Attachment #1010 for bug #474

Line Link Here

(-)file_not_specified_in_diff (-22 / +400 lines)
0	-- openssh/servconf.c	0	++ openssh/servconf.c
Lines 101-106 Link Here
101	options->authorized_keys_file2 = NULL;	101	options->authorized_keys_file2 = NULL;
102	options->num_accept_env = 0;	102	options->num_accept_env = 0;
103		103
		104	options->log_sftp = LOG_SFTP_NOT_SET;
		105	options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
		106	options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
		107
		108	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
		109
		110	options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
		111	options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
		112
104	/* Needs to be accessable in many places */	113	/* Needs to be accessable in many places */
105	use_privsep = -1;	114	use_privsep = -1;
106	}	115	}
Lines 225-230 Link Here
225	if (options->authorized_keys_file == NULL)	225	if (options->authorized_keys_file == NULL)
226	options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;	226	options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
227		227
		228	/* Turn sftp-server logging off by default */
		229	if (options->log_sftp == LOG_SFTP_NOT_SET)
		230	options->log_sftp = LOG_SFTP_NO;
		231	if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET)
		232	options->sftp_log_facility = SYSLOG_FACILITY_AUTH;
		233	if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET)
		234	options->sftp_log_level = SYSLOG_LEVEL_INFO;
		235
		236	/* Don't set sftp-server umask */
		237	if (!options->sftp_umask)
		238	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
		239
		240	/* allow sftp client to issue chmod, chown / chgrp commands */
		241	if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET)
		242	options->sftp_permit_chmod = SFTP_PERMIT_YES;
		243	if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET)
		244	options->sftp_permit_chown = SFTP_PERMIT_YES;
		245
228	/* Turn privilege separation on by default */	246	/* Turn privilege separation on by default */
229	if (use_privsep == -1)	247	if (use_privsep == -1)
230	use_privsep = 1;	248	use_privsep = 1;
Lines 264-269 Link Here
264	/* Portable-specific options */	264	/* Portable-specific options */
265	sUsePAM,	265	sUsePAM,
266	/* Standard Options */	266	/* Standard Options */
		267	sLogSftp, sSftpLogFacility, sSftpLogLevel,
		268	sSftpUmask,
		269	sSftpPermitChown, sSftpPermitChmod,
267	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,	270	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
268	sPermitRootLogin, sLogFacility, sLogLevel,	271	sPermitRootLogin, sLogFacility, sLogLevel,
269	sRhostsRSAAuthentication, sRSAAuthentication,	272	sRhostsRSAAuthentication, sRSAAuthentication,
Lines 380-385 Link Here
380	{ "printmotd", sPrintMotd },	410	{ "printmotd", sPrintMotd },
381	{ "printlastlog", sPrintLastLog },	411	{ "printlastlog", sPrintLastLog },
382	{ "ignorerhosts", sIgnoreRhosts },	412	{ "ignorerhosts", sIgnoreRhosts },
		413	{ "logsftp", sLogSftp},
		414	{ "sftplogfacility", sSftpLogFacility},
		415	{ "sftploglevel", sSftpLogLevel},
		416	{ "sftpumask", sSftpUmask},
		417	{ "sftppermitchmod", sSftpPermitChmod},
		418	{ "sftppermitchown", sSftpPermitChown},
383	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },	419	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts },
384	{ "x11forwarding", sX11Forwarding },	420	{ "x11forwarding", sX11Forwarding },
385	{ "x11displayoffset", sX11DisplayOffset },	421	{ "x11displayoffset", sX11DisplayOffset },
Lines 445-450 Link Here
445	ServerOpCodes opcode;	481	ServerOpCodes opcode;
446	u_short port;	482	u_short port;
