diff -r c60efbddf9c8 -r c11a68c3a63d components/openssh/patches/013-dtrace_sftp.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssh/patches/013-dtrace_sftp.patch Fri Jan 27 14:23:05 2017 -0800 @@ -0,0 +1,137 @@ +# +# This patch is to provide a SFTP DTrace provider which offers an administrator +# some observability of SFTP data transfer. This was developed in-house. +# Because this is Solaris-specific and not suitable for upstream, we will not +# contribute the changes to the upstream community. +# +diff -pur old/Makefile.in new/Makefile.in +--- old/Makefile.in ++++ new/Makefile.in +@@ -85,6 +85,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ + atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \ + monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ + msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ ++ sftp_provider.o \ + ssh-pkcs11.o smult_curve25519_ref.o \ + poly1305.o chacha.o cipher-chachapoly.o \ + ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \ +@@ -107,7 +108,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw + monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \ + auth2-gss.o gss-serv.o gss-serv-krb5.o \ + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ +- sftp-server.o sftp-common.o \ ++ sftp-server.o sftp-common.o sftp_provider.o \ + sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ + sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ + sandbox-solaris.o +@@ -187,8 +188,8 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o + $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + +-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o +- $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ++sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o sftp_provider.o ++ $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o sftp_provider.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + + sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) +@@ -225,9 +226,18 @@ umac128.o: umac.c + -Dumac_update=umac128_update -Dumac_final=umac128_final \ + -Dumac_delete=umac128_delete -Dumac_ctx=umac128_ctx + ++# dtrace sftp ++sftp_provider.h: $(srcdir)/sftp_provider.d ++ /usr/sbin/dtrace -xnolibs -h -s $(srcdir)/sftp_provider.d \ ++ -o $(srcdir)/sftp_provider.h ++ ++sftp_provider.o: sftp_provider.d sftp_provider.h sftp-server.o ++ /usr/sbin/dtrace -G -32 -xnolibs -s $(srcdir)/sftp_provider.d \ ++ sftp-server.o -o sftp_provider.o ++ + clean: regressclean + rm -f *.o *.a $(TARGETS) logintest config.cache config.log +- rm -f *.out core survey ++ rm -f *.out core survey sftp_provider.h + rm -f regress/unittests/test_helper/*.a + rm -f regress/unittests/test_helper/*.o + rm -f regress/unittests/sshbuf/*.o +diff -pur old/sftp-server.c new/sftp-server.c +--- old/sftp-server.c ++++ new/sftp-server.c +@@ -51,6 +51,9 @@ + + #include "sftp.h" + #include "sftp-common.h" ++#ifdef DTRACE_SFTP ++#include "sftp_provider_impl.h" ++#endif + + /* Our verbosity */ + static LogLevel log_level = SYSLOG_LEVEL_ERROR; +@@ -737,14 +740,17 @@ process_read(u_int32_t id) + u_int32_t len; + int r, handle, fd, ret, status = SSH2_FX_FAILURE; + u_int64_t off; ++ char *fpath; + + if ((r = get_handle(iqueue, &handle)) != 0 || + (r = sshbuf_get_u64(iqueue, &off)) != 0 || + (r = sshbuf_get_u32(iqueue, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + +- debug("request %u: read \"%s\" (handle %d) off %llu len %d", +- id, handle_to_name(handle), handle, (unsigned long long)off, len); ++ fpath = handle_to_name(handle); ++ ++ debug("request %u: read \"%s\" (handle %d) off %llu len %d", ++ id, fpath, handle, (unsigned long long)off, len); + if (len > sizeof buf) { + len = sizeof buf; + debug2("read change len %d", len); +@@ -755,7 +761,13 @@ process_read(u_int32_t id) + error("process_read: seek failed"); + status = errno_to_portable(errno); + } else { ++#ifdef DTRACE_SFTP ++ SFTP_TRANSFER_START_OP("read", fd, fpath, len); ++#endif + ret = read(fd, buf, len); ++#ifdef DTRACE_SFTP ++ SFTP_TRANSFER_DONE_OP("read", fd, fpath, ret); ++#endif + if (ret < 0) { + status = errno_to_portable(errno); + } else if (ret == 0) { +@@ -778,14 +790,16 @@ process_write(u_int32_t id) + size_t len; + int r, handle, fd, ret, status; + u_char *data; ++ char *fpath; + + if ((r = get_handle(iqueue, &handle)) != 0 || + (r = sshbuf_get_u64(iqueue, &off)) != 0 || + (r = sshbuf_get_string(iqueue, &data, &len)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + ++ fpath = handle_to_name(handle); + debug("request %u: write \"%s\" (handle %d) off %llu len %zu", +- id, handle_to_name(handle), handle, (unsigned long long)off, len); ++ id, fpath, handle, (unsigned long long)off, len); + fd = handle_to_fd(handle); + + if (fd < 0) +@@ -797,7 +811,14 @@ process_write(u_int32_t id) + error("process_write: seek failed"); + } else { + /* XXX ATOMICIO ? */ ++#ifdef DTRACE_SFTP ++ SFTP_TRANSFER_START_OP("write", fd, fpath, len); ++#endif + ret = write(fd, data, len); ++#ifdef DTRACE_SFTP ++ SFTP_TRANSFER_DONE_OP("write", fd, fpath, ret); ++#endif ++ + if (ret < 0) { + error("process_write: write failed"); + status = errno_to_portable(errno);