diff options
| author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
| commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
| tree | 89400a44e42d84937deba7864e4964d6c7734da5 /log.c | |
| parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
| parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) | |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'log.c')
| -rw-r--r-- | log.c | 35 |
1 files changed, 32 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */ | 1 | /* $OpenBSD: log.c,v 1.42 2011/06/17 21:44:30 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -56,6 +56,8 @@ static LogLevel log_level = SYSLOG_LEVEL_INFO; | |||
| 56 | static int log_on_stderr = 1; | 56 | static int log_on_stderr = 1; |
| 57 | static int log_facility = LOG_AUTH; | 57 | static int log_facility = LOG_AUTH; |
| 58 | static char *argv0; | 58 | static char *argv0; |
| 59 | static log_handler_fn *log_handler; | ||
| 60 | static void *log_handler_ctx; | ||
| 59 | 61 | ||
| 60 | extern char *__progname; | 62 | extern char *__progname; |
| 61 | 63 | ||
| @@ -261,6 +263,9 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) | |||
| 261 | exit(1); | 263 | exit(1); |
| 262 | } | 264 | } |
| 263 | 265 | ||
| 266 | log_handler = NULL; | ||
| 267 | log_handler_ctx = NULL; | ||
| 268 | |||
| 264 | log_on_stderr = on_stderr; | 269 | log_on_stderr = on_stderr; |
| 265 | if (on_stderr) | 270 | if (on_stderr) |
| 266 | return; | 271 | return; |
| @@ -328,6 +333,23 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) | |||
| 328 | #define MSGBUFSIZ 1024 | 333 | #define MSGBUFSIZ 1024 |
| 329 | 334 | ||
| 330 | void | 335 | void |
| 336 | set_log_handler(log_handler_fn *handler, void *ctx) | ||
| 337 | { | ||
| 338 | log_handler = handler; | ||
| 339 | log_handler_ctx = ctx; | ||
| 340 | } | ||
| 341 | |||
| 342 | void | ||
| 343 | do_log2(LogLevel level, const char *fmt,...) | ||
| 344 | { | ||
| 345 | va_list args; | ||
| 346 | |||
| 347 | va_start(args, fmt); | ||
| 348 | do_log(level, fmt, args); | ||
| 349 | va_end(args); | ||
| 350 | } | ||
| 351 | |||
| 352 | void | ||
| 331 | do_log(LogLevel level, const char *fmt, va_list args) | 353 | do_log(LogLevel level, const char *fmt, va_list args) |
| 332 | { | 354 | { |
| 333 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) | 355 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) |
| @@ -338,6 +360,7 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
| 338 | char *txt = NULL; | 360 | char *txt = NULL; |
| 339 | int pri = LOG_INFO; | 361 | int pri = LOG_INFO; |
| 340 | int saved_errno = errno; | 362 | int saved_errno = errno; |
| 363 | log_handler_fn *tmp_handler; | ||
| 341 | 364 | ||
| 342 | if (level > log_level) | 365 | if (level > log_level) |
| 343 | return; | 366 | return; |
| @@ -376,7 +399,7 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
| 376 | pri = LOG_ERR; | 399 | pri = LOG_ERR; |
| 377 | break; | 400 | break; |
| 378 | } | 401 | } |
| 379 | if (txt != NULL) { | 402 | if (txt != NULL && log_handler == NULL) { |
| 380 | snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); | 403 | snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); |
| 381 | vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); | 404 | vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); |
| 382 | } else { | 405 | } else { |
| @@ -384,7 +407,13 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
| 384 | } | 407 | } |
| 385 | strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), | 408 | strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), |
| 386 | log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); | 409 | log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); |
| 387 | if (log_on_stderr) { | 410 | if (log_handler != NULL) { |
| 411 | /* Avoid recursion */ | ||
| 412 | tmp_handler = log_handler; | ||
| 413 | log_handler = NULL; | ||
| 414 | tmp_handler(level, fmtbuf, log_handler_ctx); | ||
| 415 | log_handler = tmp_handler; | ||
| 416 | } else if (log_on_stderr) { | ||
| 388 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); | 417 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); |
| 389 | write(STDERR_FILENO, msgbuf, strlen(msgbuf)); | 418 | write(STDERR_FILENO, msgbuf, strlen(msgbuf)); |
| 390 | } else { | 419 | } else { |