447	u_int i;	483	u_int i;
		484	unsigned int umaskvalue = 0;
		485	char *umaskptr;
448		486
449	cp = line;	487	cp = line;
450	arg = strdelim(&cp);	488	arg = strdelim(&cp);
Lines 888-893 Link Here
888	case sBanner:	926	case sBanner:
889	charptr = &options->banner;	927	charptr = &options->banner;
890	goto parse_filename;	928	goto parse_filename;
		929
		930	case sLogSftp:
		931	intptr = &options->log_sftp;
		932	goto parse_flag;
		933
		934	case sSftpLogFacility:
		935	intptr = (int *) &options->sftp_log_facility;
		936	arg = strdelim(&cp);
		937	value = log_facility_number(arg);
		938	if (value == SYSLOG_FACILITY_NOT_SET)
		939	fatal("%.200s line %d: unsupported log facility '%s'",
		940	filename, linenum, arg ? arg : "<NONE>");
		941	if (*intptr == -1)
		942	*intptr = (SyslogFacility) value;
		943	break;
		944
		945	case sSftpLogLevel:
		946	intptr = (int *) &options->sftp_log_level;
		947	arg = strdelim(&cp);
		948	value = log_level_number(arg);
		949	if (value == SYSLOG_LEVEL_NOT_SET)
		950	fatal("%.200s line %d: unsupported log level '%s'",
		951	filename, linenum, arg ? arg : "<NONE>");
		952	if (*intptr == -1)
		953	*intptr = (LogLevel) value;
		954	break;
		955
		956	case sSftpUmask:
		957	arg = strdelim(&cp);
		958	umaskptr = arg;
		959	while (arg && arg && arg >= '0' && *arg <= '9')
		960	umaskvalue = umaskvalue * 8 + *arg++ - '0';
		961	if (!arg \|\| *arg \|\| umaskvalue > 0777)
		962	fatal("%s line %d: bad value for sSftpUmask",
		963	filename, linenum);
		964	else {
		965	while (umaskptr && umaskptr == '0')
		966	*umaskptr++;
		967	strncpy(options->sftp_umask, umaskptr,
		968	SFTP_UMASK_LENGTH);
		969	}
		970
		971	break;
		972
		973	case sSftpPermitChmod:
		974	intptr = &options->sftp_permit_chmod;
		975	goto parse_flag;
		976
		977	case sSftpPermitChown:
		978	intptr = &options->sftp_permit_chown;
		979	goto parse_flag;
		980
891	/*	981	/*
892	* These options can contain %X options expanded at	982	* These options can contain %X options expanded at
893	* connect time, so that you can specify paths like:	983	* connect time, so that you can specify paths like:
894	-- openssh/servconf.h	984	++ openssh/servconf.h
Lines 20-25 Link Here
20		20
21	#define MAX_PORTS 256 /* Max # ports. */	21	#define MAX_PORTS 256 /* Max # ports. */
22		22
		23	/* sftp-server logging */
		24	#define LOG_SFTP_NOT_SET -1
		25	#define LOG_SFTP_NO 0
		26	#define LOG_SFTP_YES 1
		27
		28	/* sftp-server umask control */
		29	#define SFTP_UMASK_LENGTH 5
		30
		31	/* sftp-server client priviledge */
		32	#define SFTP_PERMIT_NOT_SET -1
		33	#define SFTP_PERMIT_NO 0
		34	#define SFTP_PERMIT_YES 1
		35
23	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */	36	#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
24	#define MAX_DENY_USERS 256 /* Max # users on deny list. */	37	#define MAX_DENY_USERS 256 /* Max # users on deny list. */
25	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */	38	#define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
Lines 98-103 Link Here
98	int use_login; /* If true, login(1) is used */	111	int use_login; /* If true, login(1) is used */
99	int compression; /* If true, compression is allowed */	112	int compression; /* If true, compression is allowed */
100	int allow_tcp_forwarding;	113	int allow_tcp_forwarding;
		114	int log_sftp; /* perform sftp-server logging */
		115	SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */
		116	LogLevel sftp_log_level; /* Level for sftp subsystem logging. */
		117	char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */
		118	int sftp_permit_chmod;
		119	int sftp_permit_chown;
101	u_int num_allow_users;	120	u_int num_allow_users;
