diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 1999-11-10 23:36:46 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 1999-11-10 23:36:46 +0000 |
| commit | 6724e1f9517ea95d84a6862483500a5d78eefe4a (patch) | |
| tree | c5486ce6497c9dd849c88bd654953e48077fb635 /usr.bin/ssh | |
| parent | 868a5e6c52f689aedf8507fad39c4897127f0505 (diff) | |
add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
obsoletes QuietMode and FascistLogging in sshd.
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/lib/Makefile | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/log-client.c | 137 | ||||
| -rw-r--r-- | usr.bin/ssh/log-server.c | 184 | ||||
| -rw-r--r-- | usr.bin/ssh/log.c | 135 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.c | 48 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 62 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 16 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.h | 112 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 24 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 33 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config | 7 |
15 files changed, 425 insertions, 360 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index b258d83460b..590179a7ab4 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -15,16 +15,17 @@ The main loop for the interactive session (client side). */ #include "includes.h" -RCSID("$Id: clientloop.c,v 1.7 1999/10/16 20:57:52 deraadt Exp $"); +RCSID("$Id: clientloop.c,v 1.8 1999/11/10 23:36:43 markus Exp $"); #include "xmalloc.h" #include "ssh.h" #include "packet.h" #include "buffer.h" #include "authfd.h" +#include "readconf.h" /* Flag indicating whether quiet mode is on. */ -extern int quiet_flag; +extern Options options; /* Flag indicating that stdin should be redirected from /dev/null. */ extern int stdin_null_flag; @@ -866,7 +867,7 @@ int client_loop(int have_pty, int escape_char_arg) /* In interactive mode (with pseudo tty) display a message indicating that the connection has been closed. */ - if (have_pty && !quiet_flag) + if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) { snprintf(buf, sizeof buf, "Connection to %.64s closed.\r\n", host); buffer_append(&stderr_buffer, buf, strlen(buf)); diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile index 4a6fadc0af0..21b2bbacf12 100644 --- a/usr.bin/ssh/lib/Makefile +++ b/usr.bin/ssh/lib/Makefile @@ -3,8 +3,8 @@ LIB= ssh SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ cipher.c compat.c compress.c crc32.c deattack.c hostfile.c \ - match.c mpaux.c nchan.c packet.c readpass.c rsa.c tildexpand.c \ - ttymodes.c uidswap.c xmalloc.c + log.c match.c mpaux.c nchan.c packet.c readpass.c rsa.c \ + tildexpand.c ttymodes.c uidswap.c xmalloc.c NOPROFILE= yes NOPIC= yes diff --git a/usr.bin/ssh/log-client.c b/usr.bin/ssh/log-client.c index e569d1e70f8..92b47649a38 100644 --- a/usr.bin/ssh/log-client.c +++ b/usr.bin/ssh/log-client.c @@ -10,129 +10,54 @@ Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland Created: Mon Mar 20 21:13:40 1995 ylo Client-side versions of debug(), log(), etc. These print to stderr. +This is a stripped down version of log-server.c. */ #include "includes.h" -RCSID("$Id: log-client.c,v 1.2 1999/10/16 20:54:54 markus Exp $"); +RCSID("$Id: log-client.c,v 1.3 1999/11/10 23:36:44 markus Exp $"); #include "xmalloc.h" #include "ssh.h" -static int log_debug = 0; -static int log_quiet = 0; +static LogLevel log_level = SYSLOG_LEVEL_INFO; -void log_init(char *av0, int on_stderr, int debug, int quiet, - SyslogFacility facility) -{ - log_debug = debug; - log_quiet = quiet; -} - -void log(const char *fmt, ...) -{ - va_list args; - - if (log_quiet) - return; - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fprintf(stderr, "\r\n"); - va_end(args); -} - -void debug(const char *fmt, ...) -{ - va_list args; - if (log_quiet || !log_debug) - return; - va_start(args, fmt); - fprintf(stderr, "debug: "); - vfprintf(stderr, fmt, args); - fprintf(stderr, "\r\n"); - va_end(args); -} - -void error(const char *fmt, ...) -{ - va_list args; - if (log_quiet) - return; - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fprintf(stderr, "\r\n"); - va_end(args); -} - -struct fatal_cleanup -{ - struct fatal_cleanup *next; - void (*proc)(void *); - void *context; -}; - -static struct fatal_cleanup *fatal_cleanups = NULL; - -/* Registers a cleanup function to be called by fatal() before exiting. */ - -void fatal_add_cleanup(void (*proc)(void *), void *context) -{ - struct fatal_cleanup *cu; +/* Initialize the log. + av0 program name (should be argv[0]) + level logging level + */ - cu = xmalloc(sizeof(*cu)); - cu->proc = proc; - cu->context = context; - cu->next = fatal_cleanups; - fatal_cleanups = cu; -} - -/* Removes a cleanup frunction to be called at fatal(). */ - -void fatal_remove_cleanup(void (*proc)(void *context), void *context) +void +log_init(char *av0, LogLevel level, SyslogFacility ignored1, int ignored2) { - struct fatal_cleanup **cup, *cu; - - for (cup = &fatal_cleanups; *cup; cup = &cu->next) + switch (level) { - cu = *cup; - if (cu->proc == proc && cu->context == context) - { - *cup = cu->next; - xfree(cu); - return; - } + case SYSLOG_LEVEL_QUIET: + case SYSLOG_LEVEL_ERROR: + case SYSLOG_LEVEL_FATAL: + case SYSLOG_LEVEL_INFO: + case SYSLOG_LEVEL_CHAT: + case SYSLOG_LEVEL_DEBUG: + log_level = level; + break; + default: + /* unchanged */ + break; } - fatal("fatal_remove_cleanup: no such cleanup function: 0x%lx 0x%lx\n", - (unsigned long)proc, (unsigned long)context); } -/* Function to display an error message and exit. This is in this file because - this needs to restore terminal modes before exiting. See log-client.c - for other related functions. */ +#define MSGBUFSIZE 1024 -void fatal(const char *fmt, ...) +void +do_log(LogLevel level, const char *fmt, va_list args) { - va_list args; - struct fatal_cleanup *cu, *next_cu; - static int fatal_called = 0; - - if (!fatal_called) - { - fatal_called = 1; + char msgbuf[MSGBUFSIZE]; - /* Call cleanup functions. */ - for (cu = fatal_cleanups; cu; cu = next_cu) - { - next_cu = cu->next; - (*cu->proc)(cu->context); - } - } - - va_start(args, fmt); - vfprintf(stderr, fmt, args); + if (level > log_level) + return; + if (level == SYSLOG_LEVEL_DEBUG) + fprintf(stderr, "debug: "); + vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); + fprintf(stderr, "%s", msgbuf); fprintf(stderr, "\r\n"); - va_end(args); - exit(255); } - -/* fatal() is in ssh.c so that it can properly reset terminal modes. */ diff --git a/usr.bin/ssh/log-server.c b/usr.bin/ssh/log-server.c index 304099a85d5..aa5aeec12e1 100644 --- a/usr.bin/ssh/log-server.c +++ b/usr.bin/ssh/log-server.c @@ -15,29 +15,42 @@ to the system log. */ #include "includes.h" -RCSID("$Id: log-server.c,v 1.6 1999/11/10 22:24:01 markus Exp $"); +RCSID("$Id: log-server.c,v 1.7 1999/11/10 23:36:44 markus Exp $"); #include <syslog.h> #include "packet.h" #include "xmalloc.h" #include "ssh.h" -static int log_debug = 0; -static int log_quiet = 0; +static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 0; /* Initialize the log. av0 program name (should be argv[0]) on_stderr print also on stderr - debug send debugging messages to system log - quiet don\'t log anything + level logging level */ -void log_init(char *av0, int on_stderr, int debug, int quiet, - SyslogFacility facility) +void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { int log_facility; + switch (level) + { + case SYSLOG_LEVEL_QUIET: + case SYSLOG_LEVEL_ERROR: + case SYSLOG_LEVEL_FATAL: + case SYSLOG_LEVEL_INFO: + case SYSLOG_LEVEL_CHAT: + case SYSLOG_LEVEL_DEBUG: + log_level = level; + break; + default: + fprintf(stderr, "Unrecognized internal syslog level code %d\n", + (int)level); + exit(1); + } + switch (facility) { case SYSLOG_FACILITY_DAEMON: @@ -79,8 +92,6 @@ void log_init(char *av0, int on_stderr, int debug, int quiet, exit(1); } - log_debug = debug; - log_quiet = quiet; log_on_stderr = on_stderr; closelog(); /* Close any previous log. */ openlog(av0, LOG_PID, log_facility); @@ -88,128 +99,49 @@ void log_init(char *av0, int on_stderr, int debug, int quiet, #define MSGBUFSIZE 1024 -#define DECL_MSGBUF char msgbuf[MSGBUFSIZE] - -/* Log this message (information that usually should go to the log). */ - -void log(const char *fmt, ...) +void +do_log(LogLevel level, const char *fmt, va_list args) { - va_list args; - DECL_MSGBUF; - if (log_quiet) - return; - va_start(args, fmt); - vsnprintf(msgbuf, MSGBUFSIZE, fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "log: %s\n", msgbuf); - syslog(LOG_INFO, "log: %.500s", msgbuf); -} - -/* Debugging messages that should not be logged during normal operation. */ + char msgbuf[MSGBUFSIZE]; + char fmtbuf[MSGBUFSIZE]; + char *txt = NULL; + int pri = LOG_INFO; -void debug(const char *fmt, ...) -{ - va_list args; - DECL_MSGBUF; - if (!log_debug || log_quiet) + if (level > log_level) return; - va_start(args, fmt); - vsnprintf(msgbuf, MSGBUFSIZE, fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "debug: %s\n", msgbuf); - syslog(LOG_DEBUG, "debug: %.500s", msgbuf); -} - -/* Error messages that should be logged. */ - -void error(const char *fmt, ...) -{ - va_list args; - DECL_MSGBUF; - if (log_quiet) - return; - va_start(args, fmt); - vsnprintf(msgbuf, MSGBUFSIZE, fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "error: %s\n", msgbuf); - syslog(LOG_ERR, "error: %.500s", msgbuf); -} - -struct fatal_cleanup -{ - struct fatal_cleanup *next; - void (*proc)(void *); - void *context; -}; - -static struct fatal_cleanup *fatal_cleanups = NULL; - -/* Registers a cleanup function to be called by fatal() before exiting. */ - -void fatal_add_cleanup(void (*proc)(void *), void *context) -{ - struct fatal_cleanup *cu; - - cu = xmalloc(sizeof(*cu)); - cu->proc = proc; - cu->context = context; - cu->next = fatal_cleanups; - fatal_cleanups = cu; -} - -/* Removes a cleanup frunction to be called at fatal(). */ - -void fatal_remove_cleanup(void (*proc)(void *context), void *context) -{ - struct fatal_cleanup **cup, *cu; - - for (cup = &fatal_cleanups; *cup; cup = &cu->next) + switch (level) { - cu = *cup; - if (cu->proc == proc && cu->context == context) - { - *cup = cu->next; - xfree(cu); - return; - } + case SYSLOG_LEVEL_ERROR: + txt = "error"; + pri = LOG_ERR; + break; + case SYSLOG_LEVEL_FATAL: + txt = "fatal"; + pri = LOG_ERR; + break; + case SYSLOG_LEVEL_INFO: + pri = LOG_INFO; + break; + case SYSLOG_LEVEL_CHAT: + pri = LOG_INFO; + break; + case SYSLOG_LEVEL_DEBUG: + txt = "debug"; + pri = LOG_DEBUG; + break; + default: + txt = "internal error"; + pri = LOG_ERR; + break; } - fatal("fatal_remove_cleanup: no such cleanup function: 0x%lx 0x%lx\n", - (unsigned long)proc, (unsigned long)context); -} - -/* Fatal messages. This function never returns. */ -void fatal(const char *fmt, ...) -{ - va_list args; - struct fatal_cleanup *cu, *next_cu; - static int fatal_called = 0; - DECL_MSGBUF; - - if (!log_quiet) { - va_start(args, fmt); - vsnprintf(msgbuf, MSGBUFSIZE, fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", msgbuf); - syslog(LOG_ERR, "fatal: %.500s", msgbuf); + if (txt != NULL) { + snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); + vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); + }else{ + vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); } - - if (fatal_called) - exit(1); - fatal_called = 1; - - /* Call cleanup functions. */ - for (cu = fatal_cleanups; cu; cu = next_cu) - { - next_cu = cu->next; - debug("Calling cleanup 0x%lx(0x%lx)", - (unsigned long)cu->proc, (unsigned long)cu->context); - (*cu->proc)(cu->context); - } - - exit(1); + if (log_on_stderr) + fprintf(stderr, "%s\n", msgbuf); + syslog(pri, "%.500s", msgbuf); } diff --git a/usr.bin/ssh/log.c b/usr.bin/ssh/log.c new file mode 100644 index 00000000000..3e840ecb5c9 --- /dev/null +++ b/usr.bin/ssh/log.c @@ -0,0 +1,135 @@ +/* + +Shared versions of debug(), log(), etc. + +*/ + +#include "includes.h" +RCSID("$OpenBSD: log.c,v 1.1 1999/11/10 23:36:44 markus Exp $"); + +#include "ssh.h" +#include "xmalloc.h" + +/* Fatal messages. This function never returns. */ + +void +fatal(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + do_log(SYSLOG_LEVEL_FATAL, fmt, args); + va_end(args); + fatal_cleanup(); +} + +/* Error messages that should be logged. */ + +void +error(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + do_log(SYSLOG_LEVEL_ERROR, fmt, args); + va_end(args); +} + +/* Log this message (information that usually should go to the log). */ + +void +log(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + do_log(SYSLOG_LEVEL_INFO, fmt, args); + va_end(args); +} + +/* More detailed messages (information that does not need to go to the log). */ + +void +chat(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + do_log(SYSLOG_LEVEL_CHAT, fmt, args); + va_end(args); +} + +/* Debugging messages that should not be logged during normal operation. */ + +void +debug(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + do_log(SYSLOG_LEVEL_DEBUG, fmt, args); + va_end(args); +} + +/* Fatal cleanup */ + +struct fatal_cleanup +{ + struct fatal_cleanup *next; + void (*proc)(void *); + void *context; +}; + +static struct fatal_cleanup *fatal_cleanups = NULL; + +/* Registers a cleanup function to be called by fatal() before exiting. */ + +void +fatal_add_cleanup(void (*proc)(void *), void *context) +{ + struct fatal_cleanup *cu; + + cu = xmalloc(sizeof(*cu)); + cu->proc = proc; + cu->context = context; + cu->next = fatal_cleanups; + fatal_cleanups = cu; +} + +/* Removes a cleanup frunction to be called at fatal(). */ + +void +fatal_remove_cleanup(void (*proc)(void *context), void *context) +{ + struct fatal_cleanup **cup, *cu; + + for (cup = &fatal_cleanups; *cup; cup = &cu->next) + { + cu = *cup; + if (cu->proc == proc && cu->context == context) + { + *cup = cu->next; + xfree(cu); + return; + } + } + fatal("fatal_remove_cleanup: no such cleanup function: 0x%lx 0x%lx\n", + (unsigned long)proc, (unsigned long)context); +} + +/* Cleanup and exit */ +void +fatal_cleanup(void) +{ + struct fatal_cleanup *cu, *next_cu; + static int called = 0; + if (called) + exit(255); + called = 1; + + /* Call cleanup functions. */ + for (cu = fatal_cleanups; cu; cu = next_cu) + { + next_cu = cu->next; + debug("Calling cleanup 0x%lx(0x%lx)", + (unsigned long)cu->proc, (unsigned long)cu->context); + (*cu->proc)(cu->context); + } + + exit(255); +} diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 3035ac4fc07..54d7c41ee41 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -14,7 +14,7 @@ Functions for reading the configuration files. */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.12 1999/10/15 21:39:02 markus Exp $"); +RCSID("$Id: readconf.c,v 1.13 1999/11/10 23:36:44 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -101,7 +101,7 @@ typedef enum oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, - oUsePrivilegedPort + oUsePrivilegedPort, oLogLevel } OpCodes; /* Textual representations of the tokens. */ @@ -150,6 +150,24 @@ static struct { "keepalive", oKeepAlives }, { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "tisauthentication", oTISAuthentication }, + { "loglevel", oLogLevel }, + { NULL, 0 } +}; + +/* textual representation of log-levels */ + +static struct +{ + const char *name; + LogLevel level; +} log_levels[] = +{ + { "QUIET", SYSLOG_LEVEL_QUIET }, + { "FATAL", SYSLOG_LEVEL_FATAL }, + { "ERROR", SYSLOG_LEVEL_ERROR }, + { "INFO", SYSLOG_LEVEL_INFO }, + { "CHAT", SYSLOG_LEVEL_CHAT }, + { "DEBUG", SYSLOG_LEVEL_DEBUG }, { NULL, 0 } }; @@ -218,7 +236,7 @@ void process_config_line(Options *options, const char *host, int *activep) { char buf[256], *cp, *string, **charptr; - int opcode, *intptr, value, fwd_port, fwd_host_port; + int opcode, *intptr, value, fwd_port, fwd_host_port, i; /* Skip leading whitespace. */ cp = line + strspn(line, WHITESPACE); @@ -445,6 +463,27 @@ void process_config_line(Options *options, const char *host, if (*activep && *intptr == -1) *intptr = value; break; + + case oLogLevel: + cp = strtok(NULL, WHITESPACE); + if (!cp) + { + fprintf(stderr, "%s line %d: missing level name.\n", + filename, linenum); + exit(1); + } + for (i = 0; log_levels[i].name; i++) + if (strcasecmp(log_levels[i].name, cp) == 0) + break; + if (!log_levels[i].name) + { + fprintf(stderr, "%s line %d: unsupported log level %s\n", + filename, linenum, cp); + exit(1); + } + if (options->log_level == (LogLevel)(-1)) + options->log_level = log_levels[i].level; + break; case oRemoteForward: cp = strtok(NULL, WHITESPACE); @@ -607,6 +646,7 @@ void initialize_options(Options *options) options->user_hostfile = NULL; options->num_local_forwards = 0; options->num_remote_forwards = 0; + options->log_level = (LogLevel)-1; } /* Called after processing other sources of option data, this fills those @@ -677,6 +717,8 @@ void fill_default_options(Options *options) options->system_hostfile = SSH_SYSTEM_HOSTFILE; if (options->user_hostfile == NULL) options->user_hostfile = SSH_USER_HOSTFILE; + if (options->log_level == (LogLevel)-1) + options->log_level = SYSLOG_LEVEL_INFO; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index dceb0406800..62505311a26 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -13,7 +13,7 @@ Functions for reading the configuration file. */ -/* RCSID("$Id: readconf.h,v 1.7 1999/10/12 21:04:22 markus Exp $"); */ +/* RCSID("$Id: readconf.h,v 1.8 1999/11/10 23:36:44 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -54,6 +54,7 @@ typedef struct int compression; /* Compress packets in both directions. */ int compression_level; /* Compression level 1 (fast) to 9 (best). */ int keepalives; /* Set SO_KEEPALIVE. */ + LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ int connection_attempts; /* Max attempts (seconds) before giving up */ diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 914cff2612c..d7d6675bad6 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.19 1999/10/25 21:35:25 markus Exp $"); +RCSID("$Id: servconf.c,v 1.20 1999/11/10 