head 1.17; access; symbols OPENPKG_E1_MP_HEAD:1.10 OPENPKG_E1_MP:1.10 OPENPKG_E1_MP_2_STABLE:1.7.2.1 OPENPKG_E1_FP:1.7.2.1 OPENPKG_2_STABLE_MP:1.11 OPENPKG_2_STABLE_20061018:1.7.2.1 OPENPKG_2_STABLE_20060622:1.7 OPENPKG_2_STABLE:1.7.0.2 OPENPKG_2_STABLE_BP:1.7 OPENPKG_2_5_RELEASE:1.5 OPENPKG_2_5_SOLID:1.5.0.2 OPENPKG_2_5_SOLID_BP:1.5 OPENPKG_2_4_RELEASE:1.4 OPENPKG_2_4_SOLID:1.4.0.2 OPENPKG_2_4_SOLID_BP:1.4 OPENPKG_CW_FP:1.3 OPENPKG_2_3_RELEASE:1.2 OPENPKG_2_3_SOLID:1.2.0.4 OPENPKG_2_3_SOLID_BP:1.2 OPENPKG_2_2_RELEASE:1.2 OPENPKG_2_2_SOLID:1.2.0.2 OPENPKG_2_2_SOLID_BP:1.2 OPENPKG_2_1_RELEASE:1.1 OPENPKG_2_1_SOLID:1.1.0.2 OPENPKG_2_1_SOLID_BP:1.1; locks; strict; comment @# @; 1.17 date 2009.10.02.11.17.28; author rse; state Exp; branches; next 1.16; commitid Xk4IjVbjJ3Tu3X5u; 1.16 date 2009.02.25.11.30.07; author rse; state Exp; branches; next 1.15; commitid bjaokXKw9Z0haODt; 1.15 date 2008.11.15.08.40.42; author rse; state Exp; branches; next 1.14; commitid 8GG33nMT781rvGqt; 1.14 date 2008.07.22.06.40.11; author rse; state Exp; branches; next 1.13; commitid wzX0cmZIEkegzLbt; 1.13 date 2008.03.31.07.00.50; author rse; state Exp; branches; next 1.12; commitid AkgVggnP8MUxjfXs; 1.12 date 2007.09.05.06.48.40; author rse; state Exp; branches; next 1.11; commitid WXY9IaCSoN1TVvws; 1.11 date 2007.03.10.08.35.34; author rse; state Exp; branches; next 1.10; commitid jNQ0JCZue7Iihw9s; 1.10 date 2006.11.09.21.41.57; author rse; state Exp; branches; next 1.9; commitid I2lg1HkDtkAdw2Ur; 1.9 date 2006.11.08.08.03.37; author rse; state Exp; branches; next 1.8; commitid rZGOJbUJEEXr1QTr; 1.8 date 2006.09.28.06.26.20; author rse; state Exp; branches; next 1.7; commitid ewMY8OERO6cONyOr; 1.7 date 2006.02.11.08.29.38; author rse; state Exp; branches 1.7.2.1; next 1.6; commitid jPhEN94SBe8uQ8lr; 1.6 date 2006.02.01.18.49.18; author rse; state Exp; branches; next 1.5; commitid xrZO6IobC2NZAUjr; 1.5 date 2005.09.01.18.21.39; author rse; state Exp; branches; next 1.4; 1.4 date 2005.05.29.08.10.06; author rse; state Exp; branches; next 1.3; 1.3 date 2005.03.12.06.54.54; author rse; state Exp; branches; next 1.2; 1.2 date 2004.08.17.18.01.27; author rse; state Exp; branches; next 1.1; 1.1 date 2004.03.29.12.44.23; author cs; state Exp; branches; next ; 1.7.2.1 date 2006.09.29.06.46.20; author rse; state Exp; branches; next 1.7.2.2; commitid VGQpsUXdDfQESGOr; 1.7.2.2 date 2006.11.08.08.58.50; author rse; state Exp; branches; next 1.7.2.3; commitid L8ZKn0WyVOQpkQTr; 1.7.2.3 date 2006.11.09.21.44.15; author rse; state Exp; branches; next 1.7.2.4; commitid uMAYSAS2AIt0x2Ur; 1.7.2.4 date 2007.03.18.23.32.09; author thl; state Exp; branches; next ; commitid j886gsownDQWXCas; desc @@ 1.17 log @upgrading package: openssh 5.2p1 -> 5.3p1 @ text @Index: servconf.c --- servconf.c.orig 2009-06-21 12:26:17 +0200 +++ servconf.c 2009-10-02 13:12:31 +0200 @@@@ -128,6 +128,12 @@@@ options->adm_forced_command = NULL; options->chroot_directory = NULL; options->zero_knowledge_password_authentication = -1; + options->log_sftp = LOG_SFTP_NOT_SET; + options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET; + options->sftp_log_level = SYSLOG_LEVEL_NOT_SET; + memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); + options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET; + options->sftp_permit_chown = SFTP_PERMIT_NOT_SET; } void @@@@ -262,6 +268,24 @@@@ if (options->zero_knowledge_password_authentication == -1) options->zero_knowledge_password_authentication = 0; + /* Turn sftp-server logging off by default */ + if (options->log_sftp == LOG_SFTP_NOT_SET) + options->log_sftp = LOG_SFTP_NO; + if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET) + options->sftp_log_facility = SYSLOG_FACILITY_AUTH; + if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET) + options->sftp_log_level = SYSLOG_LEVEL_INFO; + + /* Don't set sftp-server umask */ + if (!options->sftp_umask) + memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); + + /* allow sftp client to issue chmod, chown / chgrp commands */ + if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET) + options->sftp_permit_chmod = SFTP_PERMIT_YES; + if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET) + options->sftp_permit_chown = SFTP_PERMIT_YES; + /* Turn privilege separation on by default */ if (use_privsep == -1) use_privsep = 1; @@@@ -306,6 +330,9 @@@@ sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, + sLogSftp, sSftpLogFacility, sSftpLogLevel, + sSftpUmask, + sSftpPermitChown, sSftpPermitChmod, sDeprecated, sUnsupported } ServerOpCodes; @@@@ -320,6 +347,12 @@@@ u_int flags; } keywords[] = { /* Portable-specific options */ + { "logsftp", sLogSftp}, + { "sftplogfacility", sSftpLogFacility}, + { "sftploglevel", sSftpLogLevel}, + { "sftpumask", sSftpUmask}, + { "sftppermitchmod", sSftpPermitChmod}, + { "sftppermitchown", sSftpPermitChown}, #ifdef USE_PAM { "usepam", sUsePAM, SSHCFG_GLOBAL }, #else @@@@ -645,6 +678,8 @@@@ int port; u_int i, flags = 0; size_t len; + unsigned int umaskvalue = 0; + char *umaskptr; cp = line; if ((arg = strdelim(&cp)) == NULL) @@@@ -1178,6 +1213,58 @@@@ charptr = &options->banner; goto parse_filename; + case sLogSftp: + intptr = &options->log_sftp; + goto parse_flag; + + case sSftpLogFacility: + intptr = (int *) &options->sftp_log_facility; + arg = strdelim(&cp); + value = log_facility_number(arg); + if (value == SYSLOG_FACILITY_NOT_SET) + fatal("%.200s line %d: unsupported log facility '%s'", + filename, linenum, arg ? arg : ""); + if (*intptr == -1) + *intptr = (SyslogFacility) value; + break; + + case sSftpLogLevel: + intptr = (int *) &options->sftp_log_level; + arg = strdelim(&cp); + value = log_level_number(arg); + if (value == SYSLOG_LEVEL_NOT_SET) + fatal("%.200s line %d: unsupported log level '%s'", + filename, linenum, arg ? arg : ""); + if (*intptr == -1) + *intptr = (LogLevel) value; + break; + + case sSftpUmask: + arg = strdelim(&cp); + umaskptr = arg; + while (*arg && *arg >= '0' && *arg <= '9') + umaskvalue = umaskvalue * 8 + *arg++ - '0'; + if (*arg || umaskvalue > 0777) + fatal("%s line %d: bad value for umask", + filename, linenum); + else { + while (*umaskptr && *umaskptr == '0') + *umaskptr++; + strncpy(options->sftp_umask, umaskptr, + SFTP_UMASK_LENGTH); + } + + break; + + case sSftpPermitChmod: + intptr = &options->sftp_permit_chmod; + goto parse_flag; + + case sSftpPermitChown: + intptr = &options->sftp_permit_chown; + goto parse_flag; + + /* * These options can contain %X options expanded at * connect time, so that you can specify paths like: Index: servconf.h --- servconf.h.orig 2009-01-28 06:31:23 +0100 +++ servconf.h 2009-10-02 13:12:31 +0200 @@@@ -34,6 +34,19 @@@@ #define PERMIT_NO_PASSWD 2 #define PERMIT_YES 3 +/* sftp-server logging */ +#define LOG_SFTP_NOT_SET -1 +#define LOG_SFTP_NO 