|
1 # |
|
2 # This patch is to provide a SFTP DTrace provider which offers an administrator |
|
3 # some observability of SFTP data transfer. This was developed in-house. |
|
4 # Because this is Solaris-specific and not suitable for upstream, we will not |
|
5 # contribute the changes to the upstream community. |
|
6 # |
|
7 --- orig/Makefile.in Wed Apr 16 17:10:03 2014 |
|
8 +++ new/Makefile.in Wed Apr 23 11:00:05 2014 |
|
9 @@ -76,7 +76,8 @@ |
|
10 jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \ |
|
11 kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \ |
|
12 ssh-ed25519.o digest.o \ |
|
13 - sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o |
|
14 + sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ |
|
15 + sftp_provider.o |
|
16 |
|
17 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
|
18 sshconnect.o sshconnect1.o sshconnect2.o mux.o \ |
|
19 @@ -96,7 +97,7 @@ |
|
20 sftp-server.o sftp-common.o \ |
|
21 roaming_common.o roaming_serv.o \ |
|
22 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
|
23 - sandbox-seccomp-filter.o sandbox-capsicum.o |
|
24 + sandbox-seccomp-filter.o sandbox-capsicum.o sftp_provider.o |
|
25 |
|
26 MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
|
27 MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 |
|
28 @@ -173,8 +174,8 @@ |
|
29 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o |
|
30 $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
|
31 |
|
32 -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o |
|
33 - $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
|
34 +sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o sftp_provider.o |
|
35 + $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o sftp_provider.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
|
36 |
|
37 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o |
|
38 $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) |
|
39 @@ -211,9 +212,18 @@ |
|
40 -Dumac_update=umac128_update -Dumac_final=umac128_final \ |
|
41 -Dumac_delete=umac128_delete |
|
42 |
|
43 +# dtrace sftp |
|
44 +sftp_provider.h: $(srcdir)/sftp_provider.d |
|
45 + /usr/sbin/dtrace -xnolibs -h -s $(srcdir)/sftp_provider.d \ |
|
46 + -o $(srcdir)/sftp_provider.h |
|
47 + |
|
48 +sftp_provider.o: sftp_provider.d sftp_provider.h sftp-server.o |
|
49 + /usr/sbin/dtrace -G -32 -xnolibs -s $(srcdir)/sftp_provider.d \ |
|
50 + sftp-server.o -o sftp_provider.o |
|
51 + |
|
52 clean: regressclean |
|
53 rm -f *.o *.a $(TARGETS) logintest config.cache config.log |
|
54 - rm -f *.out core survey |
|
55 + rm -f *.out core survey sftp_provider.h |
|
56 (cd openbsd-compat && $(MAKE) clean) |
|
57 |
|
58 distclean: regressclean |
|
59 --- orig/sftp-server.c Wed Apr 16 18:44:37 2014 |
|
60 +++ new/sftp-server.c Thu Apr 17 11:53:54 2014 |
|
61 @@ -51,6 +51,9 @@ |
|
62 |
|
63 #include "sftp.h" |
|
64 #include "sftp-common.h" |
|
65 +#ifdef DTRACE_SFTP |
|
66 +#include "sftp_provider_impl.h" |
|
67 +#endif |
|
68 |
|
69 /* helper */ |
|
70 #define get_int64() buffer_get_int64(&iqueue); |
|
71 @@ -721,13 +724,24 @@ |
|
72 u_int32_t len; |
|
73 int handle, fd, ret, status = SSH2_FX_FAILURE; |
|
74 u_int64_t off; |
|
75 +#ifdef DTRACE_SFTP |
|
76 + char *fpath; |
|
77 +#endif |
|
78 |
|
79 handle = get_handle(); |
|
80 off = get_int64(); |
|
81 len = get_int(); |
|
82 +#ifdef DTRACE_SFTP |
|
83 + fpath = handle_to_name(handle); |
|
84 +#endif |
|
85 |
|
86 +#ifdef DTRACE_SFTP |
|
87 debug("request %u: read \"%s\" (handle %d) off %llu len %d", |
|
88 + id, fpath, handle, (unsigned long long)off, len); |
|
89 +#else |
|
90 + debug("request %u: read \"%s\" (handle %d) off %llu len %d", |
|
91 id, handle_to_name(handle), handle, (unsigned long long)off, len); |
|
92 +#endif |
|
93 if (len > sizeof buf) { |
|
94 len = sizeof buf; |
|
95 debug2("read change len %d", len); |
|
96 @@ -738,7 +752,13 @@ |
|
97 error("process_read: seek failed"); |
|
98 status = errno_to_portable(errno); |
|
99 } else { |
|
100 +#ifdef DTRACE_SFTP |
|
101 + SFTP_TRANSFER_START_OP("read", fd, fpath, len); |
|
102 +#endif |
|
103 ret = read(fd, buf, len); |
|
104 +#ifdef DTRACE_SFTP |
|
105 + SFTP_TRANSFER_DONE_OP("read", fd, fpath, ret); |
|
106 +#endif |
|
107 if (ret < 0) { |
|
108 status = errno_to_portable(errno); |
|
109 } else if (ret == 0) { |
|
110 @@ -761,13 +781,22 @@ |
|
111 u_int len; |
|
112 int handle, fd, ret, status; |
|
113 char *data; |
|
114 +#ifdef DTRACE_SFTP |
|
115 + char *fpath; |
|
116 +#endif |
|
117 |
|
118 handle = get_handle(); |
|
119 off = get_int64(); |
|
120 data = get_string(&len); |
|
121 - |
|
122 +#ifdef DTRACE_SFTP |
|
123 + fpath = handle_to_name(handle); |
|
124 debug("request %u: write \"%s\" (handle %d) off %llu len %d", |
|
125 + id, fpath, handle, (unsigned long long)off, len); |
|
126 +#else |
|
127 + debug("request %u: write \"%s\" (handle %d) off %llu len %d", |
|
128 id, handle_to_name(handle), handle, (unsigned long long)off, len); |
|
129 +#endif |
|
130 + |
|
131 fd = handle_to_fd(handle); |
|
132 |
|
133 if (fd < 0) |
|
134 @@ -779,7 +808,14 @@ |
|
135 error("process_write: seek failed"); |
|
136 } else { |
|
137 /* XXX ATOMICIO ? */ |
|
138 +#ifdef DTRACE_SFTP |
|
139 + SFTP_TRANSFER_START_OP("write", fd, fpath, len); |
|
140 +#endif |
|
141 ret = write(fd, data, len); |
|
142 +#ifdef DTRACE_SFTP |
|
143 + SFTP_TRANSFER_DONE_OP("write", fd, fpath, ret); |
|
144 +#endif |
|
145 + |
|
146 if (ret < 0) { |
|
147 error("process_write: write failed"); |
|
148 status = errno_to_portable(errno); |