diff options
author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
tree | 89400a44e42d84937deba7864e4964d6c7734da5 /log.c | |
parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'log.c')
-rw-r--r-- | log.c | 35 |
1 files changed, 32 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */ | 1 | /* $OpenBSD: log.c,v 1.42 2011/06/17 21:44:30 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -56,6 +56,8 @@ static LogLevel log_level = SYSLOG_LEVEL_INFO; | |||
56 | static int log_on_stderr = 1; | 56 | static int log_on_stderr = 1; |
57 | static int log_facility = LOG_AUTH; | 57 | static int log_facility = LOG_AUTH; |
58 | static char *argv0; | 58 | static char *argv0; |
59 | static log_handler_fn *log_handler; | ||
60 | static void *log_handler_ctx; | ||
59 | 61 | ||
60 | extern char *__progname; | 62 | extern char *__progname; |
61 | 63 | ||
@@ -261,6 +263,9 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) | |||
261 | exit(1); | 263 | exit(1); |
262 | } | 264 | } |
263 | 265 | ||
266 | log_handler = NULL; | ||
267 | log_handler_ctx = NULL; | ||
268 | |||
264 | log_on_stderr = on_stderr; | 269 | log_on_stderr = on_stderr; |
265 | if (on_stderr) | 270 | if (on_stderr) |
266 | return; | 271 | return; |
@@ -328,6 +333,23 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) | |||
328 | #define MSGBUFSIZ 1024 | 333 | #define MSGBUFSIZ 1024 |
329 | 334 | ||
330 | void | 335 | void |
336 | set_log_handler(log_handler_fn *handler, void *ctx) | ||
337 | { | ||
338 | log_handler = handler; | ||
339 | log_handler_ctx = ctx; | ||
340 | } | ||
341 | |||
342 | void | ||
343 | do_log2(LogLevel level, const char *fmt,...) | ||
344 | { | ||
345 | va_list args; | ||
346 | |||
347 | va_start(args, fmt); | ||
348 | do_log(level, fmt, args); | ||
349 | va_end(args); | ||
350 | } | ||
351 | |||
352 | void | ||
331 | do_log(LogLevel level, const char *fmt, va_list args) | 353 | do_log(LogLevel level, const char *fmt, va_list args) |
332 | { | 354 | { |
333 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) | 355 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) |
@@ -338,6 +360,7 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
338 | char *txt = NULL; | 360 | char *txt = NULL; |
339 | int pri = LOG_INFO; | 361 | int pri = LOG_INFO; |
340 | int saved_errno = errno; | 362 | int saved_errno = errno; |
363 | log_handler_fn *tmp_handler; | ||
341 | 364 | ||
342 | if (level > log_level) | 365 | if (level > log_level) |
343 | return; | 366 | return; |
@@ -376,7 +399,7 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
376 | pri = LOG_ERR; | 399 | pri = LOG_ERR; |
377 | break; | 400 | break; |
378 | } | 401 | } |
379 | if (txt != NULL) { | 402 | if (txt != NULL && log_handler == NULL) { |
380 | snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); | 403 | snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); |
381 | vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); | 404 | vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); |
382 | } else { | 405 | } else { |
@@ -384,7 +407,13 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
384 | } | 407 | } |
385 | strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), | 408 | strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), |
386 | log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); | 409 | log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); |
387 | if (log_on_stderr) { | 410 | if (log_handler != NULL) { |
411 | /* Avoid recursion */ | ||
412 | tmp_handler = log_handler; | ||
413 | log_handler = NULL; | ||
414 | tmp_handler(level, fmtbuf, log_handler_ctx); | ||
415 | log_handler = tmp_handler; | ||
416 | } else if (log_on_stderr) { | ||
388 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); | 417 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); |
389 | write(STDERR_FILENO, msgbuf, strlen(msgbuf)); | 418 | write(STDERR_FILENO, msgbuf, strlen(msgbuf)); |
390 | } else { | 419 | } else { |