0 +#define LOG_SFTP_YES 1 + +/* sftp-server umask control */ +#define SFTP_UMASK_LENGTH 5 + +/* sftp-server client priviledge */ +#define SFTP_PERMIT_NOT_SET -1 +#define SFTP_PERMIT_NO 0 +#define SFTP_PERMIT_YES 1 + #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ @@@@ -151,6 +164,12 @@@@ int num_permitted_opens; char *chroot_directory; + int log_sftp; /* perform sftp-server logging */ + SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */ + LogLevel sftp_log_level; /* Level for sftp subsystem logging. */ + char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */ + int sftp_permit_chmod; + int sftp_permit_chown; } ServerOptions; void initialize_server_options(ServerOptions *); Index: session.c --- session.c.orig 2009-08-20 08:20:50 +0200 +++ session.c 2009-10-02 13:12:31 +0200 @@@@ -152,6 +152,15 @@@@ static int is_child = 0; +/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the + environment to the sftp-server subsystem. */ +static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6", + "7", "8", "9", "10", "11", "-1" }; +static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6", + "7", "-1" }; + +static char *sftpumask; + /* Name and directory of socket for authentication agent forwarding. */ static char *auth_sock_name = NULL; static char *auth_sock_dir = NULL; @@@@ -1283,6 +1292,67 @@@@ child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_sock_name); + /* LOG_SFTP */ + if (options.log_sftp == -1 ) + child_set_env(&env, &envsize, "LOG_SFTP", "-1"); + else if (options.log_sftp == 0) + child_set_env(&env, &envsize, "LOG_SFTP", "0"); + else + child_set_env(&env, &envsize, "LOG_SFTP", "1"); + + /* SFTP_LOG_FACILITY */ + if (options.sftp_log_facility < 0) + child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", + "-1"); + else + child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", + sysfac_to_int[options.sftp_log_facility]); + + /* SFTP_LOG_LEVEL */ + if (options.sftp_log_level < 0) + child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", + "-1"); + else + child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", + syslevel_to_int[options.sftp_log_level]); + + /* SFTP_UMASK */ + + if (options.sftp_umask[0] == '\0') + child_set_env(&env, &envsize, "SFTP_UMASK", + "" ); + else { + if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) { + +logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \ +will be turned off."); + + child_set_env(&env, &envsize, "SFTP_UMASK", + "" ); + } else { + strncpy(sftpumask, options.sftp_umask, + SFTP_UMASK_LENGTH); + child_set_env(&env, &envsize, "SFTP_UMASK", + sftpumask ); + } + } + + /* SFTP_PERMIT_CHMOD */ + if (options.sftp_permit_chmod == -1 ) + child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1"); + else if (options.sftp_permit_chmod == 0) + child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0"); + else + child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1"); + + /* SFTP_PERMIT_CHOWN */ + if (options.sftp_permit_chown == -1 ) + child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1"); + else if (options.sftp_permit_chown == 0) + child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0"); + else + child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1"); + /* read $HOME/.ssh/environment. */ if (options.permit_user_env && !options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", Index: sftp-server.8 --- sftp-server.8.orig 2009-06-21 09:52:28 +0200 +++ sftp-server.8 2009-10-02 13:12:31 +0200 @@@@ -49,6 +49,20 @@@@ .Cm Subsystem declaration. See +.Xr sshd 8 +for more information. Sftp-server transactions may be logged +using the +.Cm LogSftp , +.Cm SftpLogFacility , +and +.Cm SftpLogLevel +options. The administrator may exert control over the file and directory +permission and ownership, with +.Cm SftpUmask , +.Cm SftpPermitChmod , +and +.Cm SftpPermitChown +. See .Xr sshd_config 5 for more information. .Pp Index: sftp-server.c --- sftp-server.c.orig 2009-08-28 02:43:13 +0200 +++ sftp-server.c 2009-10-02 13:12:31 +0200 @@@@ -59,6 +59,12 @@@@ /* Our verbosity */ LogLevel log_level = SYSLOG_LEVEL_ERROR; +/* SFTP_UMASK */ +static mode_t setumask = 0; +static int permit_chmod = 1; +static int permit_chown = 1; +static int permit_logging = 0; + /* Our client */ struct passwd *pw = NULL; char *client_addr = NULL; @@@@ -551,6 +557,12 @@@@ a = get_attrib(); flags = flags_from_portable(pflags); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; + if (setumask != 0) { + if (permit_logging == 0) + logit("setting file creation mode to 0666 and umask to %o", setumask); + mode = 0666; + umask(setumask); + } logit("open \"%s\" flags %s mode 0%o", name, string_from_portable(pflags), mode); fd = open(name, flags, mode); @@@@ -565,6 +577,8 @@@@ status = SSH2_FX_OK; } } + if ( permit_logging == 1 ) + logit("open %s", name); if (status != SSH2_FX_OK) send_status(id, status); xfree(name); @@@@ -622,6 +636,8 @@@@ } } } + if ( permit_logging == 1 ) + logit("reading file"); if (status != SSH2_FX_OK) send_status(id, status); } @@@@ -661,6 +677,8 @@@@ } } } + if (permit_logging == 1) + logit("writing file"); send_status(id, status); xfree(data); } @@@@ -762,10 +780,19 @@@@ status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + if (permit_chmod == 1) { logit("set \"%s\" mode %04o", name, a->perm); ret = chmod(name, a->perm & 07777); if (ret == -1) status = errno_to_portable(errno); + else + if (permit_logging == 1) + logit("chmod'ed %s", name); + } else { + status = SSH2_FX_PERMISSION_DENIED; + if (permit_logging == 1) + logit("chmod %s: operation prohibited by sftp-server configuration.", name); + } } if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { char buf[64]; @@@@ -779,11 +806,20 @@@@ status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { + if (permit_chown == 1) { logit("set \"%s\" owner %lu group %lu", name, (u_long)a->uid, (u_long)a->gid); ret = chown(name, a->uid, a->gid); if (ret == -1) status = errno_to_portable(errno); + else + if (permit_logging == 1) + logit("chown'ed %s.", name); + } else { + status = SSH2_FX_PERMISSION_DENIED; + if (permit_logging == 1) + logit("chown %s: operation prohibited by sftp-server configuration.", name); + } } send_status(id, status); xfree(name); @@@@ -797,6 +833,9 @@@@ int handle, fd, ret; int status = SSH2_FX_OK; +if ( permit_logging == 1 ) +logit("process_fsetstat"); + id = get_int(); handle = get_handle(); a = get_attrib(); @@@@ -815,6 +854,7 @@@@ status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + if (permit_chmod == 1) { logit("set \"%s\" mode %04o", name, a->perm); #ifdef HAVE_FCHMOD ret = fchmod(fd, a->perm & 07777); @@@@ -823,6 +863,14 @@@@ #endif if (ret == -1) status = errno_to_portable(errno); + else + if (permit_logging == 1) + logit("chmod: succeeded."); + } else { + status = SSH2_FX_PERMISSION_DENIED; + if (permit_logging == 1) + logit("chmod: operation prohibited by sftp-server configuration."); + } } if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { char buf[64]; @@@@ -840,6 +888,7 @@@@ status = errno_to_portable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { + if (permit_chown == 1) { logit("set \"%s\" owner %lu group %lu", name, (u_long)a->uid, (u_long)a->gid); #ifdef HAVE_FCHOWN @@@@ -849,6 +898,14 @@@@ #endif if (ret == -1) status = errno_to_portable(errno); + else + if (permit_logging == 1) + logit("chown: succeeded"); + } else { + status = SSH2_FX_PERMISSION_DENIED; + if (permit_logging == 1) + logit("chown: operation prohibited by sftp-server configuration."); + } } } send_status(id, status); @@@@ -879,6 +936,8 @@@@ } } + if ( permit_logging == 1 ) + logit("opendir %s", path); if (status != SSH2_FX_OK) send_status(id, status); xfree(path); @@@@ -954,6 +1013,8 @@@@ logit("remove name \"%s\"", name); ret = unlink(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + if ( permit_logging == 1 ) + logit("remove file %s", name); send_status(id, status); xfree(name); } @@@@ -971,6 +1032,12 @@@@ a = get_attrib(); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm & 07777 : 0777; + if (setumask != 0) { + if (permit_logging == 1) + logit("setting directory creation mode to 0777 and umask to %o.", setumask); + mode = 0777; + umask(setumask); + } debug3("request %u: mkdir", id); logit("mkdir name \"%s\" mode 0%o", name, mode); ret = mkdir(name, mode); @@@@ -992,6 +1059,8 @@@@ logit("rmdir name \"%s\"", name); ret = rmdir(name); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + if ( permit_logging == 1 ) + logit("rmdir %s", name); send_status(id, status); xfree(name); } @@@@ -1019,6 +1088,8 @@@@ s.name = s.long_name = resolvedname; send_names(id, 1, &s); } + if ( permit_logging == 1 ) + logit("realpath %s", path); xfree(path); } @@@@ -1078,6 +1149,8 @@@@ status = SSH2_FX_OK; } send_status(id, status); + if ( permit_logging == 1 ) + logit("rename old %s new %s", oldpath, newpath); xfree(oldpath); xfree(newpath); } @@@@ -1104,6 +1177,8 @@@@ s.name = s.long_name = buf; send_names(id, 1, &s); } + if ( permit_logging == 1 ) + logit("readlink %s", path); xfree(path); } @@@@ -1123,6 +1198,8 @@@@ ret = symlink(oldpath, newpath); status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; send_status(id, status); + if ( permit_logging == 1 ) + logit("symlink old %s new %s", oldpath, newpath); xfree(oldpath); xfree(newpath); } @@@@ -1334,6 +1411,8 @@@@ ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; char *cp, buf[4*4096]; + unsigned int val = 0; + char *umask_env; extern char *optarg; extern char *__progname; @@@@ -1369,6 +1448,12 @@@@ } } + if (atoi(getenv("LOG_SFTP")) == 1) { + permit_logging = 1; + log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")), + atoi(getenv("SFTP_LOG_FACILITY")), 0); + } + else log_init(__progname, log_level, log_facility, log_stderr); if ((cp = getenv("SSH_CONNECTION")) != NULL) { @@@@ -1390,6 +1475,39 @@@@ in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO); + if ( permit_logging == 1 ) + logit("Starting sftp-server logging for user %s.", getenv("USER")); + + /* Umask control */ + + umask_env = getenv("SFTP_UMASK"); + while (*umask_env && *umask_env >= '0' && *umask_env <= '9') + val = val * 8 + *umask_env++ - '0'; + + if (*umask_env || val > 0777 || val == 0) { + if ( permit_logging == 1 ) + logit("bad value %o for SFTP_UMASK, turning umask control off.", val); + setumask = 0; + } else { + if ( permit_logging == 1 ) + logit("umask control is on."); + setumask = val; + }; + + + /* Sensitive client commands */ + + if (atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) { + permit_chmod = 0; + if ( permit_logging == 1 ) + logit("client is not permitted to chmod."); + }; + if (atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) { + permit_chown = 0; + if ( permit_logging == 1 ) + logit("client is not permitted to chown."); + }; + #ifdef HAVE_CYGWIN setmode(in, O_BINARY); setmode(out, O_BINARY); Index: sshd_config.5 --- sshd_config.5.orig 2009-08-28 02:27:08 +0200 +++ sshd_config.5 2009-10-02 13:12:31 +0200 @@@@ -544,6 +544,10 @@@@ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended. +.It Cm LogSftp +Specifies whether to perform logging of +.Nm sftp-server +subsystem transactions. Must be "yes" or "no." The default value is "no." .It Cm MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 @@@@ -819,6 +823,37 @@@@ .It Cm ServerKeyBits Defines the number of bits in the ephemeral protocol version 1 server key. The minimum value is 512, and the default is 1024. +.It Cm SftpLogFacility +Gives the facility code that is used when logging +.Nm sftp-server . +transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0, +LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. +The default is AUTH. +.It Cm SftpLogLevel +Gives the verbosity level that is used when logging messages from +.Nm sftp-server . +The possible values are: +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. +The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 +and DEBUG3 each specify higher levels of debugging output. +Logging with a DEBUG level violates the privacy of users +and is not recommended. +.It Cm SftpPermitChmod +Specifies whether the sftp-server allows the sftp client to execute chmod +commands on the server. The default is yes. +.It Cm SftpPermitChown +Specifies whether the sftp-server allows the sftp client to execute chown +or chgrp commands on the server. Turning this value on means that the client +is allowed to execute both chown and chgrp commands. Turning it off means that +the client is prohibited from executing either chown or chgrp. + The default is yes. +.It Cm SftpUmask +Specifies an optional umask for +.Nm sftp-server +subsystem transactions. If a umask is given, this umask will override all system, +environment or sftp client permission modes. If +no umask or an invalid umask is given, file creation mode defaults to the permission +mode specified by the sftp client. The default is for no umask. .It Cm StrictModes Specifies whether .Xr sshd 8 Index: sshd_config --- sshd_config.orig 2008-07-02 14:35:43 +0200 +++ sshd_config 2009-10-02 13:12:31 +0200 @@@@ -112,6 +112,17 @@@@ # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server +# sftp-server logging +#LogSftp no +#SftpLogFacility AUTH +#SftpLogLevel INFO + +# sftp-server umask control +#SftpUmask + +#SftpPermitChmod yes +#SftpPermitChown yes + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no @ 1.16 log @upgrading package: openssh 5.1p1 -> 5.2p1 @ text @d2 2 a3 2 --- servconf.c.orig 2009-01-28 06:31:23 +0100 +++ servconf.c 2009-02-25 12:25:26 +0100 d135 1 a135 1 +++ servconf.h 2009-02-25 12:25:01 +0100 d170 2 a171 2 --- session.c.orig 