search for: syslog_facility_auth

...rver.c openssh-3.5p1/sftp-server.c --- openssh-3.5p1-orig/sftp-server.c 2002-12-18 10:10:13.000000000 -0500 +++ openssh-3.5p1/sftp-server.c 2002-12-18 10:42:50.000000000 -0500 @@ -1021,7 +1021,7 @@ handle_init(); #ifdef DEBUG_SFTP_SERVER - log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); + log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0,NULL); #endif in = dup(STDIN_FILENO); diff -urN openssh-3.5p1-orig/sftp.c openssh-3.5p1/sftp.c --- openssh-3.5p1-orig/sftp.c 2002-12-18 10:10:13.000000000 -0500 +++ openssh-3.5p1/sftp.c 2002-12-18 10:43:04.00...

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --

...oups: %.100s", strerror(errno)); + permanently_set_uid(pw); +} +#endif /* CHROOT */ + static int errno_to_portable(int unixerrno) { @@ -1028,15 +1082,19 @@ int in, out, max; ssize_t len, olen, set_size; +#ifdef DEBUG_SFTP-SERVER + log_init("sftp-server", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); +#endif + +#ifdef CHROOT + chroot_init(); +#endif + /* XXX should use getopt */ __progname = get_progname(av[0]); handle_init(); -#ifdef DEBUG_SFTP_SERVER - log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); -#endif - in = dup(STDIN_FILENO); out = du...

...", (u_int)pw->pw_gid ); + + permanently_set_uid(pw); + +} +#endif /* CHROOT */ + static int errno_to_portable(int unixerrno) { @@ -1028,15 +1081,19 @@ int in, out, max; ssize_t len, olen, set_size; +#ifdef DEBUG_SFTP_SERVER + log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); +#endif + +#ifdef CHROOT + chroot_init(); +#endif + /* XXX should use getopt */ __progname = ssh_get_progname(av[0]); handle_init(); -#ifdef DEBUG_SFTP_SERVER - log_init(\"sftp-server\", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); -#endif - in = dup(STDIN_FILENO); ou...

...hd.c openssh-2.2.0p1-pen1/sshd.c *** openssh-2.2.0p1/sshd.c Tue Aug 29 02:05:50 2000 --- openssh-2.2.0p1-pen1/sshd.c Thu Jan 4 23:30:46 2001 *************** *** 552,558 **** log_init(av0, options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, ! !silent && !inetd_flag); /* Read server configuration options from the configuration file. */ read_server_config(&options, config_file_name); --- 552,558 ---- log_init(av0, options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,...

...et_uid(pw); +} +#endif /* CHROOT */ + static int errno_to_portable(int unixerrno) { @@ -1028,15 +1082,17 @@ int in, out, max; ssize_t len, olen, set_size; - /* XXX should use getopt */ +#ifdef DEBUG_SFTP-SERVER + log_init("sftp-server", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); +#endif + +#ifdef CHROOT + chroot_init(); +#endif __progname = get_progname(av[0]); handle_init(); -#ifdef DEBUG_SFTP_SERVER - log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); -#endif - in = dup(STDIN_FILENO); out =...

...ULL) { + cuname = NULL; + } else { + cuname = upw->pw_name; + } + + /* Initialize the parent process ID. */ + ppid = getppid(); + + /* Initialize the logfile, loglevel dependent on DEBUG compile-time setting. */ #ifdef DEBUG_SFTP_SERVER log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); +#else + log_init("sftp-server", SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); #endif + /* Log session start. */ + log("(%d/%d/%s) SFTP session started.", ppid, cuid, CUNAME); + in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO); @@ -1073,6 +1129,7 @@ if (select(ma...

...* * Force logging to stderr until we have loaded the private host ! * key (unless started from inetd) */ log_init(__progname, options.log_level == SYSLOG_LEVEL_NOT_SET ? SYSLOG_LEVEL_INFO : options.log_level, options.log_facility == SYSLOG_FACILITY_NOT_SET ? SYSLOG_FACILITY_AUTH : options.log_facility, ! !inetd_flag); #ifdef _CRAY /* Cray can define user privs drop all prives now! --- 713,726 ---- /* * Force logging to stderr until we have loaded the private host ! * key (unless started from inetd or init) */ log_init(__progname, opti...

...directory %s: %s",user_dir, strerror(errno)); + + setenv("HOME", new_root, 1); + break; + } + new_root += 2; + } +} +#endif /* CHROOT */ + int main(int ac, char **av) { @@ -1022,6 +1054,13 @@ #ifdef DEBUG_SFTP_SERVER log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); #endif + +#ifdef CHROOT + chroot_init(); +#endif /* CHROOT */ + + if (setuid(getuid()) != 0) + fatal("Couldn't drop privileges: %s", strerror(errno)); in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO); -- manfred heubach edv und neue medien Hindenburgstr. 47 D-73728 Ess...

Hello, I have noticed that the -u parameter to the sftp-server or internal-sftp subsystem is not working correctly. For openssh-5.6p1 I believe that the problem lies in this code, starting at line 1414 in sftp-server.c: ---------------------------------------------------------- case 'u': mask = (mode_t)strtonum(optarg, 0, 0777, &errmsg); if (errmsg != NULL)

.... */ + cuid = getuid(); + if ((upw = getpwuid(cuid)) == NULL) { + cuname = NULL; + } else { + cuname = xstrdup(upw->pw_name); + } + + /* Initialize the parent process ID. */ + ppid = getppid(); + + /* Initialize the logfile. */ + log_init("sftp-server", SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); + + /* Log session start. */ + log("(%d/%d/%s) SFTP session started.", ppid, cuid, CUNAME); + #endif + #ifdef DEBUG_SFTP_SERVER log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); #endif *************** *** 1087,1092 **** --- 1292,1300 ----...

Hi, I saw in archive that some people made a patch to sftp-server, and that patch sets a root path. I'd like to know if there's an ideia to apply that patch in main tree of openssh? With the use of SSHFS [wich uses sftp-server], it would be interesting to have someting like that, because as we have netboot workstations, the access to devices [such as, floppy, cdrom and usb data] are

I'm working on setting up a semi-trusted sftp service, and to get it working, I need chroot capability. I've taken the /./ wuftpd magic token code from contrib/chroot.diff and put it into the sftp server. The main problem is that privileges have been dropped by the time the subsystem is exec'ed, so my patch requires that sftp-server be setuid root. Not ideal, I know, but I drop all

...fprintf(stderr, - "usage: %s [-he] [-l log_level] [-f log_facility]\n", __progname); + "usage: %s [-he] [-l log_level] [-F config_file] [-f log_facility]\n", __progname); exit(1); } @@ -1215,6 +1395,7 @@ ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; char *cp, buf[4*4096]; + int config_file_mandatory = 0; extern char *optarg; extern char *__progname; @@ -1225,7 +1406,7 @@ __progname = ssh_get_progname(argv[0]); log_init(__progname, log_level, log_facility, log_stderr); - while (!skipargs && (ch = getopt(argc, argv, "...

...t agent_fd; - char *pkcs11provider = NULL, *skprovider = NULL; + char *pkcs11provider = NULL, *skprovider = NULL, *opensslengine = NULL; int r, i, ch, deleting = 0, ret = 0, key_only = 0, do_download = 0; int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; @@ -653,7 +679,7 @@ main(int argc, char **argv) skprovider = getenv("SSH_SK_PROVIDER"); - while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) { + while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:o:")) != -1) { switch (ch) { case...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the