2 # This patch is to provide a SFTP DTrace provider which offers an administrator |
2 # This patch is to provide a SFTP DTrace provider which offers an administrator |
3 # some observability of SFTP data transfer. This was developed in-house. |
3 # some observability of SFTP data transfer. This was developed in-house. |
4 # Because this is Solaris-specific and not suitable for upstream, we will not |
4 # Because this is Solaris-specific and not suitable for upstream, we will not |
5 # contribute the changes to the upstream community. |
5 # contribute the changes to the upstream community. |
6 # |
6 # |
7 --- orig/Makefile.in Wed Apr 16 17:10:03 2014 |
7 diff -pur old/Makefile.in new/Makefile.in |
8 +++ new/Makefile.in Wed Apr 23 11:00:05 2014 |
8 --- old/Makefile.in 2015-03-28 14:10:39.426859283 +0100 |
9 @@ -26,6 +26,7 @@ |
9 +++ new/Makefile.in 2015-03-28 14:16:12.472203388 +0100 |
|
10 @@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas |
10 SFTP_SERVER=$(libexecdir)/sftp-server |
11 SFTP_SERVER=$(libexecdir)/sftp-server |
11 SSH_KEYSIGN=$(libexecdir)/ssh-keysign |
12 SSH_KEYSIGN=$(libexecdir)/ssh-keysign |
12 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper |
13 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper |
13 +ROOTDLIBDIR64=$(DESTDIR)/usr/lib/dtrace/64 |
14 +ROOTDLIBDIR64=$(DESTDIR)/usr/lib/dtrace/64 |
14 PRIVSEP_PATH=@PRIVSEP_PATH@ |
15 PRIVSEP_PATH=@PRIVSEP_PATH@ |
15 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ |
16 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ |
16 STRIP_OPT=@STRIP_OPT@ |
17 STRIP_OPT=@STRIP_OPT@ |
17 @@ -76,7 +76,8 @@ |
18 @@ -85,6 +86,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ |
18 jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \ |
19 atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \ |
19 kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \ |
20 monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ |
20 ssh-ed25519.o digest.o \ |
21 msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ |
21 - sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o |
22 + sftp_provider.o \ |
22 + sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ |
23 ssh-pkcs11.o smult_curve25519_ref.o \ |
23 + sftp_provider.o |
24 poly1305.o chacha.o cipher-chachapoly.o \ |
24 |
25 ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \ |
25 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
26 @@ -110,7 +112,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw |
26 sshconnect.o sshconnect1.o sshconnect2.o mux.o \ |
|
27 @@ -96,7 +97,7 @@ |
|
28 sftp-server.o sftp-common.o \ |
27 sftp-server.o sftp-common.o \ |
29 roaming_common.o roaming_serv.o \ |
28 roaming_common.o roaming_serv.o \ |
30 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
29 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
31 - sandbox-seccomp-filter.o sandbox-capsicum.o |
30 - sandbox-seccomp-filter.o sandbox-capsicum.o |
32 + sandbox-seccomp-filter.o sandbox-capsicum.o sftp_provider.o |
31 + sandbox-seccomp-filter.o sandbox-capsicum.o sftp_provider.o |
33 |
32 |
34 MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
33 MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
35 MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 |
34 MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 |
36 @@ -173,8 +174,8 @@ |
35 @@ -187,8 +189,8 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) |
37 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o |
36 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o |
38 $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
37 $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
39 |
38 |
40 -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o |
39 -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o |
41 - $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
40 - $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
