From 17de79085f30bfc5051536ca51a6153a9026860e Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tgauth@bu.edu>
Date: Mon, 11 Nov 2024 17:14:17 -0500
Subject: [PATCH 1/5] initial pass at including username from sftp

---
 monitor.c     | 5 ++++-
 sftp-server.c | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/monitor.c b/monitor.c
index 4726b62be41..f0da1673c5f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -469,6 +469,7 @@ monitor_read_log(struct monitor *pmonitor)
 
 #ifdef WINDOWS
 	char* pname;
+	char* user;
 	u_int sftp_log_level, sftp_log_facility, sftp_log_stderr;
 	extern int log_stderr;
 	if ((r = sshbuf_get_cstring(logmsg, &pname, NULL)) != 0)
@@ -479,6 +480,8 @@ monitor_read_log(struct monitor *pmonitor)
 			(r = sshbuf_get_u32(logmsg, &sftp_log_facility)) != 0 ||
 			(r = sshbuf_get_u32(logmsg, &sftp_log_stderr)) != 0)
 			fatal_fr(r, "parse");
+		if ((r = sshbuf_get_cstring(logmsg, &user, NULL)) != 0)
+			user = NULL;
 	}
 
 	/*log it*/
@@ -487,7 +490,7 @@ monitor_read_log(struct monitor *pmonitor)
 	else {
 		if (strcmp(pname, "sftp-server") == 0) {
 			log_init(pname, sftp_log_level, sftp_log_facility, sftp_log_stderr);
-			sshlogdirect(level, forced, "%s", msg);
+			sshlogdirect(level, forced, "user: %s: %s", user, msg);
 			log_init("sshd", options.log_level, options.log_facility, log_stderr);
 		} else  
 			sshlogdirect(level, forced, "%s", msg);
diff --git a/sftp-server.c b/sftp-server.c
index 845a274ce5a..0da160f7136 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1935,8 +1935,10 @@ log_handler(LogLevel level, int forced, const char* msg, void* ctx)
 		(r = sshbuf_put_cstring(log_msg, __progname)) != 0 ||
 		(r = sshbuf_put_u32(log_msg, log_level)) != 0 ||
 		(r = sshbuf_put_u32(log_msg, log_facility_g)) != 0 ||
-		(r = sshbuf_put_u32(log_msg, log_stderr_g)) != 0)
+		(r = sshbuf_put_u32(log_msg, log_stderr_g)) != 0 ||
+		(pw != NULL && (r = sshbuf_put_cstring(log_msg, pw->pw_name)) != 0))
 		fatal_fr(r, "assemble");
+
 	if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
 		fatal_f("bad length %zu", len);
 	POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);

From cd24a021cbfbee6a0335482a24ee3e71f02f0296 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tgauth@bu.edu>
Date: Tue, 12 Nov 2024 14:27:19 -0500
Subject: [PATCH 2/5] initialize user to unknown

---
 monitor.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/monitor.c b/monitor.c
index f0da1673c5f..3c4fb592a38 100644
--- a/monitor.c
+++ b/monitor.c
@@ -468,8 +468,7 @@ monitor_read_log(struct monitor *pmonitor)
 		fatal_f("invalid log level %u (corrupted message?)", level);
 
 #ifdef WINDOWS
-	char* pname;
-	char* user;
+	char* pname, * user = "(unknown user)";
 	u_int sftp_log_level, sftp_log_facility, sftp_log_stderr;
 	extern int log_stderr;
 	if ((r = sshbuf_get_cstring(logmsg, &pname, NULL)) != 0)
@@ -481,7 +480,7 @@ monitor_read_log(struct monitor *pmonitor)
 			(r = sshbuf_get_u32(logmsg, &sftp_log_stderr)) != 0)
 			fatal_fr(r, "parse");
 		if ((r = sshbuf_get_cstring(logmsg, &user, NULL)) != 0)
-			user = NULL;
+			user = "(unknown user)";
 	}
 
 	/*log it*/

From 4a52e8d842ea988d77149f61b3b331872922308d Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tgauth@bu.edu>
Date: Tue, 12 Nov 2024 15:20:10 -0500
Subject: [PATCH 3/5] update tests

---
 monitor.c                                      | 10 ++++------
 regress/pesterTests/FileBasedLogging.tests.ps1 |  4 ++--
 sftp-server.c                                  |  3 +--
 3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/monitor.c b/monitor.c
index 3c4fb592a38..1f45aef7679 100644
--- a/monitor.c
+++ b/monitor.c
@@ -468,7 +468,7 @@ monitor_read_log(struct monitor *pmonitor)
 		fatal_f("invalid log level %u (corrupted message?)", level);
 
 #ifdef WINDOWS
-	char* pname, * user = "(unknown user)";
+	char* pname;
 	u_int sftp_log_level, sftp_log_facility, sftp_log_stderr;
 	extern int log_stderr;
 	if ((r = sshbuf_get_cstring(logmsg, &pname, NULL)) != 0)
@@ -479,20 +479,18 @@ monitor_read_log(struct monitor *pmonitor)
 			(r = sshbuf_get_u32(logmsg, &sftp_log_facility)) != 0 ||
 			(r = sshbuf_get_u32(logmsg, &sftp_log_stderr)) != 0)
 			fatal_fr(r, "parse");
-		if ((r = sshbuf_get_cstring(logmsg, &user, NULL)) != 0)
-			user = "(unknown user)";
 	}
 