2009-01-28 06:29:49 +0100 +++ session.c 2009-02-25 12:25:01 +0100 d188 1 a188 1 @@@@ -1285,6 +1294,67 @@@@ d257 2 a258 2 --- sftp-server.8.orig 2008-07-21 10:20:40 +0200 +++ sftp-server.8 2009-02-25 12:25:01 +0100 d281 2 a282 2 --- sftp-server.c.orig 2008-07-04 06:10:19 +0200 +++ sftp-server.c 2009-02-25 12:25:01 +0100 d572 3 a574 3 --- sshd_config.5.orig 2009-02-23 01:00:24 +0100 +++ sshd_config.5 2009-02-25 12:25:01 +0100 @@@@ -539,6 +539,10 @@@@ d585 1 a585 1 @@@@ -814,6 +818,37 @@@@ d625 1 a625 1 +++ sshd_config 2009-02-25 12:25:01 +0100 @ 1.15 log @fix sftplogging patch @ text @d2 3 a4 4 --- servconf.c.orig 2008-07-04 05:51:12 +0200 +++ servconf.c 2008-07-22 08:33:33 +0200 @@@@ -127,6 +127,12 @@@@ options->num_permitted_opens = -1; d7 1 d17 3 a19 3 @@@@ -259,6 +265,24 @@@@ if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; d42 1 a42 2 @@@@ -302,6 +326,9 @@@@ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, d45 1 d52 1 a52 1 @@@@ -316,6 +343,12 @@@@ d65 2 a66 2 @@@@ -636,6 +669,8 @@@@ u_short port; d74 1 a74 1 @@@@ -1165,6 +1200,58 @@@@ d133 3 a135 2 --- servconf.h.orig 2008-06-10 15:01:51 +0200 +++ servconf.h 2008-07-22 08:33:13 +0200 d156 1 a156 1 @@@@ -149,6 +162,12 @@@@ d169 4 a172 3 --- session.c.orig 2008-06-16 15:29:18 +0200 +++ session.c 2008-07-22 08:33:13 +0200 @@@@ -146,6 +146,15 @@@@ d188 1 a188 1 @@@@ -1279,6 +1289,67 @@@@ d256 1 d258 1 a258 1 +++ sftp-server.8 2008-07-22 08:33:14 +0200 d280 1 d282 1 a282 1 +++ sftp-server.c 2008-07-22 08:35:27 +0200 d571 3 a573 2 --- sshd_config.5.orig 2008-07-02 14:35:43 +0200 +++ sshd_config.5 2008-07-22 08:35:50 +0200 d585 1 a585 1 @@@@ -812,6 +816,37 @@@@ d623 1 d625 1 a625 1 +++ sshd_config 2008-07-22 08:33:14 +0200 @ 1.14 log @upgrading package: openssh 5.0p1 -> 5.1p1 @ text @a132 1 Index: servconf.h a167 1 Index: session.c a185 8 @@@@ -1119,6 +1128,7 @@@@ env = xcalloc(envsize, sizeof(char *)); env[0] = NULL; + #ifdef HAVE_CYGWIN /* * The Windows environment contains some setting which are a253 1 Index: sftp-server.8 a276 1 Index: sftp-server.c d332 1 a332 1 @@@@ -762,10 +780,20 @@@@ a348 1 + } d352 1 a352 1 @@@@ -779,11 +807,20 @@@@ d373 1 a373 1 @@@@ -797,6 +834,9 @@@@ d383 1 a383 1 @@@@ -815,6 +855,7 @@@@ d391 1 a391 1 @@@@ -823,6 +864,14 @@@@ d406 1 a406 1 @@@@ -840,6 +889,7 @@@@ d414 1 a414 1 @@@@ -849,6 +899,14 @@@@ d429 1 a429 1 @@@@ -879,6 +937,8 @@@@ d438 1 a438 1 @@@@ -954,6 +1014,8 @@@@ d447 1 a447 1 @@@@ -971,6 +1033,12 @@@@ d460 1 a460 1 @@@@ -992,6 +1060,8 @@@@ d469 1 a469 1 @@@@ -1019,6 +1089,8 @@@@ d478 1 a478 1 @@@@ -1078,6 +1150,8 @@@@ d487 1 a487 1 @@@@ -1104,6 +1178,8 @@@@ d496 1 a496 1 @@@@ -1123,6 +1199,8 @@@@ d505 1 a505 1 @@@@ -1334,6 +1412,8 @@@@ d514 1 a514 1 @@@@ -1369,6 +1449,12 @@@@ d527 1 a527 1 @@@@ -1390,6 +1476,39 @@@@ a566 1 Index: sshd_config.5 a617 1 Index: sshd_config @ 1.13 log @upgrading package: openssh 4.7p1 -> 4.9p1 @ text @d2 3 a4 3 --- servconf.c.orig 2008-02-10 12:48:55 +0100 +++ servconf.c 2008-03-31 08:58:32 +0200 @@@@ -123,6 +123,12 @@@@ d17 1 a17 1 @@@@ -251,6 +257,24 @@@@ d42 1 a42 1 @@@@ -294,6 +318,9 @@@@ d45 1 a45 1 sUsePrivilegeSeparation, d52 1 a52 1 @@@@ -308,6 +335,12 @@@@ d65 1 a65 1 @@@@ -629,6 +662,8 @@@@ d74 1 a74 1 @@@@ -1150,6 +1185,58 @@@@ d134 2 a135 2 --- servconf.h.orig 2008-03-07 08:31:24 +0100 +++ servconf.h 2008-03-31 08:58:54 +0200 d154 1 d156 1 a156 2 /* Magic name for internal sftp-server */ @@@@ -146,6 +159,12 @@@@ d170 3 a172 3 --- session.c.orig 2008-03-27 01:03:05 +0100 +++ session.c 2008-03-31 08:57:29 +0200 @@@@ -144,6 +144,15 @@@@ d188 1 a188 1 @@@@ -1012,6 +1021,7 @@@@ d196 1 a196 1 @@@@ -1172,6 +1182,67 @@@@ d265 2 a266 2 --- sftp-server.8.orig 2007-06-05 10:27:13 +0200 +++ sftp-server.8 2008-03-31 08:57:29 +0200 d289 3 a291 3 --- sftp-server.c.orig 2008-03-07 08:33:53 +0100 +++ sftp-server.c 2008-03-31 08:57:29 +0200 @@@@ -53,6 +53,12 @@@@ d304 1 a304 1 @@@@ -509,6 +515,12 @@@@ d317 1 a317 1 @@@@ -523,6 +535,8 @@@@ d326 1 a326 1 @@@@ -580,6 +594,8 @@@@ d335 1 a335 1 @@@@ -619,6 +635,8 @@@@ d344 1 a344 1 @@@@ -720,10 +738,19 @@@@ d350 1 a350 1 ret = chmod(name, a->perm & 0777); d361 1 d365 1 a365 1 @@@@ -737,11 +764,20 @@@@ d386 1 a386 1 @@@@ -755,6 +791,9 @@@@ d396 1 a396 1 @@@@ -773,6 +812,7 @@@@ d403 2 a404 2 ret = fchmod(fd, a->perm & 0777); @@@@ -781,6 +821,14 @@@@ d419 1 a419 1 @@@@ -798,6 +846,7 @@@@ d427 1 a427 1 @@@@ -807,6 +856,14 @@@@ d442 1 a442 1 @@@@ -837,6 +894,8 @@@@ d451 1 a451 1 @@@@ -912,6 +971,8 @@@@ d460 1 a460 1 @@@@ -929,6 +990,12 @@@@ d463 1 a463 1 a->perm & 0777 : 0777; d473 1 a473 1 @@@@ -950,6 +1017,8 @@@@ d482 1 a482 1 @@@@ -977,6 +1046,8 @@@@ d491 1 a491 1 @@@@ -1033,6 +1104,8 @@@@ d500 1 a500 1 @@@@ -1059,6 +1132,8 @@@@ d509 1 a509 1 @@@@ -1078,6 +1153,8 @@@@ d518 1 a518 1 @@@@ -1249,6 +1326,8 @@@@ d527 1 a527 1 @@@@ -1284,6 +1363,12 @@@@ d540 1 a540 1 @@@@ -1305,6 +1390,39 @@@@ d581 3 a583 3 --- sshd_config.5.orig 2008-03-27 01:02:02 +0100 +++ sshd_config.5 2008-03-31 08:57:29 +0200 @@@@ -530,6 +530,10 @@@@ d594 1 a594 1 @@@@ -773,6 +777,37 @@@@ d597 1 a597 1 The minimum value is 512, and the default is 768. d633 3 a635 3 --- sshd_config.orig 2008-02-10 12:40:12 +0100 +++ sshd_config 2008-03-31 08:57:29 +0200 @@@@ -110,6 +110,17 @@@@ @ 1.12 log @upgrading package: openssh 4.6p1 -> 4.7p1 @ text @d2 3 a4 4 --- servconf.c.orig 2007-05-20 07:03:16 +0200 +++ servconf.c 2007-09-05 08:41:42 +0200 @@@@ -122,6 +122,12 @@@@ options->permit_tun = -1; d7 7 a13 6 + options->log_sftp = LOG_SFTP_NOT_SET; + options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET; + options->sftp_log_level = SYSLOG_LEVEL_NOT_SET; + memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); + options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET; + options->sftp_permit_chown = SFTP_PERMIT_NOT_SET; d17 1 a17 1 @@@@ -250,6 +256,24 @@@@ d42 1 a42 1 @@@@ -293,6 +317,9 @@@@ d44 1 a44 1 sMatch, sPermitOpen, sForceCommand, d52 1 a52 1 @@@@ -307,6 +334,12 @@@@ d65 1 a65 1 @@@@ -625,6 +658,8 @@@@ d74 1 a74 2 @@@@ -1145,6 +1180,58 @@@@ case sBanner: d77 1 a77 1 + d129 1 d134 2 a135 2 --- servconf.h.orig 2007-02-19 12:25:38 +0100 +++ servconf.h 2007-09-05 08:41:42 +0200 d155 3 a157 3 typedef struct { @@@@ -141,6 +154,13 @@@@ int permit_tun; d159 1 a159 1 int num_permitted_opens; a165 1 + d170 3 a172 3 --- session.c.orig 2007-08-16 15:28:04 +0200 +++ session.c 2007-09-05 08:41:42 +0200 @@@@ -138,6 +138,15 @@@@ d188 1 a188 1 @@@@ -1011,6 +1020,7 @@@@ d196 1 a196 1 @@@@ -1171,6 +1181,67 @@@@ d266 1 a266 1 +++ sftp-server.8 2007-09-05 08:41:42 +0200 d289 2 a290 2 --- sftp-server.c.orig 2007-05-20 07:09:05 +0200 +++ sftp-server.c 2007-09-05 08:42:11 +0200 d304 1 a304 1 @@@@ -499,6 +505,12 @@@@ d317 1 a317 1 @@@@ -513,6 +525,8 @@@@ d326 1 a326 1 @@@@ -570,6 +584,8 @@@@ d335 1 a335 1 @@@@ -609,6 +625,8 @@@@ d344 1 a344 1 @@@@ -710,10 +728,19 @@@@ d364 1 a364 1 @@@@ -727,11 +754,20 @@@@ d385 1 a385 1 @@@@ -745,6 +781,9 @@@@ d395 1 a395 1 @@@@ -763,6 +802,7 @@@@ d403 1 a403 1 @@@@ -771,6 +811,14 @@@@ d418 1 a418 1 @@@@ -788,6 +836,7 @@@@ d426 1 a426 1 @@@@ -797,6 +846,14 @@@@ d441 1 a441 1 @@@@ -827,6 +884,8 @@@@ d450 1 a450 1 @@@@ -902,6 +961,8 @@@@ d459 1 a459 1 @@@@ -919,6 +980,12 @@@@ d472 1 a472 1 @@@@ -940,6 +1007,8 @@@@ d481 1 a481 1 @@@@ -967,6 +1036,8 @@@@ d490 1 a490 1 @@@@ -1023,6 +1094,8 @@@@ d499 1 a499 1 @@@@ -1049,6 +1122,8 @@@@ d508 1 a508 1 @@@@ -1068,6 +1143,8 @@@@ d517 1 a517 1 @@@@ -1215,6 +1292,8 @@@@ d526 1 a526 1 @@@@ -1253,6 +1332,12 @@@@ d539 1 a539 1 @@@@ -1276,6 +1361,39 @@@@ d580 3 a582 3 --- sshd_config.5.orig 2007-06-11 06:07:13 +0200 +++ sshd_config.5 2007-09-05 08:41:42 +0200 @@@@ -483,6 +483,10 @@@@ d593 1 a593 1 @@@@ -725,6 +729,37 @@@@ d632 3 a634 3 --- sshd_config.orig 2007-03-21 10:42:25 +0100 +++ sshd_config 2007-09-05 08:41:42 +0200 @@@@ -109,6 +109,17 @@@@ @ 1.11 log @upgrading package: openssh 4.5p1 -> 4.6p1 @ text @d2 2 a3 2 --- servconf.c.orig 2007-03-01 11:31:29 +0100 +++ servconf.c 2007-03-10 09:32:01 +0100 d65 1 a65 1 @@@@ -626,6 +659,8 @@@@ d74 1 a74 1 @@@@ -1146,6 +1181,58 @@@@ d135 1 a135 1 +++ servconf.h 2007-03-10 09:32:01 +0100 d171 2 a172 2 --- session.c.orig 2007-02-19 12:10:25 +0100 +++ session.c 2007-03-10 09:32:01 +0100 d266 2 a267 2 --- sftp-server.8.orig 2006-09-26 12:14:28 +0200 +++ sftp-server.8 2007-03-10 09:32:01 +0100 d290 2 a291 2 --- sftp-server.c.orig 2007-01-05 06:31:03 +0100 +++ sftp-server.c 2007-03-10 09:32:01 +0100 d305 1 a305 1 @@@@ -498,6 +504,12 @@@@ d318 1 a318 1 @@@@ -512,6 +524,8 @@@@ d327 1 a327 1 @@@@ -569,6 +583,8 @@@@ d336 1 a336 1 @@@@ -608,6 +624,8 @@@@ d345 1 a345 1 @@@@ -708,10 +726,19 @@@@ d365 1 a365 1 @@@@ -725,11 +752,20 @@@@ d386 1 a386 1 @@@@ -743,6 +779,9 @@@@ d396 1 a396 1 @@@@ -760,6 +799,7 @@@@ d404 1 a404 1 @@@@ -768,6 +808,14 @@@@ d419 1 a419 1 @@@@ -785,6 +833,7 @@@@ d427 1 a427 1 @@@@ -794,6 +843,14 @@@@ d442 1 a442 1 @@@@ -824,6 +881,8 @@@@ d451 1 a451 1 @@@@ -899,6 +958,8 @@@@ d460 1 a460 1 @@@@ -916,6 +977,12 @@@@ d473 1 a473 1 @@@@ -937,6 +1004,8 @@@@ d482 1 a482 1 @@@@ -964,6 +1033,8 @@@@ d491 1 a491 1 @@@@ -1020,6 +1091,8 @@@@ d500 1 a500 1 @@@@ -1046,6 +1119,8 @@@@ d509 1 a509 1 @@@@ -1065,6 +1140,8 @@@@ d518 1 a518 1 @@@@ -1212,6 +1289,8 @@@@ d521 3 a523 3 char *cp; + unsigned int val = 0; + char *umask_env; d527 1 a527 1 @@@@ -1250,6 +1329,12 @@@@ d540 1 a540 1 @@@@ -1273,6 +1358,39 @@@@ d581 2 a582 2 --- sshd_config.5.orig 2007-03-06 11:21:18 +0100 +++ sshd_config.5 2007-03-10 09:32:01 +0100 d594 1 a594 1 @@@@ -722,6 +726,37 @@@@ d633 3 a635 3 --- sshd_config.orig 2006-07-24 06:06:47 +0200 +++ sshd_config 2007-03-10 09:32:01 +0100 @@@@ -105,6 +105,17 @@@@ @ 1.10 log @fix the sftplogging patch by moving some local variables from the wrong to the right function @ text @d2 2 a3 2 --- servconf.c.orig 2006-08-18 16:23:15 +0200 +++ servconf.c 2006-11-09 22:39:22 +0100 d134 2 a135 2 --- servconf.h.orig 2006-08-18 16:23:15 +0200 +++ servconf.h 2006-11-09 22:37:15 +0100 d171 2 a172 2 --- session.c.orig 2006-10-23 19:01:56 +0200 +++ session.c 2006-11-09 22:37:15 +0100 d267 1 a267 1 +++ sftp-server.8 2006-11-09 22:37:15 +0100 d290 2 a291 2 --- sftp-server.c.orig 2006-08-05 04:39:40 +0200 +++ sftp-server.c 2006-11-09 22:37:15 +0100 d581 3 a583 3 --- sshd_config.5.orig 2006-08-30 03:06:34 +0200 +++ sshd_config.5 2006-11-09 22:37:15 +0100 @@@@ -485,6 +485,10 @@@@ d594 1 a594 1 @@@@ -717,6 +721,37 @@@@ d634 1 a634 1 +++ sshd_config 2006-11-09 22:37:15 +0100 @ 1.9 log @upgrading package: openssh 4.4p1 -> 4.5p1 @ text @d3 1 a3 1 +++ servconf.c 2006-11-08 09:01:51 +0100 d65 6 a70 6 @@@@ -431,6 +464,8 @@@@ add_listen_addr(ServerOptions *options, char *addr, u_short port) { u_int i; + unsigned int umaskvalue = 0; + char *umaskptr; d72 2 a73 2 if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; d135 1 a135 1 +++ servconf.h 2006-11-08 09:01:51 +0100 d172 1 a172 1 +++ session.c 2006-11-08 09:01:51 +0100 d267 1 a267 1 +++ sftp-server.8 2006-11-08 09:01:51 +0100 d291 1 a291 1 +++ sftp-server.c 2006-11-08 09:01:51 +0100 d582 1 a582 1 +++ sshd_config.5 2006-11-08 09:01:51 +0100 d634 1 a634 1 +++ sshd_config 2006-11-08 09:01:51 +0100 @ 1.8 log @upgrading package: openssh 4.3p2 -> 4.4p1 @ text @d3 1 a3 1 +++ servconf.c 2006-09-28 08:06:00 +0200 d135 1 a135 1 +++ servconf.h 2006-09-28 08:05:25 +0200 d171 2 a172 2 --- session.c.orig 2006-09-01 07:38:37 +0200 +++ session.c 2006-09-28 08:04:35 +0200 d266 2 a267 2 --- sftp-server.8.orig 2006-09-26 12:57:06 +0200 +++ sftp-server.8 2006-09-28 08:04:35 +0200 d291 1 a291 1 +++ sftp-server.c 2006-09-28 08:18:48 +0200 d582 1 a582 1 +++ sshd_config.5 2006-09-28 08:04:35 +0200 d634 1 a634 1 +++ sshd_config 2006-09-28 08:19:22 +0200 @ 1.7 log @upgrading package: openssh 4.3p1 -> 4.3p2 @ text @d2 3 a4 4 --- servconf.c.orig 2005-12-13 09:33:20 +0100 +++ servconf.c 2006-02-11 09:28:21 +0100 @@@@ -103,6 +103,15 @@@@ options->num_accept_env = 0; d6 2 a7 1 d9 2 a10 3 + options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET; + options->sftp_log_level = SYSLOG_LEVEL_NOT_SET; + a11 1 + a13 3 + /* Needs to be accessable in many places */ use_privsep = -1; d15 3 a17 1 @@@@ -233,6 +242,24 @@@@ d42 1 a42 2 @@@@ -275,6 +302,9 @@@@ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, d44 1 d52 2 a53 2 @@@@ -284,6 +314,12 @@@@ ServerOpCodes opcode; d63 1 a63 1 { "usepam", sUsePAM }, d65 3 a67 3 @@@@ -446,6 +482,8 @@@@ ServerOpCodes opcode; u_short port; d72 3 a74 3 cp = line; arg = strdelim(&cp); @@@@ -932,6 +970,58 @@@@ d134 3 a136 3 --- servconf.h.orig 2005-12-13 09:29:03 +0100 +++ servconf.h 2006-02-11 09:28:21 +0100 @@@@ -35,6 +35,19 @@@@ d156 2 a157 2 @@@@ -137,6 +150,13 @@@@ int use_pam; /* Enable auth via PAM */ d159 1 a159 1 int permit_tun; d171 3 a173 3 --- session.c.orig 2006-02-08 00:18:55 +0100 +++ session.c 2006-02-11 09:28:21 +0100 @@@@ -113,6 +113,15 @@@@ d189 2 a190 2 @@@@ -975,6 +984,7 @@@@ env = xmalloc(envsize * sizeof(char *)); d197 1 a197 1 @@@@ -1135,6 +1145,67 @@@@ d266 3 a268 3 --- sftp-server.8.orig 2003-10-15 07:50:43 +0200 +++ sftp-server.8 2006-02-11 09:28:22 +0100 @@@@ -41,6 +41,20 @@@@ d270 1 a270 1 option. d288 1 a288 1 .Sh SEE ALSO d290 5 a294 5 --- sftp-server.c.orig 2006-01-02 13:40:51 +0100 +++ sftp-server.c 2006-02-11 09:28:22 +0100 @@@@ -32,6 +32,13 @@@@ #define get_string(lenp) buffer_get_string(&iqueue, lenp); #define TRACE debug a297 1 + d302 4 a305 4 extern char *__progname; /* input and output queue */ @@@@ -382,6 +389,14 @@@@ a308 1 + d310 2 a311 2 + if ( permit_logging == 1 ) + logit("setting file creation mode to 0666 and umask to %o", setumask); d315 2 a316 2 + TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); d318 1 a318 2 if (fd < 0) { @@@@ -395,6 +410,8 @@@@ d327 1 a327 9 @@@@ -431,6 +448,7 @@@@ (unsigned long long)off, len); if (len > sizeof buf) { len = sizeof buf; + if ( permit_logging == 1 ) logit("read change len %d", len); } fd = handle_to_fd(handle); @@@@ -450,6 +468,8 @@@@ d336 1 a336 6 @@@@ -484,10 +504,13 @@@@ } else if ((size_t)ret == len) { status = SSH2_FX_OK; } else { + if ( permit_logging == 1 ) logit("nothing at all written"); d340 2 a341 2 + if ( permit_logging == 1 ) + logit("writing file"); d345 1 a345 8 @@@@ -580,24 +603,46 @@@@ a = get_attrib(); TRACE("setstat id %u name %s", id, name); if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { +if ( permit_logging == 1 ) +logit("process_setstat: truncate"); ret = truncate(name, a->size); if (ret == -1) d350 1 d354 2 a355 2 + else + if ( permit_logging == 1 ) d359 2 a360 2 + if ( permit_logging == 1 ) + logit("chmod %s: operation prohibited by sftp-server configuration.", name); d364 2 a365 4 +if ( permit_logging == 1 ) +logit("process_setstat: utimes"); ret = utimes(name, attrib_to_tv(a)); if (ret == -1) d370 2 d375 2 a376 2 + else + if ( permit_logging == 1 ) d380 2 a381 2 + if ( permit_logging == 1 ) + logit("chown %s: operation prohibited by sftp-server configuration.", name); d386 2 a387 1 @@@@ -612,6 +657,9 @@@@ a388 1 char *name; d396 1 a396 8 @@@@ -622,11 +670,14 @@@@ status = SSH2_FX_FAILURE; } else { if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { +if ( permit_logging == 1 ) +logit("process_fsetstat: ftruncate"); ret = ftruncate(fd, a->size); if (ret == -1) d401 1 d404 1 a404 2 #else @@@@ -634,8 +685,18 @@@@ d408 2 a409 2 + else + if ( permit_logging == 1 ) d413 2 a414 2 + if ( permit_logging == 1 ) + logit("chmod: operation prohibited by sftp-server configuration."); d418 2 a419 6 +if ( permit_logging == 1 ) +logit("process_fsetstat: utimes"); #ifdef HAVE_FUTIMES ret = futimes(fd, attrib_to_tv(a)); #else @@@@ -645,6 +706,7 @@@@ d424 2 d427 1 a427 3 ret = fchown(fd, a->uid, a->gid); #else @@@@ -652,6 +714,14 @@@@ d431 2 a432 2 + else + if ( permit_logging == 1 ) d436 2 a437 2 + if ( permit_logging == 1 ) + logit("chown: operation prohibited by sftp-server configuration."); d442 1 a442 1 @@@@ -681,6 +751,8 @@@@ d451 2 a452 2 @@@@ -754,6 +826,8 @@@@ TRACE("remove id %u name %s", id, name); d460 1 a460 1 @@@@ -771,9 +845,19 @@@@ a463 1 + d465 2 a466 2 + if ( permit_logging == 1 ) + logit("setting directory creation mode to 0777 and umask to %o.", setumask); d470 2 a471 2 + TRACE("mkdir id %u name %s mode 0%o", id, name, mode); d473 2 a474 8 status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + if ( permit_logging == 1 ) + logit("mkdir %s", name); send_status(id, status); xfree(name); } @@@@ -790,6 +874,8 @@@@ TRACE("rmdir id %u name %s", id, name); d482 1 a482 1 @@@@ -816,6 +902,8 @@@@ d491 1 a491 1 @@@@ -871,6 +959,8 @@@@ d500 1 a500 1 @@@@ -896,6 +986,8 @@@@ d509 1 a509 1 @@@@ -914,6 +1006,8 @@@@ d518 4 a521 4 @@@@ -1035,6 +1129,8 @@@@ { fd_set *rset, *wset; int in, out, max; a523 1 ssize_t len, olen, set_size; d525 5 a529 4 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ @@@@ -1045,6 +1141,16 @@@@ __progname = ssh_get_progname(av[0]); handle_init(); d531 1 a531 4 + /* Transaction logging */ + + if (atoi(getenv("LOG_SFTP")) == 1) + { d535 6 a540 7 + }; + + #ifdef DEBUG_SFTP_SERVER log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); #endif @@@@ -1052,6 +1158,39 @@@@ a579 9 @@@@ -1091,6 +1230,8 @@@@ len = read(in, buf, sizeof buf); if (len == 0) { debug("read eof"); + if ( permit_logging == 1 ) + logit("sftp-server finished."); exit(0); } else if (len < 0) { error("read error"); d581 3 a583 3 --- sshd_config.5.orig 2006-01-03 08:47:31 +0100 +++ sshd_config.5 2006-02-11 09:28:22 +0100 @@@@ -426,6 +426,10 @@@@ d594 1 a594 1 @@@@ -597,6 +601,37 @@@@ d631 1 a631 1 .Nm sshd d633 3 a635 4 --- sshd_config.orig 2005-12-13 09:29:03 +0100 +++ sshd_config 2006-02-11 09:28:22 +0100 @@@@ -103,3 +103,14 @@@@ d638 1 a638 1 + d649 4 @ 1.7.2.1 log @MFC: security fixed version @ text @d2 4 a5 3 --- servconf.c.orig 2006-08-18 16:23:15 +0200 +++ servconf.c 2006-09-28 08:06:00 +0200 @@@@ -122,6 +122,12 @@@@ d7 1 a7 2 options->num_permitted_opens = -1; options->adm_forced_command = NULL; d9 3 a11 2 + options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET; + options->sftp_log_level = SYSLOG_LEVEL_NOT_SET; d13 1 d16 3 d20 1 a20 3 void @@@@ -250,6 +256,24 @@@@ d45 2 a46 1 @@@@ -293,6 +317,9 @@@@ a47 1 sMatch, sPermitOpen, sForceCommand, d55 2 a56 2 @@@@ -307,6 +334,12 @@@@ u_int flags; d66 1 a66 1 { "usepam", sUsePAM, SSHCFG_GLOBAL }, d68 3 a70 3 @@@@ -431,6 +464,8 @@@@ add_listen_addr(ServerOptions *options, char *addr, u_short port) { d75 3 a77 3 if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; @@@@ -1146,6 +1181,58 @@@@ d137 3 a139 3 --- servconf.h.orig 2006-08-18 16:23:15 +0200 +++ servconf.h 2006-09-28 08:05:25 +0200 @@@@ -34,6 +34,19 @@@@ d159 3 a161 1 @@@@ -141,6 +154,13 @@@@ a162 2 int num_permitted_opens; d174 3 a176 3 --- session.c.orig 2006-09-01 07:38:37 +0200 +++ session.c 2006-09-28 08:04:35 +0200 @@@@ -138,6 +138,15 @@@@ d192 2 a193 2 @@@@ -1011,6 +1020,7 @@@@ env = xcalloc(envsize, sizeof(char *)); d200 1 a200 1 @@@@ -1171,6 +1181,67 @@@@ d269 3 a271 3 --- sftp-server.8.orig 2006-09-26 12:57:06 +0200 +++ sftp-server.8 2006-09-28 08:04:35 +0200 @@@@ -49,6 +49,20 @@@@ d273 1 a273 1 declaration. d291 1 a291 1 .Pp d293 5 a297 5 --- sftp-server.c.orig 2006-08-05 04:39:40 +0200 +++ sftp-server.c 2006-09-28 08:18:48 +0200 @@@@ -53,6 +53,12 @@@@ /* Our verbosity */ LogLevel log_level = SYSLOG_LEVEL_ERROR; d301 1 d306 4 a309 4 /* Our client */ struct passwd *pw = NULL; char *client_addr = NULL; @@@@ -498,6 +504,12 @@@@ d313 1 d315 2 a316 2 + if (permit_logging == 0) + logit("setting file creation mode to 0666 and umask to %o", setumask); d320 2 a321 2 logit("open \"%s\" flags %s mode 0%o", name, string_from_portable(pflags), mode); d323 2 a324 1 @@@@ -512,6 +524,8 @@@@ d333 9 a341 1 @@@@ -569,6 +583,8 @@@@ d350 6 a355 1 @@@@ -608,6 +624,8 @@@@ d359 2 a360 2 + if (permit_logging == 1) + logit("writing file"); d364 8 a371 1 @@@@ -708,10 +726,19 @@@@ a375 1 logit("set \"%s\" mode %04o", name, a->perm); d379 2 a380 2 + else + if (permit_logging == 1) d384 2 a385 2 + if (permit_logging == 1) + logit("chmod %s: operation prohibited by sftp-server configuration.", name); d389 4 a392 2 char buf[64]; @@@@ -725,11 +752,20 @@@@ a396 2 logit("set \"%s\" owner %lu group %lu", name, (u_long)a->uid, (u_long)a->gid); d400 2 a401 2 + else + if (permit_logging == 1) d405 2 a406 2 + if (permit_logging == 1) + logit("chown %s: operation prohibited by sftp-server configuration.", name); d411 1 a411 2 @@@@ -743,6 +779,9 @@@@ int handle, fd, ret; d413 1 d421 8 a428 1 @@@@ -760,6 +799,7 @@@@ a432 1 logit("set \"%s\" mode %04o", name, a->perm); d435 