102	char *allow_users[MAX_ALLOW_USERS];	121	char *allow_users[MAX_ALLOW_USERS];
103	u_int num_deny_users;	122	u_int num_deny_users;
104	-- openssh/session.c	123	++ openssh/session.c
Lines 111-116 Link Here
111		111
112	static int is_child = 0;	112	static int is_child = 0;
113		113
		114	/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the
		115	environment to the sftp-server subsystem. */
		116	static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
		117	"7", "8", "9", "10", "11", "-1" };
		118	static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
		119	"7", "-1" };
		120
		121	static char *sftpumask;
		122
114	/* Name and directory of socket for authentication agent forwarding. */	123	/* Name and directory of socket for authentication agent forwarding. */
115	static char *auth_sock_name = NULL;	124	static char *auth_sock_name = NULL;
116	static char *auth_sock_dir = NULL;	125	static char *auth_sock_dir = NULL;
Lines 1083-1088 Link Here
1083	if (auth_sock_name != NULL)	1093	if (auth_sock_name != NULL)
1084	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,	1094	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
1085	auth_sock_name);	1095	auth_sock_name);
		1096
		1097	/* LOG_SFTP */
		1098	if (options.log_sftp == -1 )
		1099	child_set_env(&env, &envsize, "LOG_SFTP", "-1");
		1100	else if (options.log_sftp == 0)
		1101	child_set_env(&env, &envsize, "LOG_SFTP", "0");
		1102	else
		1103	child_set_env(&env, &envsize, "LOG_SFTP", "1");
		1104
		1105	/* SFTP_LOG_FACILITY */
		1106	if (options.sftp_log_facility < 0)
		1107	child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
		1108	"-1");
		1109	else
		1110	child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
		1111	sysfac_to_int[options.sftp_log_facility]);
		1112
		1113	/* SFTP_LOG_LEVEL */
		1114	if (options.sftp_log_level < 0)
		1115	child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
		1116	"-1");
		1117	else
		1118	child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
		1119	syslevel_to_int[options.sftp_log_level]);
		1120
		1121	/* SFTP_UMASK */
		1122
		1123	if (options.sftp_umask[0] == '\0')
		1124	child_set_env(&env, &envsize, "SFTP_UMASK",
		1125	"" );
		1126	else {
		1127	if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) {
		1128
		1129	logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \
		1130	will be turned off.");
		1131
		1132	child_set_env(&env, &envsize, "SFTP_UMASK",
		1133	"" );
		1134	} else {
		1135	strncpy(sftpumask, options.sftp_umask,
		1136	SFTP_UMASK_LENGTH);
		1137	child_set_env(&env, &envsize, "SFTP_UMASK",
		1138	sftpumask );
		1139	}
		1140	}
		1141
		1142	/* SFTP_PERMIT_CHMOD */
		1143	if (options.sftp_permit_chmod == -1 )
		1144	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1");
		1145	else if (options.sftp_permit_chmod == 0)
		1146	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0");
		1147	else
		1148	child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1");
		1149
		1150	/* SFTP_PERMIT_CHOWN */
		1151	if (options.sftp_permit_chown == -1 )
		1152	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1");
		1153	else if (options.sftp_permit_chown == 0)
		1154	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0");
		1155	else
		1156	child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1");
1086		1157
1087	/* read $HOME/.ssh/environment. */	1158	/* read $HOME/.ssh/environment. */
1088	if (options.permit_user_env && !options.use_login) {	1159	if (options.permit_user_env && !options.use_login) {
1089	-- openssh/sftp-server.8	1160	++ openssh/sftp-server.8
Lines 42-53 Link Here
42	option.	42	option.
