diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | session.c | 52 | ||||
| -rw-r--r-- | session.h | 3 |
3 files changed, 44 insertions, 15 deletions
| @@ -29,6 +29,10 @@ | |||
| 29 | [sftp-server.8 sftp-server.c] | 29 | [sftp-server.8 sftp-server.c] |
| 30 | tweak previous; | 30 | tweak previous; |
| 31 | ok djm | 31 | ok djm |
| 32 | - djm@cvs.openbsd.org 2013/10/14 21:20:52 | ||
| 33 | [session.c session.h] | ||
| 34 | Add logging of session starts in a useful format; ok markus@ feedback and | ||
| 35 | ok dtucker@ | ||
| 32 | 36 | ||
| 33 | 20131010 | 37 | 20131010 |
| 34 | - (dtucker) OpenBSD CVS Sync | 38 | - (dtucker) OpenBSD CVS Sync |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.267 2013/10/14 21:20:52 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -794,27 +794,50 @@ int | |||
| 794 | do_exec(Session *s, const char *command) | 794 | do_exec(Session *s, const char *command) |
| 795 | { | 795 | { |
| 796 | int ret; | 796 | int ret; |
| 797 | const char *forced = NULL; | ||
| 798 | char session_type[1024], *tty = NULL; | ||
| 797 | 799 | ||
| 798 | if (options.adm_forced_command) { | 800 | if (options.adm_forced_command) { |
| 799 | original_command = command; | 801 | original_command = command; |
| 800 | command = options.adm_forced_command; | 802 | command = options.adm_forced_command; |
| 801 | if (IS_INTERNAL_SFTP(command)) { | 803 | forced = "(config)"; |
| 802 | s->is_subsystem = s->is_subsystem ? | ||
| 803 | SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; | ||
| 804 | } else if (s->is_subsystem) | ||
| 805 | s->is_subsystem = SUBSYSTEM_EXT; | ||
| 806 | debug("Forced command (config) '%.900s'", command); | ||
| 807 | } else if (forced_command) { | 804 | } else if (forced_command) { |
| 808 | original_command = command; | 805 | original_command = command; |
| 809 | command = forced_command; | 806 | command = forced_command; |
| 807 | forced = "(key-option)"; | ||
| 808 | } | ||
| 809 | if (forced != NULL) { | ||
| 810 | if (IS_INTERNAL_SFTP(command)) { | 810 | if (IS_INTERNAL_SFTP(command)) { |
| 811 | s->is_subsystem = s->is_subsystem ? | 811 | s->is_subsystem = s->is_subsystem ? |
| 812 | SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; | 812 | SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; |
| 813 | } else if (s->is_subsystem) | 813 | } else if (s->is_subsystem) |
| 814 | s->is_subsystem = SUBSYSTEM_EXT; | 814 | s->is_subsystem = SUBSYSTEM_EXT; |
| 815 | debug("Forced command (key option) '%.900s'", command); | 815 | snprintf(session_type, sizeof(session_type), |
| 816 | "forced-command %s '%.900s'", forced, command); | ||
| 817 | } else if (s->is_subsystem) { | ||
| 818 | snprintf(session_type, sizeof(session_type), | ||
| 819 | "subsystem '%.900s'", s->subsys); | ||
| 820 | } else if (command == NULL) { | ||
| 821 | snprintf(session_type, sizeof(session_type), "shell"); | ||
| 822 | } else { | ||
| 823 | /* NB. we don't log unforced commands to preserve privacy */ | ||
| 824 | snprintf(session_type, sizeof(session_type), "command"); | ||
| 816 | } | 825 | } |
| 817 | 826 | ||
| 827 | if (s->ttyfd != -1) { | ||
| 828 | tty = s->tty; | ||
| 829 | if (strncmp(tty, "/dev/", 5) == 0) | ||
| 830 | tty += 5; | ||
| 831 | } | ||
| 832 | |||