 	/*log it*/
 	if (authctxt->authenticated == 0) 
-		sshlogdirect(level, forced, "%s [preauth]", msg);
+		sshlogdirect(level, forced, "user: %s: %s [preauth]", authctxt->user, msg);
 	else {
 		if (strcmp(pname, "sftp-server") == 0) {
 			log_init(pname, sftp_log_level, sftp_log_facility, sftp_log_stderr);
-			sshlogdirect(level, forced, "user: %s: %s", user, msg);
+			sshlogdirect(level, forced, "user: %s: %s", authctxt->user, msg);
 			log_init("sshd", options.log_level, options.log_facility, log_stderr);
 		} else  
-			sshlogdirect(level, forced, "%s", msg);
+			sshlogdirect(level, forced, "user: %s: %s", authctxt->user, msg);
 	}
 #else
 	/*log it*/
diff --git a/regress/pesterTests/FileBasedLogging.tests.ps1 b/regress/pesterTests/FileBasedLogging.tests.ps1
index a78254a580e..cef159c68b3 100644
--- a/regress/pesterTests/FileBasedLogging.tests.ps1
+++ b/regress/pesterTests/FileBasedLogging.tests.ps1
@@ -202,7 +202,7 @@ exit"
             $sshdlog | Should Contain "KEX done \[preauth\]"
             $sshdlog | Should Contain "debug2: subsystem request for sftp by user $nonadminusername"
             $sftplog | Should Contain "session opened for local user $nonadminusername"
-            $sftplog | Should Contain "debug3: request 3: opendir"
+            $sftplog | Should Contain "debug3: user: $nonadminusername`: request 3: opendir"
             $sftplog | Should Contain "session closed for local user $nonadminusername"
         }
 
@@ -218,7 +218,7 @@ exit"
             $sshdlog | Should Contain "KEX done \[preauth\]"
             $sshdlog | Should Contain "debug2: subsystem request for sftp by user $adminusername"
             $sftplog | Should Contain "session opened for local user $adminusername"
-            $sftplog | Should Contain "debug3: request 3: opendir"
+            $sftplog | Should Contain "debug3: user: $nonadminusername`: request 3: opendir"
             $sftplog | Should Contain "session closed for local user $adminusername"
         }
     }
diff --git a/sftp-server.c b/sftp-server.c
index 0da160f7136..710ec5042eb 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1935,8 +1935,7 @@ log_handler(LogLevel level, int forced, const char* msg, void* ctx)
 		(r = sshbuf_put_cstring(log_msg, __progname)) != 0 ||
 		(r = sshbuf_put_u32(log_msg, log_level)) != 0 ||
 		(r = sshbuf_put_u32(log_msg, log_facility_g)) != 0 ||
-		(r = sshbuf_put_u32(log_msg, log_stderr_g)) != 0 ||
-		(pw != NULL && (r = sshbuf_put_cstring(log_msg, pw->pw_name)) != 0))
+		(r = sshbuf_put_u32(log_msg, log_stderr_g)) != 0)
 		fatal_fr(r, "assemble");
 
 	if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)

From ede47dff4540d112190d4650d209f62d76220157 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tgauth@bu.edu>
Date: Tue, 12 Nov 2024 15:22:13 -0500
Subject: [PATCH 4/5] fix spacing

---
 sftp-server.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sftp-server.c b/sftp-server.c
index 710ec5042eb..845a274ce5a 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1937,7 +1937,6 @@ log_handler(LogLevel level, int forced, const char* msg, void* ctx)
 		(r = sshbuf_put_u32(log_msg, log_facility_g)) != 0 ||
 		(r = sshbuf_put_u32(log_msg, log_stderr_g)) != 0)
 		fatal_fr(r, "assemble");
-
 	if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
 		fatal_f("bad length %zu", len);
 	POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);

From 2a58da7020f821da21d71243e56c33e3bc2cc4f9 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tgauth@bu.edu>
Date: Tue, 12 Nov 2024 16:01:03 -0500
Subject: [PATCH 5/5] fix test take 2

---
 regress/pesterTests/FileBasedLogging.tests.ps1 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/regress/pesterTests/FileBasedLogging.tests.ps1 b/regress/pesterTests/FileBasedLogging.tests.ps1
index cef159c68b3..5e4eb87b0d7 100644
--- a/regress/pesterTests/FileBasedLogging.tests.ps1
+++ b/regress/pesterTests/FileBasedLogging.tests.ps1
@@ -200,7 +200,7 @@ exit"
 
             $sshdlog | Should Contain "Accepted publickey for $nonadminusername"
             $sshdlog | Should Contain "KEX done \[preauth\]"
-            $sshdlog | Should Contain "debug2: subsystem request for sftp by user $nonadminusername"
+            $sshdlog | Should Contain "debug2: user: $nonadminusername`: subsystem request for sftp by user $nonadminusername"
             $sftplog | Should Contain "session opened for local user $nonadminusername"
             $sftplog | Should Contain "debug3: user: $nonadminusername`: request 3: opendir"
             $sftplog | Should Contain "session closed for local user $nonadminusername"
@@ -216,9 +216,9 @@ exit"
   
             $sshdlog | Should Contain "Accepted publickey for $adminusername"
             $sshdlog | Should Contain "KEX done \[preauth\]"
-            $sshdlog | Should Contain "debug2: subsystem request for sftp by user $adminusername"
+            $sshdlog | Should Contain "debug2: user: $adminusername`: subsystem request for sftp by user $adminusername"
             $sftplog | Should Contain "session opened for local user $adminusername"
-            $sftplog | Should Contain "debug3: user: $nonadminusername`: request 3: opendir"
+            $sftplog | Should Contain "debug3: user: $adminusername`: request 3: opendir"
             $sftplog | Should Contain "session closed for local user $adminusername"
         }
     }