43	See	43	See
44	.Xr sshd_config 5	44	.Xr sshd_config 5
		45	for more information. Sftp-server transactions may be logged
		46	using the
		47	.Cm LogSftp ,
		48	.Cm SftpLogFacility ,
		49	and
		50	.Cm SftpLogLevel
		51	options. The administrator may exert control over the file and directory
		52	permission and ownership, with
		53	.Cm SftpUmask ,
		54	.Cm SftpPermitChmod ,
		55	and
		56	.Cm SftpPermitChown
		57	. See
		58	.Xr sshd_config 5
45	for more information.	59	for more information.
46	.Sh SEE ALSO	60	.Sh SEE ALSO
47	.Xr sftp 1 ,	61	.Xr sftp 1 ,
48	.Xr ssh 1 ,	62	.Xr ssh 1 ,
49	.Xr sshd_config 5 ,	63	.Xr sshd_config 5 ,
50	.Xr sshd 8	64	.Xr sshd 8,
		65	.Xr sshd_config 5
51	.Rs	66	.Rs
52	.%A T. Ylonen	67	.%A T. Ylonen
53	.%A S. Lehtinen	68	.%A S. Lehtinen
54	-- openssh/sftp-server.c	69	++ openssh/sftp-server.c
Lines 31-36 Link Here
31	#define get_string(lenp) buffer_get_string(&iqueue, lenp);	31	#define get_string(lenp) buffer_get_string(&iqueue, lenp);
32	#define TRACE debug	32	#define TRACE debug
33		33
		34	/* SFTP_UMASK */
		35	static mode_t setumask = 0;
		36
		37	static int permit_chmod = 1;
		38	static int permit_chown = 1;
		39	static int permit_logging = 0;
		40
34	extern char *__progname;	41	extern char *__progname;
35		42
36	/* input and output queue */	43	/* input and output queue */
Lines 393-398 Link Here
393	a = get_attrib();	400	a = get_attrib();
394	flags = flags_from_portable(pflags);	401	flags = flags_from_portable(pflags);
395	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;	402	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
		403
		404	if (setumask != 0) {
		405	if ( permit_logging == 1 )
		406	logit("setting file creation mode to 0666 and umask to %o", setumask);
		407	mode = 0666;
		408	umask(setumask);
		409	}
		410
396	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);	411	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
397	fd = open(name, flags, mode);	412	fd = open(name, flags, mode);
398	if (fd < 0) {	413	if (fd < 0) {
Lines 406-411 Link Here
406	status = SSH2_FX_OK;	421	status = SSH2_FX_OK;
407	}	422	}
408	}	423	}
		424	if ( permit_logging == 1 )
		425	logit("open %s", name);
409	if (status != SSH2_FX_OK)	426	if (status != SSH2_FX_OK)
410	send_status(id, status);	427	send_status(id, status);
411	xfree(name);	428	xfree(name);
Lines 442-447 Link Here
442	(u_int64_t)off, len);	459	(u_int64_t)off, len);
443	if (len > sizeof buf) {	460	if (len > sizeof buf) {
444	len = sizeof buf;	461	len = sizeof buf;
		462	if ( permit_logging == 1 )
445	logit("read change len %d", len);	463	logit("read change len %d", len);
446	}	464	}
447	fd = handle_to_fd(handle);	465	fd = handle_to_fd(handle);
Lines 591-614 Link Here
591	a = get_attrib();	614	a = get_attrib();
592	TRACE("setstat id %u name %s", id, name);	615	TRACE("setstat id %u name %s", id, name);
593	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {	616	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
		617	if ( permit_logging == 1 )
		618	logit("process_setstat: truncate");
594	ret = truncate(name, a->size);	619	ret = truncate(name, a->size);
595	if (ret == -1)	620	if (ret == -1)
596	status = errno_to_portable(errno);	621	status = errno_to_portable(errno);
597	}	622	}
598	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {	623	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
599	ret = chmod(name, a->perm & 0777);	624	if (permit_chmod == 1) {
600	if (ret == -1)	625	ret = chmod(name, a->perm & 0777);