23:36:44 markus Exp $"); #include "ssh.h" #include "servconf.h" @@ -31,8 +31,6 @@ void initialize_server_options(ServerOptions *options) options->key_regeneration_time = -1; options->permit_root_login = -1; options->ignore_rhosts = -1; - options->quiet_mode = -1; - options->fascist_logging = -1; options->print_motd = -1; options->check_mail = -1; options->x11_forwarding = -1; @@ -40,6 +38,7 @@ void initialize_server_options(ServerOptions *options) options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility)-1; + options->log_level = (LogLevel)-1; options->rhosts_authentication = -1; options->rhosts_rsa_authentication = -1; options->rsa_authentication = -1; @@ -89,12 +88,8 @@ void fill_default_server_options(ServerOptions *options) options->permit_root_login = 1; /* yes */ if (options->ignore_rhosts == -1) options->ignore_rhosts = 0; - if (options->quiet_mode == -1) - options->quiet_mode = 0; if (options->check_mail == -1) options->check_mail = 0; - if (options->fascist_logging == -1) - options->fascist_logging = 1; if (options->print_motd == -1) options->print_motd = 1; if (options->x11_forwarding == -1) @@ -107,6 +102,8 @@ void fill_default_server_options(ServerOptions *options) options->keepalives = 1; if (options->log_facility == (SyslogFacility)(-1)) options->log_facility = SYSLOG_FACILITY_AUTH; + if (options->log_level == (LogLevel)(-1)) + options->log_level = SYSLOG_LEVEL_INFO; if (options->rhosts_authentication == -1) options->rhosts_authentication = 0; if (options->rhosts_rsa_authentication == -1) @@ -145,7 +142,7 @@ void fill_default_server_options(ServerOptions *options) typedef enum { sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, + sPermitRootLogin, sLogFacility, sLogLevel, sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, #ifdef KRB4 sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, @@ -176,9 +173,8 @@ static struct { "logingracetime", sLoginGraceTime }, { "keyregenerationinterval", sKeyRegenerationTime }, { "permitrootlogin", sPermitRootLogin }, - { "quietmode", sQuietMode }, - { "fascistlogging", sFascistLogging }, { "syslogfacility", sLogFacility }, + { "loglevel", sLogLevel }, { "rhostsauthentication", sRhostsAuthentication }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "rsaauthentication", sRSAAuthentication }, @@ -233,6 +229,21 @@ static struct { NULL, 0 } }; +static struct +{ + const char *name; + LogLevel level; +} log_levels[] = +{ + { "QUIET", SYSLOG_LEVEL_QUIET }, + { "FATAL", SYSLOG_LEVEL_FATAL }, + { "ERROR", SYSLOG_LEVEL_ERROR }, + { "INFO", SYSLOG_LEVEL_INFO }, + { "CHAT", SYSLOG_LEVEL_CHAT }, + { "DEBUG", SYSLOG_LEVEL_DEBUG }, + { NULL, 0 } +}; + /* Returns the number of the token pointed to by cp of length len. Never returns if the token is not known. */ @@ -392,14 +403,6 @@ void read_server_config(ServerOptions *options, const char *filename) *intptr = value; break; - case sQuietMode: - intptr = &options->quiet_mode; - goto parse_flag; - - case sFascistLogging: - intptr = &options->fascist_logging; - goto parse_flag; - case sRhostsAuthentication: intptr = &options->rhosts_authentication; goto parse_flag; @@ -487,7 +490,7 @@ void read_server_config(ServerOptions *options, const char *filename) exit(1); } for (i = 0; log_facilities[i].name; i++) - if (strcmp(log_facilities[i].name, cp) == 0) + if (strcasecmp(log_facilities[i].name, cp) == 0) break; if (!log_facilities[i].name) { @@ -498,6 +501,27 @@ void read_server_config(ServerOptions *options, const char *filename) if (options->log_facility == (SyslogFacility)(-1)) options->log_facility = log_facilities[i].facility; break; + + case sLogLevel: + cp = strtok(NULL, WHITESPACE); + if (!cp) + { + fprintf(stderr, "%s line %d: missing level name.\n", + filename, linenum); + exit(1); + } + for (i = 0; log_levels[i].name; i++) + if (strcasecmp(log_levels[i].name, cp) == 0) + break; + if (!log_levels[i].name) + { + fprintf(stderr, "%s line %d: unsupported log level %s\n", + filename, linenum, cp); + exit(1); + } + if (options->log_level == (LogLevel)(-1)) + options->log_level = log_levels[i].level; + break; case sAllowUsers: while ((cp = strtok(NULL, WHITESPACE))) diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 3c644b3f823..8a1b429dbf9 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -13,7 +13,7 @@ Definitions for server configuration data and for the functions reading it. */ -/* RCSID("$Id: servconf.h,v 1.10 1999/10/17 20:48:07 dugsong Exp $"); */ +/* RCSID("$Id: servconf.h,v 1.11 1999/11/10 23:36:44 