From 9a2730806cdf2191cb8ea22c9090c2e20e3a25ba Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Sat, 11 Feb 2017 00:44:00 +0000 Subject: [PATCH] Log when -restrict-acl is in use. Partly to reassure the user that they got what they asked for, and partly so that's a clue for us in the logs when we get bug reports. This involved repurposing platform_psftp_post_option_setup() (no longer used since e22120fe) as platform_psftp_pre_conn_setup(), and moving it to after logging is set up. --- pscp.c | 4 ++-- psftp.c | 4 ++-- psftp.h | 7 +++---- unix/uxsftp.c | 2 +- windows/window.c | 4 ++++ windows/winplink.c | 4 ++++ windows/winsftp.c | 5 ++++- 7 files changed, 20 insertions(+), 10 deletions(-) diff --git a/pscp.c b/pscp.c index 5d8256df..126c2ad6 100644 --- a/pscp.c +++ b/pscp.c @@ -517,6 +517,8 @@ static void do_cmd(char *host, char *user, char *cmd) logctx = log_init(NULL, conf); console_provide_logctx(logctx); + platform_psftp_pre_conn_setup(); + err = back->init(NULL, &backhandle, conf, conf_get_str(conf, CONF_host), conf_get_int(conf, CONF_port), @@ -2357,8 +2359,6 @@ int psftp_main(int argc, char *argv[]) argv += i; back = NULL; - platform_psftp_post_option_setup(); - if (list) { if (argc != 1) usage(); diff --git a/psftp.c b/psftp.c index 83dec968..3b22741e 100644 --- a/psftp.c +++ b/psftp.c @@ -2840,6 +2840,8 @@ static int psftp_connect(char *userhost, char *user, int portnumber) logctx = log_init(NULL, conf); console_provide_logctx(logctx); + platform_psftp_pre_conn_setup(); + err = back->init(NULL, &backhandle, conf, conf_get_str(conf, CONF_host), conf_get_int(conf, CONF_port), @@ -2954,8 +2956,6 @@ int psftp_main(int argc, char *argv[]) argv += i; back = NULL; - platform_psftp_post_option_setup(); - /* * If the loaded session provides a hostname, and a hostname has not * otherwise been specified, pop it in `userhost' so that diff --git a/psftp.h b/psftp.h index 6f46bdcd..36965489 100644 --- a/psftp.h +++ b/psftp.h @@ -48,11 +48,10 @@ int ssh_sftp_loop_iteration(void); char *ssh_sftp_get_cmdline(const char *prompt, int backend_required); /* - * Platform-specific function called after the command line has been - * processed, so that any per-platform initialisation such as process - * ACL setup can be done. + * Platform-specific function called when we're about to make a + * network connection. */ -void platform_psftp_post_option_setup(void); +void platform_psftp_pre_conn_setup(void); /* * The main program in psftp.c. Called from main() in the platform- diff --git a/unix/uxsftp.c b/unix/uxsftp.c index a9fb9cb3..794cc9cb 100644 --- a/unix/uxsftp.c +++ b/unix/uxsftp.c @@ -620,7 +620,7 @@ char *ssh_sftp_get_cmdline(const char *prompt, int no_fds_ok) void frontend_net_error_pending(void) {} -void platform_psftp_post_option_setup(void) {} +void platform_psftp_pre_conn_setup(void) {} /* * Main program: do platform-specific initialisation and then call diff --git a/windows/window.c b/windows/window.c index 01487522..2fb12c80 100644 --- a/windows/window.c +++ b/windows/window.c @@ -840,6 +840,10 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show) } } + if (restricted_acl) { + logevent(NULL, "Running with restricted process ACL"); + } + start_backend(); /* diff --git a/windows/winplink.c b/windows/winplink.c index 0f86b41c..c54cc24c 100644 --- a/windows/winplink.c +++ b/windows/winplink.c @@ -633,6 +633,10 @@ int main(int argc, char **argv) return 1; } + if (restricted_acl) { + logevent(NULL, "Running with restricted process ACL"); + } + /* * Start up the connection. */ diff --git a/windows/winsftp.c b/windows/winsftp.c index c85c24aa..437ef439 100644 --- a/windows/winsftp.c +++ b/windows/winsftp.c @@ -747,8 +747,11 @@ char *ssh_sftp_get_cmdline(const char *prompt, int no_fds_ok) return ctx->line; } -void platform_psftp_post_option_setup(void) +void platform_psftp_pre_conn_setup(void) { + if (restricted_acl) { + logevent(NULL, "Running with restricted process ACL"); + } } /* ----------------------------------------------------------------------