42 +sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o sftp_provider.o |
41 +sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o sftp_provider.o |
43 + $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o sftp_provider.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
42 + $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o sftp_provider.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
44 |
43 |
45 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o |
44 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o |
46 $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) |
45 $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) |
47 @@ -211,9 +212,18 @@ |
46 @@ -225,9 +227,18 @@ umac128.o: umac.c |
48 -Dumac_update=umac128_update -Dumac_final=umac128_final \ |
47 -Dumac_update=umac128_update -Dumac_final=umac128_final \ |
49 -Dumac_delete=umac128_delete |
48 -Dumac_delete=umac128_delete |
50 |
49 |
51 +# dtrace sftp |
50 +# dtrace sftp |
52 +sftp_provider.h: $(srcdir)/sftp_provider.d |
51 +sftp_provider.h: $(srcdir)/sftp_provider.d |
53 + /usr/sbin/dtrace -xnolibs -h -s $(srcdir)/sftp_provider.d \ |
52 + /usr/sbin/dtrace -xnolibs -h -s $(srcdir)/sftp_provider.d \ |
54 + -o $(srcdir)/sftp_provider.h |
53 + -o $(srcdir)/sftp_provider.h |
55 + |
54 + |
56 +sftp_provider.o: sftp_provider.d sftp_provider.h sftp-server.o |
55 +sftp_provider.o: sftp_provider.d sftp_provider.h sftp-server.o |
57 + /usr/sbin/dtrace -G -64 -xnolibs -s $(srcdir)/sftp_provider.d \ |
56 + /usr/sbin/dtrace -G -64 -xnolibs -s $(srcdir)/sftp_provider.d \ |
58 + sftp-server.o -o sftp_provider.o |
57 + sftp-server.o -o sftp_provider.o |
59 + |
58 + |
60 clean: regressclean |
59 clean: regressclean |
61 rm -f *.o *.a $(TARGETS) logintest config.cache config.log |
60 rm -f *.o *.a $(TARGETS) logintest config.cache config.log |
62 - rm -f *.out core survey |
61 - rm -f *.out core survey |
63 + rm -f *.out core survey sftp_provider.h |
62 + rm -f *.out core survey sftp_provider.h |
64 (cd openbsd-compat && $(MAKE) clean) |
63 rm -f regress/unittests/test_helper/*.a |
65 |
64 rm -f regress/unittests/test_helper/*.o |
66 distclean: regressclean |
65 rm -f regress/unittests/sshbuf/*.o |
67 @@ -313,6 +314,7 @@ |
66 @@ -340,6 +351,7 @@ install-files: |
68 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
67 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
69 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
68 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
70 ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
69 ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
71 + mkdir -p $(ROOTDLIBDIR64) && cp $(srcdir)/sftp64.d $(ROOTDLIBDIR64)/sftp64.d |
70 + mkdir -p $(ROOTDLIBDIR64) && cp $(srcdir)/sftp64.d $(ROOTDLIBDIR64)/sftp64.d |
72 |
71 |
73 install-sysconf: |
72 install-sysconf: |
74 if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ |
73 if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ |
75 --- orig/sftp-server.c Wed Apr 16 18:44:37 2014 |
74 diff -pur old/sftp-server.c new/sftp-server.c |
76 +++ new/sftp-server.c Thu Apr 17 11:53:54 2014 |
75 --- old/sftp-server.c 2015-03-17 06:49:20.000000000 +0100 |
77 @@ -51,6 +51,9 @@ |
76 +++ new/sftp-server.c 2015-03-28 14:27:55.661510029 +0100 |
|
77 @@ -55,6 +55,9 @@ |
78 |
78 |
79 #include "sftp.h" |
79 #include "sftp.h" |
80 #include "sftp-common.h" |
80 #include "sftp-common.h" |
81 +#ifdef DTRACE_SFTP |
81 +#ifdef DTRACE_SFTP |
82 +#include "sftp_provider_impl.h" |
82 +#include "sftp_provider_impl.h" |
83 +#endif |
83 +#endif |
84 |
84 |
85 /* helper */ |
85 /* Our verbosity */ |
86 #define get_int64() buffer_get_int64(&iqueue); |
86 static LogLevel log_level = SYSLOG_LEVEL_ERROR; |
87 @@ -721,13 +724,24 @@ |
87 @@ -741,14 +744,17 @@ process_read(u_int32_t id) |
88 u_int32_t len; |
88 u_int32_t len; |
89 int handle, fd, ret, status = SSH2_FX_FAILURE; |
89 int r, handle, fd, ret, status = SSH2_FX_FAILURE; |