601	status = errno_to_portable(errno);	626	if (ret == -1)
		627	status = errno_to_portable(errno);
		628	else
		629	if ( permit_logging == 1 )
		630	logit("chmod'ed %s", name);
		631	} else {
		632	status = SSH2_FX_PERMISSION_DENIED;
		633	if ( permit_logging == 1 )
		634	logit("chmod %s: operation prohibited by sftp-server configuration.", name);
		635	}
602	}	636	}
603	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {	637	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
		638	if ( permit_logging == 1 )
		639	logit("process_setstat: utimes");
604	ret = utimes(name, attrib_to_tv(a));	640	ret = utimes(name, attrib_to_tv(a));
605	if (ret == -1)	641	if (ret == -1)
606	status = errno_to_portable(errno);	642	status = errno_to_portable(errno);
607	}	643	}
608	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {	644	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
609	ret = chown(name, a->uid, a->gid);	645	if (permit_chown == 1) {
610	if (ret == -1)	646	ret = chown(name, a->uid, a->gid);
611	status = errno_to_portable(errno);	647	if (ret == -1)
		648	status = errno_to_portable(errno);
		649	else
		650	if ( permit_logging == 1 )
		651	logit("chown'ed %s.", name);
		652	} else {
		653	status = SSH2_FX_PERMISSION_DENIED;
		654	if ( permit_logging == 1 )
		655	logit("chown %s: operation prohibited by sftp-server configuration.", name);
		656	}
612	}	657	}
613	send_status(id, status);	658	send_status(id, status);
614	xfree(name);	659	xfree(name);
Lines 623-628 Link Here
623	int status = SSH2_FX_OK;	668	int status = SSH2_FX_OK;
624	char *name;	669	char *name;
625		670
		671	if ( permit_logging == 1 )
		672	logit("process_fsetstat");
		673
626	id = get_int();	674	id = get_int();
627	handle = get_handle();	675	handle = get_handle();
628	a = get_attrib();	676	a = get_attrib();
Lines 633-652 Link Here
633	status = SSH2_FX_FAILURE;	681	status = SSH2_FX_FAILURE;
634	} else {	682	} else {
635	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {	683	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
		684	if ( permit_logging == 1 )
		685	logit("process_fsetstat: ftruncate");
636	ret = ftruncate(fd, a->size);	686	ret = ftruncate(fd, a->size);
637	if (ret == -1)	687	if (ret == -1)
638	status = errno_to_portable(errno);	688	status = errno_to_portable(errno);
639	}	689	}
640	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {	690	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
		691	if (permit_chmod == 1) {
641	#ifdef HAVE_FCHMOD	692	#ifdef HAVE_FCHMOD
642	ret = fchmod(fd, a->perm & 0777);	693	ret = fchmod(fd, a->perm & 0777);
643	#else	694	#else
644	ret = chmod(name, a->perm & 0777);	695	ret = chmod(name, a->perm & 0777);
645	#endif	696	#endif
646	if (ret == -1)	697	if (ret == -1)
647	status = errno_to_portable(errno);	698	status = errno_to_portable(errno);
		699	else
		700	if ( permit_logging == 1 )
		701	logit("chmod: succeeded.");
		702	} else {
		703	status = SSH2_FX_PERMISSION_DENIED;
		704	if ( permit_logging == 1 )
		705	logit("chmod: operation prohibited by sftp-server configuration.");
		706	}
648	}	707	}
649	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {	708	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
		709	if ( permit_logging == 1 )
		710	logit("process_fsetstat: utimes");
650	#ifdef HAVE_FUTIMES	711	#ifdef HAVE_FUTIMES
651	ret = futimes(fd, attrib_to_tv(a));	712	ret = futimes(fd, attrib_to_tv(a));
652	#else	713	#else
Lines 656-668 Link Here
656	status = errno_to_portable(errno);	717	status = errno_to_portable(errno);