2 a436 1 @@@@ -768,6 +808,14 @@@@ d440 2 a441 2 + else + if (permit_logging == 1) d445 2 a446 2 + if (permit_logging == 1) + logit("chmod: operation prohibited by sftp-server configuration."); d450 6 a455 2 char buf[64]; @@@@ -785,6 +833,7 @@@@ a459 2 logit("set \"%s\" owner %lu group %lu", name, (u_long)a->uid, (u_long)a->gid); d461 3 a463 1 @@@@ -794,6 +843,14 @@@@ d467 2 a468 2 + else + if (permit_logging == 1) d472 2 a473 2 + if (permit_logging == 1) + logit("chown: operation prohibited by sftp-server configuration."); d478 1 a478 1 @@@@ -824,6 +881,8 @@@@ d487 2 a488 2 @@@@ -899,6 +958,8 @@@@ logit("remove name \"%s\"", name); d496 1 a496 1 @@@@ -916,6 +977,12 @@@@ d500 1 d502 2 a503 2 + if (permit_logging == 1) + logit("setting directory creation mode to 0777 and umask to %o.", setumask); d507 2 a508 2 debug3("request %u: mkdir", id); logit("mkdir name \"%s\" mode 0%o", name, mode); d510 8 a517 2 @@@@ -937,6 +1004,8 @@@@ logit("rmdir name \"%s\"", name); d525 1 a525 1 @@@@ -964,6 +1033,8 @@@@ d534 1 a534 1 @@@@ -1020,6 +1091,8 @@@@ d543 1 a543 1 @@@@ -1046,6 +1119,8 @@@@ d552 1 a552 1 @@@@ -1065,6 +1140,8 @@@@ d561 4 a564 4 @@@@ -1212,6 +1289,8 @@@@ ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; char *cp; d567 1 d569 4 a572 5 extern char *optarg; extern char *__progname; @@@@ -1250,6 +1329,12 @@@@ } } d574 4 a577 1 + if (atoi(getenv("LOG_SFTP")) == 1) { d581 7 a587 6 + } + else log_init(__progname, log_level, log_facility, log_stderr); if ((cp = getenv("SSH_CONNECTION")) != NULL) { @@@@ -1273,6 +1358,39 @@@@ d627 9 d637 3 a639 3 --- sshd_config.5.orig 2006-08-30 03:06:34 +0200 +++ sshd_config.5 2006-09-28 08:04:35 +0200 @@@@ -485,6 +485,10 @@@@ d650 1 a650 1 @@@@ -717,6 +721,37 @@@@ d687 1 a687 1 .Xr sshd 8 d689 4 a692 3 --- sshd_config.orig 2006-07-24 06:06:47 +0200 +++ sshd_config 2006-09-28 08:19:22 +0200 @@@@ -105,6 +105,17 @@@@ d695 1 a695 1 a705 4 + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no @ 1.7.2.2 log @MFC: security fixed version plus HPN patch related packaging fixes @ text @d3 1 a3 1 +++ servconf.c 2006-11-08 09:01:51 +0100 d135 1 a135 1 +++ servconf.h 2006-11-08 09:01:51 +0100 d171 2 a172 2 --- session.c.orig 2006-10-23 19:01:56 +0200 +++ session.c 2006-11-08 09:01:51 +0100 d266 2 a267 2 --- sftp-server.8.orig 2006-09-26 12:14:28 +0200 +++ sftp-server.8 2006-11-08 09:01:51 +0100 d291 1 a291 1 +++ sftp-server.c 2006-11-08 09:01:51 +0100 d582 1 a582 1 +++ sshd_config.5 2006-11-08 09:01:51 +0100 d634 1 a634 1 +++ sshd_config 2006-11-08 09:01:51 +0100 @ 1.7.2.3 log @MFC: fix the sftplogging patch by moving some local variables from the wrong to the right function @ text @d3 1 a3 1 +++ servconf.c 2006-11-09 22:39:22 +0100 d65 6 a70 6 @@@@ -626,6 +659,8 @@@@ u_short port; u_int i, flags = 0; size_t len; + unsigned int umaskvalue = 0; + char *umaskptr; d72 2 a73 2 cp = line; if ((arg = strdelim(&cp)) == NULL) d135 1 a135 1 +++ servconf.h 2006-11-09 22:37:15 +0100 d172 1 a172 1 +++ session.c 2006-11-09 22:37:15 +0100 d267 1 a267 1 +++ sftp-server.8 2006-11-09 22:37:15 +0100 d291 1 a291 1 +++ sftp-server.c 2006-11-09 22:37:15 +0100 d582 1 a582 1 +++ sshd_config.5 2006-11-09 22:37:15 +0100 d634 1 a634 1 +++ sshd_config 2006-11-09 22:37:15 +0100 @ 1.7.2.4 log @MFC: make up leeway for 2_STABLE by virtue of build-time results @ text @d2 2 a3 2 --- servconf.c.orig 2007-03-01 11:31:29 +0100 +++ servconf.c 2007-03-10 09:32:01 +0100 d134 2 a135 2 --- servconf.h.orig 2007-02-19 12:25:38 +0100 +++ servconf.h 2007-03-10 09:32:01 +0100 d171 2 a172 2 --- session.c.orig 2007-02-19 12:10:25 +0100 +++ session.c 2007-03-10 09:32:01 +0100 d267 1 a267 1 +++ sftp-server.8 2007-03-10 09:32:01 +0100 d290 2 a291 2 --- sftp-server.c.orig 2007-01-05 06:31:03 +0100 +++ sftp-server.c 2007-03-10 09:32:01 +0100 d581 3 a583 3 --- sshd_config.5.orig 2007-03-06 11:21:18 +0100 +++ sshd_config.5 2007-03-10 09:32:01 +0100 @@@@ -483,6 +483,10 @@@@ d594 1 a594 1 @@@@ -722,6 +726,37 @@@@ d634 1 a634 1 +++ sshd_config 2007-03-10 09:32:01 +0100 @ 1.6 log @upgrading package: openssh 4.2p1 -> 4.3p1 @ text @d3 1 a3 1 +++ servconf.c 2006-02-01 19:44:14 +0100 d138 1 a138 1 +++ servconf.h 2006-02-01 19:45:29 +0100 d174 2 a175 2 --- session.c.orig 2005-12-24 04:59:12 +0100 +++ session.c 2006-02-01 19:44:14 +0100 d270 1 a270 1 +++ sftp-server.8 2006-02-01 19:44:14 +0100 d294 1 a294 1 +++ sftp-server.c 2006-02-01 19:44:14 +0100 d638 1 a638 1 +++ sshd_config.5 2006-02-01 19:44:14 +0100 d690 1 a690 1 +++ sshd_config 2006-02-01 19:44:14 +0100 @ 1.5 log @upgrading package: openssh 4.1p1 -> 4.2p1 @ text @d2 3 a4 4 --- servconf.c.orig 2005-08-12 14:11:37 +0200 +++ servconf.c 2005-09-01 20:09:58 +0200 @@@@ -102,6 +102,15 @@@@ options->authorized_keys_file2 = NULL; d6 1 d20 3 a22 3 @@@@ -230,6 +239,24 @@@@ if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; d45 1 a45 1 @@@@ -272,6 +299,9 @@@@ d47 1 a47 1 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, d55 1 a55 1 @@@@ -281,6 +311,12 @@@@ d68 1 a68 1 @@@@ -442,6 +478,8 @@@@ d77 1 a77 1 @@@@ -928,6 +966,58 @@@@ d137 2 a138 2 --- servconf.h.orig 2005-01-20 00:57:56 +0100 +++ servconf.h 2005-09-01 20:09:17 +0200 d159 1 a159 3 @@@@ -134,6 +147,13 @@@@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; d161 2 d164 2 a165 2 + SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */ + LogLevel sftp_log_level; /* Level for sftp subsystem logging. */ d174 2 a175 2 --- session.c.orig 2005-08-31 18:59:49 +0200 +++ session.c 2005-09-01 20:09:17 +0200 d192 1 a192 1 @@@@ -984,6 +993,7 @@@@ d200 1 a200 1 @@@@ -1144,6 +1154,67 @@@@ d270 1 a270 1 +++ sftp-server.8 2005-09-01 20:09:17 +0200 d293 3 a295 3 --- sftp-server.c.orig 2005-06-17 04:59:35 +0200 +++ sftp-server.c 2005-09-01 20:09:17 +0200 @@@@ -31,6 +31,13 @@@@ d309 1 a309 1 @@@@ -381,6 +388,14 @@@@ d324 1 a324 1 @@@@ -394,6 +409,8 @@@@ d333 2 a334 2 @@@@ -430,6 +447,7 @@@@ (u_int64_t)off, len); d341 1 a341 1 @@@@ -449,6 +467,8 @@@@ d350 1 a350 1 @@@@ -483,10 +503,13 @@@@ d364 1 a364 1 @@@@ -579,24 +602,46 @@@@ d411 1 a411 1 @@@@ -611,6 +656,9 @@@@ d421 1 a421 1 @@@@ -621,11 +669,14 @@@@ d436 1 a436 1 @@@@ -633,8 +684,18 @@@@ d455 1 a455 1 @@@@ -644,6 +705,7 @@@@ d463 1 a463 1 @@@@ -651,6 +713,14 @@@@ d478 1 a478 1 @@@@ -680,6 +750,8 @@@@ d487 1 a487 1 @@@@ -753,6 +825,8 @@@@ d496 1 a496 1 @@@@ -770,9 +844,19 @@@@ d516 1 a516 1 @@@@ -789,6 +873,8 @@@@ d525 1 a525 1 @@@@ -815,6 +901,8 @@@@ d534 1 a534 1 @@@@ -870,6 +958,8 @@@@ d543 1 a543 1 @@@@ -895,6 +985,8 @@@@ d552 1 a552 1 @@@@ -913,6 +1005,8 @@@@ d561 1 a561 1 @@@@ -1034,6 +1128,8 @@@@ d569 2 a570 2 /* XXX should use getopt */ @@@@ -1041,6 +1137,16 @@@@ d587 1 a587 1 @@@@ -1048,6 +1154,39 @@@@ d627 1 a627 1 @@@@ -1087,6 +1226,8 @@@@ d637 2 a638 2 --- sshd_config.5.orig 2005-07-26 13:54:57 +0200 +++ sshd_config.5 2005-09-01 20:09:17 +0200 d650 1 a650 