markus Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H @@ -33,8 +33,6 @@ typedef struct int key_regeneration_time; /* Server key lifetime (seconds). */ int permit_root_login; /* If true, permit root login. */ int ignore_rhosts; /* Ignore .rhosts and .shosts. */ - int quiet_mode; /* If true, don't log anything but fatals. */ - int fascist_logging; /* Perform very verbose logging. */ int print_motd; /* If true, print /etc/motd. */ int check_mail; /* If true, check for new mail. */ int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ @@ -42,6 +40,7 @@ typedef struct int strict_modes; /* If true, require string home dir modes. */ int keepalives; /* If true, set SO_KEEPALIVE. */ SyslogFacility log_facility; /* Facility for system logging. */ + LogLevel log_level; /* Level for system logging. */ int rhosts_authentication; /* If true, permit rhosts authentication. */ int rhosts_rsa_authentication;/* If true, permit rhosts RSA authentication.*/ int rsa_authentication; /* If true, permit RSA authentication. */ diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index f176fdbcef0..e7a48cc1660 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.23 1999/11/09 23:09:58 markus Exp $ +.\" $Id: ssh.1,v 1.24 1999/11/10 23:36:44 markus Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -602,6 +602,12 @@ this keyword must be .Dq yes or .Dq no . +.It Cm LogLevel +Gives the verbosity level that is used when logging messages from +.Nm ssh . +The possible values are: +QUIET, FATAL, ERROR, INFO, CHAT and DEBUG. +The default is INFO. .It Cm NumberOfPasswordPrompts Specifies the number of password prompts before giving up. The argument to this keyword must be an integer. Default is 3. diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index d0f3ed8e8eb..8cd6b7e3ab2 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.26 1999/10/28 21:29:26 markus Exp $"); +RCSID("$Id: ssh.c,v 1.27 1999/11/10 23:36:44 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -32,9 +32,6 @@ RCSID("$Id: ssh.c,v 1.26 1999/10/28 21:29:26 markus Exp $"); command line. */ int debug_flag = 0; -/* Flag indicating whether quiet mode is on. */ -int quiet_flag = 0; - /* Flag indicating whether to allocate a pseudo tty. This can be set on the command line, and is automatically set if no command is given on the command line. */ @@ -306,16 +303,17 @@ main(int ac, char **av) case 'v': case 'V': - debug_flag = 1; fprintf(stderr, "SSH Version %s, protocol version %d.%d.\n", SSH_VERSION, PROTOCOL_MAJOR, PROTOCOL_MINOR); fprintf(stderr, "Compiled with SSL.\n"); if (opt == 'V') exit(0); + debug_flag = 1; + options.log_level = SYSLOG_LEVEL_DEBUG; break; case 'q': - quiet_flag = 1; + options.log_level = SYSLOG_LEVEL_QUIET; break; case 'e': @@ -466,7 +464,7 @@ main(int ac, char **av) /* Initialize "log" output. Since we are the client all output actually goes to the terminal. */ - log_init(av[0], 1, debug_flag, quiet_flag, SYSLOG_FACILITY_USER); + log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); /* Read per-user configuration file. */ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE); @@ -477,6 +475,10 @@ main(int ac, char **av) /* Fill configuration defaults. */ fill_default_options(&options); + + /* reinit */ + log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + if (options.user == NULL) options.user = xstrdup(pw->pw_name); diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index abf3303fad6..13fd5759f93 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -13,7 +13,7 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.17 1999/11/10 22:24:01 markus Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.18 1999/11/10 23:36:44 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -205,9 +205,58 @@ only by root, whereas ssh_config should be world-readable. */ #define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ -/* Includes that need definitions above. */ +/*------------ Definitions for logging. -----------------------*/ + +/* Supported syslog facilities and levels. */ +typedef enum +{ + SYSLOG_FACILITY_DAEMON, + SYSLOG_FACILITY_USER, + SYSLOG_FACILITY_AUTH, + SYSLOG_FACILITY_LOCAL0, + SYSLOG_FACILITY_LOCAL1, + SYSLOG_FACILITY_LOCAL2, + SYSLOG_FACILITY_LOCAL3, + SYSLOG_FACILITY_LOCAL4, + SYSLOG_FACILITY_LOCAL5, + SYSLOG_FACILITY_LOCAL6, + SYSLOG_FACILITY_LOCAL7 +} SyslogFacility; + +typedef enum +{ + SYSLOG_LEVEL_QUIET, + SYSLOG_LEVEL_FATAL, + SYSLOG_LEVEL_ERROR, + SYSLOG_LEVEL_INFO, + SYSLOG_LEVEL_CHAT, + SYSLOG_LEVEL_DEBUG +} LogLevel; + +/* Initializes