657	}	718	}
658	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {	719	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
		720	if (permit_chown == 1) {
659	#ifdef HAVE_FCHOWN	721	#ifdef HAVE_FCHOWN
660	ret = fchown(fd, a->uid, a->gid);	722	ret = fchown(fd, a->uid, a->gid);
661	#else	723	#else
662	ret = chown(name, a->uid, a->gid);	724	ret = chown(name, a->uid, a->gid);
663	#endif	725	#endif
664	if (ret == -1)	726	if (ret == -1)
665	status = errno_to_portable(errno);	727	status = errno_to_portable(errno);
		728	else
		729	if ( permit_logging == 1 )
		730	logit("chown: succeeded");
		731	} else {
		732	status = SSH2_FX_PERMISSION_DENIED;
		733	if ( permit_logging == 1 )
		734	logit("chown: operation prohibited by sftp-server configuration.");
		735	}
666	}	736	}
667	}	737	}
668	send_status(id, status);	738	send_status(id, status);
Lines 692-697 Link Here
692	}	762	}
693		763
694	}	764	}
		765	if ( permit_logging == 1 )
		766	logit("opendir %s", path);
695	if (status != SSH2_FX_OK)	767	if (status != SSH2_FX_OK)
696	send_status(id, status);	768	send_status(id, status);
697	xfree(path);	769	xfree(path);
Lines 765-770 Link Here
765	TRACE("remove id %u name %s", id, name);	837	TRACE("remove id %u name %s", id, name);
766	ret = unlink(name);	838	ret = unlink(name);
767	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	839	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		840	if ( permit_logging == 1 )
		841	logit("remove file %s", name);
768	send_status(id, status);	842	send_status(id, status);
769	xfree(name);	843	xfree(name);
770	}	844	}
Lines 782-790 Link Here
782	a = get_attrib();	856	a = get_attrib();
783	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?	857	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
784	a->perm & 0777 : 0777;	858	a->perm & 0777 : 0777;
		859
		860	if (setumask != 0) {
		861	if ( permit_logging == 1 )
		862	logit("setting directory creation mode to 0777 and umask to %o.", setumask);
		863	mode = 0777;
		864	umask(setumask);
		865	}
		866
785	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);	867	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
786	ret = mkdir(name, mode);	868	ret = mkdir(name, mode);
787	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	869	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		870	if ( permit_logging == 1 )
		871	logit("mkdir %s", name);
788	send_status(id, status);	872	send_status(id, status);
789	xfree(name);	873	xfree(name);
790	}	874	}
Lines 801-806 Link Here
801	TRACE("rmdir id %u name %s", id, name);	885	TRACE("rmdir id %u name %s", id, name);
802	ret = rmdir(name);	886	ret = rmdir(name);
803	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	887	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
		888	if ( permit_logging == 1 )
		889	logit("rmdir %s", name);
804	send_status(id, status);	890	send_status(id, status);
805	xfree(name);	891	xfree(name);
806	}	892	}
Lines 827-832 Link Here
827	s.name = s.long_name = resolvedname;	913	s.name = s.long_name = resolvedname;
828	send_names(id, 1, &s);	914	send_names(id, 1, &s);
829	}	915	}
		916	if ( permit_logging == 1 )
		917	logit("realpath %s", path);
830	xfree(path);	918	xfree(path);
831	}	919	}
832		920
Lines 862-867 Link Here
862	status = SSH2_FX_OK;	950	status = SSH2_FX_OK;
863	}	951	}
864	send_status(id, status);	952	send_status(id, status);
		953	if ( permit_logging == 1 )
		954	logit("rename old %s new %s", oldpath, newpath);
865	xfree(oldpath);	955	xfree(oldpath);