| 833 | verbose("Starting session: %s%s%s for %s from %.200s port %d", | ||
| 834 | session_type, | ||
| 835 | tty == NULL ? "" : " on ", | ||
| 836 | tty == NULL ? "" : tty, | ||
| 837 | s->pw->pw_name, | ||
| 838 | get_remote_ipaddr(), | ||
| 839 | get_remote_port()); | ||
| 840 | |||
| 818 | #ifdef SSH_AUDIT_EVENTS | 841 | #ifdef SSH_AUDIT_EVENTS |
| 819 | if (command != NULL) | 842 | if (command != NULL) |
| 820 | PRIVSEP(audit_run_command(command)); | 843 | PRIVSEP(audit_run_command(command)); |
| @@ -2100,15 +2123,16 @@ session_subsystem_req(Session *s) | |||
| 2100 | struct stat st; | 2123 | struct stat st; |
| 2101 | u_int len; | 2124 | u_int len; |
| 2102 | int success = 0; | 2125 | int success = 0; |
| 2103 | char *prog, *cmd, *subsys = packet_get_string(&len); | 2126 | char *prog, *cmd; |
| 2104 | u_int i; | 2127 | u_int i; |
| 2105 | 2128 | ||
| 2129 | s->subsys = packet_get_string(&len); | ||
| 2106 | packet_check_eom(); | 2130 | packet_check_eom(); |
| 2107 | logit("subsystem request for %.100s by user %s", subsys, | 2131 | debug2("subsystem request for %.100s by user %s", s->subsys, |
| 2108 | s->pw->pw_name); | 2132 | s->pw->pw_name); |
| 2109 | 2133 | ||
| 2110 | for (i = 0; i < options.num_subsystems; i++) { | 2134 | for (i = 0; i < options.num_subsystems; i++) { |
| 2111 | if (strcmp(subsys, options.subsystem_name[i]) == 0) { | 2135 | if (strcmp(s->subsys, options.subsystem_name[i]) == 0) { |
| 2112 | prog = options.subsystem_command[i]; | 2136 | prog = options.subsystem_command[i]; |
| 2113 | cmd = options.subsystem_args[i]; | 2137 | cmd = options.subsystem_args[i]; |
| 2114 | if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { | 2138 | if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { |
| @@ -2127,10 +2151,9 @@ session_subsystem_req(Session *s) | |||
| 2127 | } | 2151 | } |
| 2128 | 2152 | ||
| 2129 | if (!success) | 2153 | if (!success) |
| 2130 | logit("subsystem request for %.100s failed, subsystem not found", | 2154 | logit("subsystem request for %.100s by user %s failed, " |
| 2131 | subsys); | 2155 | "subsystem not found", s->subsys, s->pw->pw_name); |
| 2132 | 2156 | ||
| 2133 | free(subsys); | ||
| 2134 | return success; | 2157 | return success; |
| 2135 | } | 2158 | } |
| 2136 | 2159 | ||
| @@ -2481,6 +2504,7 @@ session_close(Session *s) | |||
| 2481 | free(s->auth_display); | 2504 | free(s->auth_display); |
| 2482 | free(s->auth_data); | 2505 | free(s->auth_data); |
| 2483 | free(s->auth_proto); | 2506 | free(s->auth_proto); |
| 2507 | free(s->subsys); | ||
| 2484 | if (s->env != NULL) { | 2508 | if (s->env != NULL) { |
| 2485 | for (i = 0; i < s->num_env; i++) { | 2509 | for (i = 0; i < s->num_env; i++) { |
| 2486 | free(s->env[i].name); | 2510 | free(s->env[i].name); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */ | 1 | /* $OpenBSD: session.h,v 1.31 2013/10/14 21:20:52 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -55,6 +55,7 @@ struct Session { | |||
| 55 | int chanid; | 55 | int chanid; |
| 56 | int *x11_chanids; | 56 | int *x11_chanids; |
| 57 | int is_subsystem; | 57 | int is_subsystem; |
| 58 | char *subsys; | ||
| 58 | u_int num_env; | 59 | u_int num_env; |
| 59 | struct { | 60 | struct { |
| 60 | char *name; | 61 | char *name; |