90 u_int64_t off; |
90 u_int64_t off; |
91 +#ifdef DTRACE_SFTP |
|
92 + char *fpath; |
91 + char *fpath; |
93 +#endif |
|
94 |
92 |
95 handle = get_handle(); |
93 if ((r = get_handle(iqueue, &handle)) != 0 || |
96 off = get_int64(); |
94 (r = sshbuf_get_u64(iqueue, &off)) != 0 || |
97 len = get_int(); |
95 (r = sshbuf_get_u32(iqueue, &len)) != 0) |
98 +#ifdef DTRACE_SFTP |
96 fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
|
97 |
|
98 - debug("request %u: read \"%s\" (handle %d) off %llu len %d", |
|
99 - id, handle_to_name(handle), handle, (unsigned long long)off, len); |
99 + fpath = handle_to_name(handle); |
100 + fpath = handle_to_name(handle); |
100 +#endif |
101 + |
101 |
102 + debug("request %u: read \"%s\" (handle %d) off %llu len %d", |
102 +#ifdef DTRACE_SFTP |
|
103 debug("request %u: read \"%s\" (handle %d) off %llu len %d", |
|
104 + id, fpath, handle, (unsigned long long)off, len); |
103 + id, fpath, handle, (unsigned long long)off, len); |
105 +#else |
|
106 + debug("request %u: read \"%s\" (handle %d) off %llu len %d", |
|
107 id, handle_to_name(handle), handle, (unsigned long long)off, len); |
|
108 +#endif |
|
109 if (len > sizeof buf) { |
104 if (len > sizeof buf) { |
110 len = sizeof buf; |
105 len = sizeof buf; |
111 debug2("read change len %d", len); |
106 debug2("read change len %d", len); |
112 @@ -738,7 +752,13 @@ |
107 @@ -759,7 +765,13 @@ process_read(u_int32_t id) |
113 error("process_read: seek failed"); |
108 error("process_read: seek failed"); |
114 status = errno_to_portable(errno); |
109 status = errno_to_portable(errno); |
115 } else { |
110 } else { |
116 +#ifdef DTRACE_SFTP |
111 +#ifdef DTRACE_SFTP |
117 + SFTP_TRANSFER_START_OP("read", fd, fpath, len); |
112 + SFTP_TRANSFER_START_OP("read", fd, fpath, len); |
121 + SFTP_TRANSFER_DONE_OP("read", fd, fpath, ret); |
116 + SFTP_TRANSFER_DONE_OP("read", fd, fpath, ret); |
122 +#endif |
117 +#endif |
123 if (ret < 0) { |
118 if (ret < 0) { |
124 status = errno_to_portable(errno); |
119 status = errno_to_portable(errno); |
125 } else if (ret == 0) { |
120 } else if (ret == 0) { |
126 @@ -761,13 +781,22 @@ |
121 @@ -782,14 +794,16 @@ process_write(u_int32_t id) |
127 u_int len; |
122 size_t len; |
128 int handle, fd, ret, status; |
123 int r, handle, fd, ret, status; |
129 char *data; |
124 u_char *data; |
130 +#ifdef DTRACE_SFTP |
|
131 + char *fpath; |
125 + char *fpath; |
132 +#endif |
|
133 |
126 |
134 handle = get_handle(); |
127 if ((r = get_handle(iqueue, &handle)) != 0 || |
135 off = get_int64(); |
128 (r = sshbuf_get_u64(iqueue, &off)) != 0 || |
136 data = get_string(&len); |
129 (r = sshbuf_get_string(iqueue, &data, &len)) != 0) |
137 - |
130 fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
138 +#ifdef DTRACE_SFTP |
131 |
139 + fpath = handle_to_name(handle); |
132 + fpath = handle_to_name(handle); |
140 debug("request %u: write \"%s\" (handle %d) off %llu len %d", |
133 debug("request %u: write \"%s\" (handle %d) off %llu len %zu", |
|
134 - id, handle_to_name(handle), handle, (unsigned long long)off, len); |
141 + id, fpath, handle, (unsigned long long)off, len); |
135 + id, fpath, handle, (unsigned long long)off, len); |
142 +#else |
|
143 + debug("request %u: write \"%s\" (handle %d) off %llu len %d", |
|
144 id, handle_to_name(handle), handle, (unsigned long long)off, len); |
|
145 +#endif |
|
146 + |
|
147 fd = handle_to_fd(handle); |
136 fd = handle_to_fd(handle); |
148 |
137 |
149 if (fd < 0) |
138 if (fd < 0) |
150 @@ -779,7 +808,14 @@ |
139 @@ -801,7 +815,14 @@ process_write(u_int32_t id) |
151 error("process_write: seek failed"); |
140 error("process_write: seek failed"); |
152 } else { |
141 } else { |
153 /* XXX ATOMICIO ? */ |
142 /* XXX ATOMICIO ? */ |
154 +#ifdef DTRACE_SFTP |
143 +#ifdef DTRACE_SFTP |
155 + SFTP_TRANSFER_START_OP("write", fd, fpath, len); |
144 + SFTP_TRANSFER_START_OP("write", fd, fpath, len); |