866	xfree(newpath);	956	xfree(newpath);
867	}	957	}
Lines 887-892 Link Here
887	s.name = s.long_name = buf;	977	s.name = s.long_name = buf;
888	send_names(id, 1, &s);	978	send_names(id, 1, &s);
889	}	979	}
		980	if ( permit_logging == 1 )
		981	logit("readlink %s", path);
890	xfree(path);	982	xfree(path);
891	}	983	}
892		984
Lines 905-910 Link Here
905	ret = symlink(oldpath, newpath);	997	ret = symlink(oldpath, newpath);
906	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;	998	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
907	send_status(id, status);	999	send_status(id, status);
		1000	if ( permit_logging == 1 )
		1001	logit("symlink old %s new %s", oldpath, newpath);
908	xfree(oldpath);	1002	xfree(oldpath);
909	xfree(newpath);	1003	xfree(newpath);
910	}	1004	}
Lines 1026-1031 Link Here
1026	{	1120	{
1027	fd_set rset, wset;	1121	fd_set rset, wset;
1028	int in, out, max;	1122	int in, out, max;
		1123	unsigned int val = 0;
		1124	char *umask_env;
1029	ssize_t len, olen, set_size;	1125	ssize_t len, olen, set_size;
1030		1126
1031	/* XXX should use getopt */	1127	/* XXX should use getopt */
Lines 1033-1042 Link Here
1033	__progname = ssh_get_progname(av[0]);	1129	__progname = ssh_get_progname(av[0]);
1034	handle_init();	1130	handle_init();
1035		1131
		1132	/* Transaction logging */
		1133
		1134	if ( (getenv("LOG_SFTP") != NULL) && (atoi(getenv("LOG_SFTP")) == 1) )
		1135	{
		1136	permit_logging = 1;
		1137	log_init("sftp-server", (getenv("SFTP_LOG_LEVEL") != NULL) ? atoi(getenv("SFTP_LOG_LEVEL")) : SYSLOG_LEVEL_DEBUG1,
		1138	(getenv("SFTP_LOG_FACILITY") != NULL) ? atoi(getenv("SFTP_LOG_FACILITY")) : SYSLOG_FACILITY_AUTH, 0);
		1139	}
		1140
		1141
1036	#ifdef DEBUG_SFTP_SERVER	1142	#ifdef DEBUG_SFTP_SERVER
1037	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);	1143	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
1038	#endif	1144	#endif
1039		1145
		1146	if ( permit_logging == 1 )
		1147	logit("Starting sftp-server logging for user %s.", ((getenv("USER")!=NULL) ? getenv("USER") : "$USER==NULL"));
		1148
		1149	/* Umask control */
		1150
		1151	if ( (umask_env = getenv("SFTP_UMASK")) != NULL )
		1152	{
		1153	while (umask_env && umask_env >= '0' && *umask_env <= '9')
		1154	val = val * 8 + *umask_env++ - '0';
		1155
		1156	if (*umask_env \|\| val > 0777 \|\| val == 0) {
		1157	if ( permit_logging == 1 )
		1158	logit("bad value %o for SFTP_UMASK, turning umask control off.", val);
		1159	setumask = 0;
		1160	} else {
		1161	if ( permit_logging == 1 )
		1162	logit("umask control is on.");
		1163	setumask = val;
		1164	}
		1165	} else setumask = 0;
		1166
		1167
		1168	/* Sensitive client commands */
		1169
		1170	if ( (getenv("SFTP_PERMIT_CHMOD") != NULL) && (atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) ) {
		1171	permit_chmod = 0;
		1172	if ( permit_logging == 1 )
		1173	logit("client is not permitted to chmod.");
		1174	}
		1175	if ( (getenv("SFTP_PERMIT_CHOWN") != NULL) && (atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) ) {
		1176	permit_chown = 0;
		1177	if ( permit_logging == 1 )
		1178	logit("client is not permitted to chown.");
		1179	}
		1180
1040	in = dup(STDIN_FILENO);	1181	in = dup(STDIN_FILENO);
1041	out = dup(STDOUT_FILENO);	1182	out = dup(STDOUT_FILENO);
1042		1183
Lines 1079-1084 Link Here
1079	len = read(in, buf, sizeof buf);	1218	len = read(in, buf, sizeof buf);
1080	if (len == 0) {	1219	if (len == 0) {
1081	debug("read eof");	1220	debug("read eof");