logging. */ +void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr); + +/* Logging implementation, depending on server or client */ +void do_log(LogLevel level, const char *fmt, va_list args); + +/* Output a message to syslog or stderr */ +void fatal(const char *fmt, ...); +void error(const char *fmt, ...); +void log(const char *fmt, ...); +void chat(const char *fmt, ...); +void debug(const char *fmt, ...); + +/* same as fatal() but w/o logging */ +void fatal_cleanup(void); + +/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting. + It is permissible to call fatal_remove_cleanup for the function itself + from the function. */ +void fatal_add_cleanup(void (*proc)(void *context), void *context); + +/* Removes a cleanup function to be called at fatal(). */ +void fatal_remove_cleanup(void (*proc)(void *context), void *context); -#include "readconf.h" /*------------ definitions for login.c -------------*/ @@ -247,6 +296,10 @@ int ssh_connect(const char *host, struct sockaddr_in *hostaddr, If login fails, this function prints an error and never returns. This initializes the random state, and leaves it initialized (it will also have references from the packet module). */ + +/* for Options */ +#include "readconf.h" + void ssh_login(int host_key_valid, RSA *host_key, const char *host, struct sockaddr_in *hostaddr, Options *options, uid_t original_real_uid); @@ -352,59 +405,6 @@ int load_public_key(const char *filename, RSA *pub, int load_private_key(const char *filename, const char *passphrase, RSA *private_key, char **comment_return); -/*------------ Definitions for logging. -----------------------*/ - -/* Supported syslog facilities. */ -typedef enum -{ - SYSLOG_FACILITY_DAEMON, - SYSLOG_FACILITY_USER, - SYSLOG_FACILITY_AUTH, - SYSLOG_FACILITY_LOCAL0, - SYSLOG_FACILITY_LOCAL1, - SYSLOG_FACILITY_LOCAL2, - SYSLOG_FACILITY_LOCAL3, - SYSLOG_FACILITY_LOCAL4, - SYSLOG_FACILITY_LOCAL5, - SYSLOG_FACILITY_LOCAL6, - SYSLOG_FACILITY_LOCAL7 -} SyslogFacility; - -/* Initializes logging. If debug is non-zero, debug() will output something. - If quiet is non-zero, none of these will log send anything to syslog - (but maybe to stderr). */ -void log_init(char *av0, int on_stderr, int debug, int quiet, - SyslogFacility facility); - -/* Outputs a message to syslog or stderr, depending on the implementation. - The format must guarantee that the final message does not exceed 1024 - characters. The message should not contain newline. */ -void log(const char *fmt, ...); - -/* Outputs a message to syslog or stderr, depending on the implementation. - The format must guarantee that the final message does not exceed 1024 - characters. The message should not contain newline. */ -void debug(const char *fmt, ...); - -/* Outputs a message to syslog or stderr, depending on the implementation. - The format must guarantee that the final message does not exceed 1024 - characters. The message should not contain newline. */ -void error(const char *fmt, ...); - -/* Outputs a message to syslog or stderr, depending on the implementation. - The format must guarantee that the final message does not exceed 1024 - characters. The message should not contain newline. - This call never returns. */ -void fatal(const char *fmt, ...); - -/* Registers a cleanup function to be called by fatal() before exiting. - It is permissible to call fatal_remove_cleanup for the function itself - from the function. */ -void fatal_add_cleanup(void (*proc)(void *context), void *context); - -/* Removes a cleanup function to be called at fatal(). */ -void fatal_remove_cleanup(void (*proc)(void *context), void *context); - /*---------------- definitions for channels ------------------*/ /* Sets specific protocol options. */ diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 5ef713cc993..2cad5256b58 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.22 1999/11/09 23:09:58 markus Exp $ +.\" $Id: sshd.8,v 1.23 1999/11/10 23:36:45 markus Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -231,15 +231,6 @@ can be used as wildcards in the patterns. Only user names are valid, a numerical user id isn't recognized. By default login is allowed regardless of the user name. -.Pp -.It Cm FascistLogging -Specifies whether to use verbose logging. Verbose logging violates -the privacy of users and is not recommended. The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . .It Cm HostKey Specifies the file containing the private host key (default .Pa /etc/ssh_host_key ) . @@ -312,6 +303,14 @@ The default is to listen to all local addresses. The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. The default is 600 (seconds). +.It Cm LogLevel +Gives the verbosity level that is used when logging messages from +.Nm sshd . +The possible values are: +QUIET, FATAL, ERROR, INFO, CHAT and DEBUG. +The default is INFO. +Logging with level DEBUG violates the privacy of users +and is not recommended. .