1 @@@@ -585,6 +589,37 @@@@ d689 3 a691 3 --- sshd_config.orig 2005-07-26 13:54:57 +0200 +++ sshd_config 2005-09-01 20:09:17 +0200 @@@@ -102,3 +102,14 @@@@ @ 1.4 log @upgrading package: openssh 4.0p1 -> 4.1p1 @ text @d2 2 a3 2 --- servconf.c.orig 2005-03-14 13:08:12 +0100 +++ servconf.c 2005-05-29 10:05:23 +0200 d68 1 a68 2 @@@@ -441,6 +477,8 @@@@ int *intptr, value, i, n; d71 1 d77 1 a77 1 @@@@ -902,6 +940,58 @@@@ d138 1 a138 1 +++ servconf.h 2005-05-29 10:05:23 +0200 d174 3 a176 3 --- session.c.orig 2005-04-21 11:50:55 +0200 +++ session.c 2005-05-29 10:05:23 +0200 @@@@ -112,6 +112,15 @@@@ d192 1 a192 1 @@@@ -982,6 +991,7 @@@@ d200 1 a200 1 @@@@ -1142,6 +1152,67 @@@@ d270 1 a270 1 +++ sftp-server.8 2005-05-29 10:05:23 +0200 d293 2 a294 2 --- sftp-server.c.orig 2004-07-17 06:07:42 +0200 +++ sftp-server.c 2005-05-29 10:05:23 +0200 d351 1 a351 1 } else if (ret == len) { d637 3 a639 3 --- sshd_config.5.orig 2005-03-31 13:33:51 +0200 +++ sshd_config.5 2005-05-29 10:05:23 +0200 @@@@ -421,6 +421,10 @@@@ d650 1 a650 1 @@@@ -580,6 +584,37 @@@@ d689 2 a690 2 --- sshd_config.orig 2005-01-20 00:57:56 +0100 +++ sshd_config 2005-05-29 10:05:23 +0200 @ 1.3 log @port all patches to the new OpenSSH 4.0 source code world order @ text @d2 2 a3 2 --- servconf.c.orig 2005-03-01 11:24:33 +0100 +++ servconf.c 2005-03-12 07:50:20 +0100 d138 1 a138 1 +++ servconf.h 2005-03-12 07:49:44 +0100 d174 2 a175 2 --- session.c.orig 2005-03-06 12:38:52 +0100 +++ session.c 2005-03-12 07:49:44 +0100 d270 1 a270 1 +++ sftp-server.8 2005-03-12 07:49:44 +0100 d294 1 a294 1 +++ sftp-server.c 2005-03-12 07:49:44 +0100 d637 2 a638 2 --- sshd_config.5.orig 2005-03-01 11:24:34 +0100 +++ sshd_config.5 2005-03-12 07:49:44 +0100 d690 1 a690 1 +++ sshd_config 2005-03-12 07:49:44 +0100 @ 1.2 log @upgrading package: openssh 3.8.1p1 -> 3.9p1 @ text @d2 3 a4 3 --- servconf.c.orig 2004-08-13 13:30:24 +0200 +++ servconf.c 2004-08-17 19:57:16 +0200 @@@@ -103,6 +103,15 @@@@ d20 1 a20 1 @@@@ -231,6 +240,24 @@@@ d68 1 a68 2 @@@@ -437,6 +473,8 @@@@ char *cp, **charptr, *arg, *p; d71 3 a73 2 + unsigned int umaskvalue = 0; + char *umaskptr; d77 1 a77 1 @@@@ -881,6 +919,58 @@@@ d137 2 a138 2 --- servconf.h.orig 2004-06-25 05:33:20 +0200 +++ servconf.h 2004-08-17 19:55:16 +0200 d159 1 a159 1 @@@@ -133,6 +146,13 @@@@ d174 2 a175 2 --- session.c.orig 2004-08-12 14:40:25 +0200 +++ session.c 2004-08-17 19:54:21 +0200 d192 1 a192 1 @@@@ -974,6 +983,7 @@@@ d200 1 a200 1 @@@@ -1118,6 +1128,67 @@@@ d270 1 a270 1 +++ sftp-server.8 2004-08-17 19:54:21 +0200 d294 1 a294 1 +++ sftp-server.c 2004-08-17 19:56:22 +0200 d637 3 a639 3 --- sshd_config.5.orig 2004-06-30 14:39:34 +0200 +++ sshd_config.5 2004-08-17 19:54:21 +0200 @@@@ -407,6 +407,10 @@@@ d650 1 a650 1 @@@@ -567,6 +571,37 @@@@ d689 3 a691 3 --- sshd_config.orig 2004-05-24 02:36:24 +0200 +++ sshd_config 2004-08-17 19:54:21 +0200 @@@@ -101,3 +101,14 @@@@ @ 1.1 log @added patch based on http://sftplogging.sf.net/ which allows controlled umask-ing and controls chown/chmod in SFTP sessions @ text @d1 4 a4 5 diff -wur openssh-3.8p1.orig/servconf.c openssh-3.8p1/servconf.c --- openssh-3.8p1.orig/servconf.c 2004-01-23 12:03:10.000000000 +0100 +++ openssh-3.8p1/servconf.c 2004-03-29 10:44:26.000000000 +0200 @@@@ -102,6 +102,15 @@@@ options->authorized_keys_file = NULL; d6 1 d20 1 a20 1 @@@@ -228,6 +237,24 @@@@ d45 1 a45 1 @@@@ -268,6 +295,9 @@@@ d47 1 a47 1 sGssAuthentication, sGssCleanupCreds, d55 14 a68 14 @@@@ -366,6 +396,12 @@@@ { "authorizedkeysfile", sAuthorizedKeysFile }, { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, + { "logsftp", sLogSftp}, + { "sftplogfacility", sSftpLogFacility}, + { "sftploglevel", sSftpLogLevel}, + { "sftpumask", sSftpUmask}, + { "sftppermitchmod", sSftpPermitChmod}, + { "sftppermitchown", sSftpPermitChown}, { NULL, sBadOption } }; @@@@ -431,6 +467,8 @@@@ d77 1 a77 1 @@@@ -871,6 +909,58 @@@@ d136 4 a139 12 @@@@ -913,6 +1003,7 @@@@ if ((arg = strdelim(&cp)) != NULL && *arg != '\0') fatal("%s line %d: garbage at end of line; \"%.200s\".", filename, linenum, arg); + return 0; } diff -wur openssh-3.8p1.orig/servconf.h openssh-3.8p1/servconf.h --- openssh-3.8p1.orig/servconf.h 2003-12-31 01:37:34.000000000 +0100 +++ openssh-3.8p1/servconf.h 2004-03-29 10:44:26.000000000 +0200 @@@@ -32,6 +32,18 @@@@ d155 2 d159 1 a159 2 u_int num_ports; @@@@ -125,6 +137,13 @@@@ d173 3 a175 3 diff -wur openssh-3.8p1.orig/session.c openssh-3.8p1/session.c --- openssh-3.8p1.orig/session.c 2004-02-23 14:01:27.000000000 +0100 +++ openssh-3.8p1/session.c 2004-03-29 10:44:26.000000000 +0200 d192 1 a192 1 @@@@ -971,6 +980,7 @@@@ d200 1 a200 1 @@@@ -1111,6 +1121,67 @@@@ d268 3 a270 3 diff -wur openssh-3.8p1.orig/sftp-server.8 openssh-3.8p1/sftp-server.8 --- openssh-3.8p1.orig/sftp-server.8 2003-10-15 07:50:43.000000000 +0200 +++ openssh-3.8p1/sftp-server.8 2004-03-29 10:44:26.000000000 +0200 d292 3 a294 3 diff -wur openssh-3.8p1.orig/sftp-server.c openssh-3.8p1/sftp-server.c --- openssh-3.8p1.orig/sftp-server.c 2004-02-23 23:19:15.000000000 +0100 +++ openssh-3.8p1/sftp-server.c 2004-03-29 10:45:39.000000000 +0200 a305 1 #ifdef HAVE___PROGNAME d307 3 a309 2 #else @@@@ -385,6 +392,14 @@@@ d324 1 a324 1 @@@@ -398,6 +413,8 @@@@ d333 1 a333 1 @@@@ -434,6 +451,7 @@@@ d341 1 a341 1 @@@@ -453,6 +471,8 @@@@ d350 1 a350 1 @@@@ -487,10 +507,13 @@@@ d364 1 a364 1 @@@@ -583,24 +606,46 @@@@ d411 1 a411 1 @@@@ -615,6 +660,9 @@@@ d421 1 a421 1 @@@@ -625,11 +673,14 @@@@ d436 1 a436 1 @@@@ -637,8 +688,18 @@@@ d455 1 a455 1 @@@@ -648,6 +709,7 @@@@ d463 1 a463 1 @@@@ -655,6 +717,14 @@@@ d478 1 a478 1 @@@@ -684,6 +754,8 @@@@ d487 1 a487 1 @@@@ -757,6 +829,8 @@@@ d496 1 a496 1 @@@@ -774,9 +848,19 @@@@ d516 1 a516 1 @@@@ -793,6 +877,8 @@@@ d525 1 a525 1 @@@@ -819,6 +905,8 @@@@ d534 1 a534 1 @@@@ -854,6 +942,8 @@@@ d543 2 a544 2 @@@@ -879,6 +969,8 @@@@ s.name = s.long_name = link; d552 1 a552 1 @@@@ -897,6 +989,8 @@@@ d561 1 a561 1 @@@@ -1018,6 +1112,8 @@@@ d570 1 a570 1 @@@@ -1025,6 +1121,16 @@@@ d587 1 a587 1 @@@@ -1032,6 +1138,39 @@@@ d627 1 a627 1 @@@@ -1071,6 +1210,8 @@@@ d636 4 a639 22 diff -wur openssh-3.8p1.orig/sshd_config openssh-3.8p1/sshd_config --- openssh-3.8p1.orig/sshd_config 2003-12-31 01:38:32.000000000 +0100 +++ openssh-3.8p1/sshd_config 2004-03-29 10:44:26.000000000 +0200 @@@@ -95,3 +95,14 @@@@ # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server + +# sftp-server logging +#LogSftp no +#SftpLogFacility AUTH +#SftpLogLevel INFO + +# sftp-server umask control +#SftpUmask + +#SftpPermitChmod yes +#SftpPermitChown yes diff -wur openssh-3.8p1.orig/sshd_config.5 openssh-3.8p1/sshd_config.5 --- openssh-3.8p1.orig/sshd_config.5 2004-02-18 04:31:24.000000000 +0100 +++ openssh-3.8p1/sshd_config.5 2004-03-29 10:44:26.000000000 +0200 @@@@ -374,6 +374,10 @@@@ d650 1 a650 1 @@@@ -526,6 +530,37 @@@@ d688 18 @