SFTP_UMASK"); >+ while (umask_env && *umask_env && *umask_env >= '0' && *umask_env <= '9') >+ val = val * 8 + *umask_env++ - '0'; >+ >+ if (!umask_env || *umask_env || val > 0777 || val == 0) { >+ if ( permit_logging == 1 ) >+ logit("bad value %o for SFTP_UMASK, turning umask control off.", val); >+ setumask = 0; >+ } else { >+ if ( permit_logging == 1 ) >+ logit("umask control is on."); >+ setumask = val; >+ } >+ >+ >+ /* Sensitive client commands */ >+ >+ if (!getenv("SFTP_PERMIT_CHMOD") || atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) { >+ permit_chmod = 0; >+ if ( permit_logging == 1 ) >+ logit("client is not permitted to chmod."); >+ } >+ if (!getenv("SFTP_PERMIT_CHOWN") || atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) { >+ permit_chown = 0; >+ if ( permit_logging == 1 ) >+ logit("client is not permitted to chown."); >+ } >+ > in = dup(STDIN_FILENO); > out = dup(STDOUT_FILENO); > >@@ -1087,6 +1226,8 @@ > len = read(in, buf, sizeof buf); > if (len == 0) { > debug("read eof"); >+ if ( permit_logging == 1 ) >+ logit("sftp-server finished."); > exit(0); > } else if (len < 0) { > error("read error"); >diff -ur openssh-4.0p1/sshd_config openssh-4.0p1_sftp/sshd_config >--- openssh-4.0p1/sshd_config 2005-03-14 16:01:23.000000000 -0500 >+++ openssh-4.0p1_sftp/sshd_config 2005-03-14 16:01:45.000000000 -0500 >@@ -153,3 +153,14 @@ > > # override default of no subsystems > Subsystem sftp /usr/libexec/sftp-server >+ >+# sftp-server logging >+#LogSftp no >+#SftpLogFacility AUTH >+#SftpLogLevel INFO >+ >+# sftp-server umask control >+#SftpUmask >+ >+#SftpPermitChmod yes >+#SftpPermitChown yes >diff -ur openssh-4.0p1/sshd_config.5 openssh-4.0p1_sftp/sshd_config.5 >--- openssh-4.0p1/sshd_config.5 2005-03-14 16:01:23.000000000 -0500 >+++ openssh-4.0p1_sftp/sshd_config.5 2005-03-14 16:01:45.000000000 -0500 >@@ -510,6 +510,10 @@ > DEBUG and DEBUG1 are equivalent. > DEBUG2 and DEBUG3 each specify higher levels of debugging output. > Logging with a DEBUG level violates the privacy of users and is not recommended. >+.It Cm LogSftp >+Specifies whether to perform logging of >+.Nm sftp-server >+subsystem transactions. Must be "yes" or "no." The default value is "no." > .It Cm MACs > Specifies the available MAC (message authentication code) algorithms. > The MAC algorithm is used in protocol version 2 >@@ -683,6 +687,37 @@ > .It Cm ServerKeyBits > Defines the number of bits in the ephemeral protocol version 1 server key. > The minimum value is 512, and the default is 768. >+.It Cm SftpLogFacility >+Gives the facility code that is used when logging >+.Nm sftp-server . >+transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0, >+LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. >+The default is AUTH. >+.It Cm SftpLogLevel >+Gives the verbosity level that is used when logging messages from >+.Nm sftp-server . >+The possible values are: >+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. >+The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 >+and DEBUG3 each specify higher levels of debugging output. >+Logging with a DEBUG level violates the privacy of users >+and is not recommended. >+.It Cm SftpPermitChmod >+Specifies whether the sftp-server allows the sftp client to execute chmod >+commands on the server. The default is yes. >+.It Cm SftpPermitChown >+Specifies whether the sftp-server allows the sftp client to execute chown >+or chgrp commands on the server. Turning this value on means that the client >+is allowed to execute both chown and chgrp commands. Turning it off means that >+the client is prohibited from executing either chown or chgrp. >+ The default is yes. >+.It Cm SftpUmask >+Specifies an optional umask for >+.Nm sftp-server >+subsystem transactions. If a umask is given, this umask will override all system, >+environment or sftp client permission modes. If >+no umask or an invalid umask is given, file creation mode defaults to the permission >+mode specified by the sftp client. The default is for no umask. > .It Cm StrictModes > Specifies whether > .Nm sshd
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=53483">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 82372
:
51576
|
53482
| 53483