		1221	if ( permit_logging == 1 )
		1222	logit("sftp-server finished.");
1082	exit(0);	1223	exit(0);
1083	} else if (len < 0) {	1224	} else if (len < 0) {
1084	error("read error");	1225	error("read error");
1085	-- openssh/sshd_config	1226	++ openssh/sshd_config
Lines 91-93 Link Here
91		91
92	# override default of no subsystems	92	# override default of no subsystems
93	Subsystem sftp /usr/libexec/sftp-server	93	Subsystem sftp /usr/libexec/sftp-server
94	-- openssh/sshd_config.5	94
		95	# sftp-server logging
		96	#LogSftp no
		97	#SftpLogFacility AUTH
		98	#SftpLogLevel INFO
		99
		100	# sftp-server umask control
		101	#SftpUmask
		102
		103	#SftpPermitChmod yes
		104	#SftpPermitChown yes
		105	++ openssh/sshd_config.5
Lines 396-399 Link Here
396	DEBUG2 and DEBUG3 each specify higher levels of debugging output.	396	DEBUG2 and DEBUG3 each specify higher levels of debugging output.
397	Logging with a DEBUG level violates the privacy of users and is not recommended.	397	Logging with a DEBUG level violates the privacy of users and is not recommended.
		398	.It Cm LogSftp
		399	Specifies whether to perform logging of
		400	.Nm sftp-server
		401	subsystem transactions. Must be "yes" or "no." The default value is "no."
398	.It Cm MACs	402	.It Cm MACs
399	Specifies the available MAC (message authentication code) algorithms.	403	Specifies the available MAC (message authentication code) algorithms.
Lines 558-563 Link Here
558	.It Cm ServerKeyBits	562	.It Cm ServerKeyBits
559	Defines the number of bits in the ephemeral protocol version 1 server key.	563	Defines the number of bits in the ephemeral protocol version 1 server key.
560	The minimum value is 512, and the default is 768.	564	The minimum value is 512, and the default is 768.
		565	.It Cm SftpLogFacility
		566	Gives the facility code that is used when logging
		567	.Nm sftp-server .
		568	transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0,
		569	LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
		570	The default is AUTH.
		571	.It Cm SftpLogLevel
		572	Gives the verbosity level that is used when logging messages from
		573	.Nm sftp-server .
		574	The possible values are:
		575	QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
		576	The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
		577	and DEBUG3 each specify higher levels of debugging output.
		578	Logging with a DEBUG level violates the privacy of users
		579	and is not recommended.
		580	.It Cm SftpPermitChmod
		581	Specifies whether the sftp-server allows the sftp client to execute chmod
		582	commands on the server. The default is yes.
		583	.It Cm SftpPermitChown
		584	Specifies whether the sftp-server allows the sftp client to execute chown
		585	or chgrp commands on the server. Turning this value on means that the client
		586	is allowed to execute both chown and chgrp commands. Turning it off means that
		587	the client is prohibited from executing either chown or chgrp.
		588	The default is yes.
		589	.It Cm SftpUmask
		590	Specifies an optional umask for
		591	.Nm sftp-server
		592	subsystem transactions. If a umask is given, this umask will override all system,
		593	environment or sftp client permission modes. If
		594	no umask or an invalid umask is given, file creation mode defaults to the permission
		595	mode specified by the sftp client. The default is for no umask.
561	.It Cm StrictModes	596	.It Cm StrictModes
562	Specifies whether	597	Specifies whether
563	.Nm sshd	598	.Nm sshd

Return to bug 474