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is @@ -355,11 +354,6 @@ printed by the shell, .Pa /etc/profile , or equivalent.) The default is .Dq yes . -.It Cm QuietMode -Specifies whether the system runs in quiet mode. In quiet mode, -nothing is logged in the system log, except fatal errors. The default -is -.Dq no . .It Cm RandomSeed Obsolete. Random number generation uses other techniques. .It Cm RhostsAuthentication diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 00cadebc4d7..03d078982f5 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.46 1999/11/10 22:24:01 markus Exp $"); +RCSID("$Id: sshd.c,v 1.47 1999/11/10 23:36:45 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -61,6 +61,9 @@ int debug_flag = 0; /* Flag indicating that the daemon is being started from inetd. */ int inetd_flag = 0; +/* debug goes to stderr unless inetd_flag is set */ +int log_stderr = 0; + /* argv[0] without path. */ char *av0; @@ -254,6 +257,7 @@ main(int ac, char **av) break; case 'd': debug_flag = 1; + options.log_level = SYSLOG_LEVEL_DEBUG; break; case 'i': inetd_flag = 1; @@ -262,7 +266,7 @@ main(int ac, char **av) silentrsa = 1; break; case 'q': - options.quiet_mode = 1; + options.log_level = SYSLOG_LEVEL_QUIET; break; case 'b': options.server_key_bits = atoi(optarg); @@ -333,9 +337,11 @@ main(int ac, char **av) } /* Initialize the log (it is reinitialized below in case we forked). */ - log_init(av0, debug_flag && !inetd_flag, - debug_flag || options.fascist_logging, - options.quiet_mode, options.log_facility); + + if (debug_flag && !inetd_flag) + log_stderr = 1; + + log_init(av0, options.log_level, options.log_facility, log_stderr); debug("sshd version %.100s", SSH_VERSION); @@ -350,7 +356,8 @@ main(int ac, char **av) else { int err = errno; - log_init(av0, !inetd_flag, 1, 0, options.log_facility); + /* force logging */ + log_init(av0, SYSLOG_LEVEL_DEBUG, options.log_facility, log_stderr); error("Could not load host key: %.200s: %.100s", options.host_key_file, strerror(err)); } @@ -380,9 +387,7 @@ main(int ac, char **av) } /* Reinitialize the log (because of the fork above). */ - log_init(av0, debug_flag && !inetd_flag, - debug_flag || options.fascist_logging, - options.quiet_mode, options.log_facility); + log_init(av0, options.log_level, options.log_facility, log_stderr); /* Check that server and host key lengths differ sufficiently. This is necessary to make double encryption work with rsaref. Oh, I hate @@ -550,9 +555,7 @@ main(int ac, char **av) close(listen_sock); sock_in = newsock; sock_out = newsock; - log_init(av0, debug_flag && !inetd_flag, - options.fascist_logging || debug_flag, - options.quiet_mode, options.log_facility); + log_init(av0, options.log_level, options.log_facility, log_stderr); break; } } @@ -1691,8 +1694,7 @@ void do_exec_no_pty(const char *command, struct passwd *pw, if ((pid = fork()) == 0) { /* Child. Reinitialize the log since the pid has changed. */ - log_init(av0, debug_flag && !inetd_flag, debug_flag, - options.quiet_mode, options.log_facility); + log_init(av0, options.log_level, options.log_facility, log_stderr); /* Create a new session and process group since the 4.4BSD setlogin() affects the entire process group. */ @@ -1821,8 +1823,7 @@ void do_exec_pty(const char *command, int ptyfd, int ttyfd, pid = getpid(); /* Child. Reinitialize the log because the pid has changed. */ - log_init(av0, debug_flag && !inetd_flag, debug_flag, options.quiet_mode, - options.log_facility); + log_init(av0, options.log_level, options.log_facility, log_stderr); /* Close the master side of the pseudo tty. */ close(ptyfd); diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 55cf4375b28..3430c1c6e9b 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -11,13 +11,16 @@ PermitRootLogin yes # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes StrictModes yes -QuietMode no X11Forwarding no X11DisplayOffset 10 -FascistLogging no PrintMotd yes KeepAlive yes + +# Logging SyslogFacility AUTH +LogLevel INFO +#obsoletes QuietMode and FascistLogging + RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts |