SFTP Logging Redux.

Jason A . Dour jason at dour.org
Wed Jun 20 23:12:08 EST 2001


Sorry to repost, but I finally have the code on a machine that has
diff -u, and I've updated it for 2.9p2.  Attached is the unified
diff to add logging of SFTP activity to auth.info.

If there is a more proper way to contrib patches, please let me
know.


Cheers,
Jason
# "Jason A. Dour" <jason at dour.org>                  http://dour.org/
# Founder / Executive Producer - PJ Harvey Online - http://pjh.org/
-------------- next part --------------
--- sftp-server.c.orig	Tue Jun 19 16:32:45 2001
+++ sftp-server.c	Wed Jun 20 08:54:03 2001
@@ -52,8 +52,14 @@
 /* Version of client */
 int version;
 
-/* portable attibutes, etc. */
+/* User information. */
+#define CUNAME				cuname ? cuname : "UNKNOWN"
+struct passwd *upw;
+uid_t cuid;
+pid_t ppid;
+char *cuname;
 
+/* portable attibutes, etc. */
 typedef struct Stat Stat;
 
 struct Stat {
@@ -115,6 +121,28 @@
 	return flags;
 }
 
+void
+sflags_from_portable(char *psflags, int pflags)
+{
+	if (pflags & SSH2_FXF_READ)
+		*psflags = 'r';
+	psflags++;
+	if (pflags & SSH2_FXF_WRITE)
+		*psflags = 'w';
+	psflags++;
+	if (pflags & SSH2_FXF_APPEND)
+		*psflags = 'a';
+	psflags++;
+	if (pflags & SSH2_FXF_CREAT)
+		*psflags = 'c';
+	psflags++;
+	if (pflags & SSH2_FXF_TRUNC)
+		*psflags = 't';
+	psflags++;
+	if (pflags & SSH2_FXF_EXCL)
+		*psflags = 'e';
+}
+
 Attrib *
 get_attrib(void)
 {
@@ -370,6 +398,7 @@
 
 	version = buffer_get_int(&iqueue);
 	TRACE("client version %d", version);
+	log("(%d/%d/%s) Client version %d", ppid, cuid, CUNAME, version);
 	buffer_init(&msg);
 	buffer_put_char(&msg, SSH2_FXP_VERSION);
 	buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
@@ -382,7 +411,7 @@
 {
 	u_int32_t id, pflags;
 	Attrib *a;
-	char *name;
+	char *name, sflags[7] = "------";
 	int handle, fd, flags, mode, status = SSH2_FX_FAILURE;
 
 	id = get_int();
@@ -390,8 +419,10 @@
 	pflags = get_int();		/* portable flags */
 	a = get_attrib();
 	flags = flags_from_portable(pflags);
+	sflags_from_portable(&sflags[0], pflags);
 	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
 	TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode);
+	log("(%d/%d/%s) File/Dir opened: %s (%s,%04o)", ppid, cuid, CUNAME, name, sflags, mode);
 	fd = open(name, flags, mode);
 	if (fd < 0) {
 		status = errno_to_portable(errno);
@@ -589,6 +620,7 @@
 	name = get_string(NULL);
 	a = get_attrib();
 	TRACE("setstat id %d name %s", id, name);
+	log("(%d/%d/%s) Permissions altered: %s (%04o).", ppid, cuid, CUNAME, name, a->perm & 0777);
 	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 		ret = chmod(name, a->perm & 0777);
 		if (ret == -1)
@@ -623,6 +655,7 @@
 	TRACE("fsetstat id %d handle %d", id, handle);
 	fd = handle_to_fd(handle);
 	name = handle_to_name(handle);
+	log("(%d/%d/%s) Permissions altered: %s (%04o).", ppid, cuid, CUNAME, name, a->perm & 0777);
 	if (fd < 0 || name == NULL) {
 		status = SSH2_FX_FAILURE;
 	} else {
@@ -790,6 +823,7 @@
 	id = get_int();
 	name = get_string(NULL);
 	TRACE("remove id %d name %s", id, name);
+	log("(%d/%d/%s) File deleted: %s", ppid, cuid, CUNAME, name);
 	ret = unlink(name);
 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
@@ -810,6 +844,7 @@
 	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
 	    a->perm & 0777 : 0777;
 	TRACE("mkdir id %d name %s mode 0%o", id, name, mode);
+	log("(%d/%d/%s) Directory created: %s", ppid, cuid, CUNAME, name);
 	ret = mkdir(name, mode);
 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
@@ -826,6 +861,7 @@
 	id = get_int();
 	name = get_string(NULL);
 	TRACE("rmdir id %d name %s", id, name);
+	log("(%d/%d/%s) Directory deleted: %s", ppid, cuid, CUNAME, name);
 	ret = rmdir(name);
 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
@@ -869,6 +905,7 @@
 	oldpath = get_string(NULL);
 	newpath = get_string(NULL);
 	TRACE("rename id %d old %s new %s", id, oldpath, newpath);
+	log("(%d/%d/%s) File/Dir renamed: %s -> %s", ppid, cuid, CUNAME, oldpath, newpath);
 	/* fail if 'newpath' exists */
 	if (stat(newpath, &st) == -1) {
 		ret = rename(oldpath, newpath);
@@ -914,6 +951,7 @@
 	oldpath = get_string(NULL);
 	newpath = get_string(NULL);
 	TRACE("symlink id %d old %s new %s", id, oldpath, newpath);
+	log("(%d/%d/%s) Symbolic link created: %s -> %s", ppid, cuid, CUNAME, oldpath, newpath);
 	/* fail if 'newpath' exists */
 	if (stat(newpath, &st) == -1) {
 		ret = symlink(oldpath, newpath);
@@ -951,6 +989,7 @@
 	msg_len = GET_32BIT(cp);
 	if (msg_len > 256 * 1024) {
 		error("bad message ");
+		log("(%d/%d/%s) SFTP session closing (%s).", ppid, cuid, CUNAME, "Bad Message");
 		exit(11);
 	}
 	if (buffer_len(&iqueue) < msg_len + 4)
@@ -1036,10 +1075,27 @@
 	__progname = get_progname(av[0]);
 	handle_init();
 
+	/* Initialize the username of the user running the process. */
+	cuid = getuid();
+	if ((upw = getpwuid(cuid)) == NULL) {
+		cuname = NULL;
+	} else {
+		cuname = upw->pw_name;
+	}
+
+	/* Initialize the parent process ID. */
+	ppid = getppid();
+
+	/* Initialize the logfile, loglevel dependent on DEBUG compile-time setting. */
 #ifdef DEBUG_SFTP_SERVER
 	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+#else
+	log_init("sftp-server", SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0);
 #endif
 
+	/* Log session start. */
+	log("(%d/%d/%s) SFTP session started.", ppid, cuid, CUNAME);
+
 	in = dup(STDIN_FILENO);
 	out = dup(STDOUT_FILENO);
 
@@ -1073,6 +1129,7 @@
 		if (select(max+1, rset, wset, NULL, NULL) < 0) {
 			if (errno == EINTR)
 				continue;
+			log("(%d/%d/%s) SFTP session closing (%s).", ppid, cuid, CUNAME, "Select Error");
 			exit(2);
 		}
 
@@ -1082,9 +1139,11 @@
 			len = read(in, buf, sizeof buf);
 			if (len == 0) {
 				debug("read eof");
+				log("(%d/%d/%s) SFTP session closing (%s).", ppid, cuid, CUNAME, "EOF");
 				exit(0);
 			} else if (len < 0) {
 				error("read error");
+				log("(%d/%d/%s) SFTP session closing (%s).", ppid, cuid, CUNAME, "Read Error");
 				exit(1);
 			} else {
 				buffer_append(&iqueue, buf, len);
@@ -1095,6 +1154,7 @@
 			len = write(out, buffer_ptr(&oqueue), olen);
 			if (len < 0) {
 				error("write error");
+				log("(%d/%d/%s) SFTP session closing (%s).", ppid, cuid, CUNAME, "Write Error");
 				exit(1);
 			} else {
 				buffer_consume(&oqueue, len);


More information about the openssh-unix-dev mailing list