From c998bf0afa1a01257a53793eba57941182e9e0b7 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 3 Feb 2017 02:56:00 +0000 Subject: upstream commit Make ssh_packet_set_rekey_limits take u32 for the number of seconds until rekeying (negative values are rejected at config parse time). This allows the removal of some casts and a signed vs unsigned comparison warning. rekey_time is cast to int64 for the comparison which is a no-op on OpenBSD, but should also do the right thing in -portable on anything still using 32bit time_t (until the system time actually wraps, anyway). some early guidance deraadt@, ok djm@ Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c --- packet.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'packet.h') diff --git a/packet.h b/packet.h index bfe7da615..c33dd17df 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.75 2017/02/03 02:56:00 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -154,7 +154,7 @@ int ssh_remote_port(struct ssh *); const char *ssh_local_ipaddr(struct ssh *); int ssh_local_port(struct ssh *); -void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); +void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t); time_t ssh_packet_get_rekey_timeout(struct ssh *); void *ssh_packet_get_input(struct ssh *); -- cgit v1.2.3 From 07edd7e9537ab32aa52abb5fb2a915c350fcf441 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 3 Feb 2017 23:03:33 +0000 Subject: upstream commit add ssh_packet_set_log_preamble() to allow inclusion of a preamble string in disconnect messages; ok markus@ Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead --- packet.c | 62 +++++++++++++++++++++++++++++++++++++++++++++----------------- packet.h | 7 ++++++- 2 files changed, 51 insertions(+), 18 deletions(-) (limited to 'packet.h') diff --git a/packet.c b/packet.c index 6b9d3525b..94e8460ca 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.244 2017/02/03 02:56:00 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.245 2017/02/03 23:03:33 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -352,6 +352,25 @@ ssh_packet_get_mux(struct ssh *ssh) return ssh->state->mux; } +int +ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...) +{ + va_list args; + int r; + + free(ssh->log_preamble); + if (fmt == NULL) + ssh->log_preamble = NULL; + else { + va_start(args, fmt); + r = vasprintf(&ssh->log_preamble, fmt, args); + va_end(args); + if (r < 0 || ssh->log_preamble == NULL) + return SSH_ERR_ALLOC_FAIL; + } + return 0; +} + int ssh_packet_stop_discard(struct ssh *ssh) { @@ -2074,27 +2093,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) fatal("%s: %s", __func__, ssh_err(r)); } +static void +fmt_connection_id(struct ssh *ssh, char *s, size_t l) +{ + snprintf(s, l, "%.200s%s%s port %d", + ssh->log_preamble ? ssh->log_preamble : "", + ssh->log_preamble ? " " : "", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); +} + /* * Pretty-print connection-terminating errors and exit. */ void sshpkt_fatal(struct ssh *ssh, const char *tag, int r) { + char remote_id[512]; + + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + switch (r) { case SSH_ERR_CONN_CLOSED: - logdie("Connection closed by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection closed by %s", remote_id); case SSH_ERR_CONN_TIMEOUT: - logdie("Connection %s %.200s port %d timed out", - ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection %s %s timed out", + ssh->state->server_side ? "from" : "to", remote_id); case SSH_ERR_DISCONNECTED: - logdie("Disconnected from %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Disconnected from %s", remote_id); case SSH_ERR_SYSTEM_ERROR: if (errno == ECONNRESET) - logdie("Connection reset by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection reset by %s", remote_id); /* FALLTHROUGH */ case SSH_ERR_NO_CIPHER_ALG_MATCH: case SSH_ERR_NO_MAC_ALG_MATCH: @@ -2102,17 +2130,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) case SSH_ERR_NO_KEX_ALG_MATCH: case SSH_ERR_NO_HOSTKEY_ALG_MATCH: if (ssh && ssh->kex && ssh->kex->failed_choice) { - logdie("Unable to negotiate with %.200s port %d: %s. " - "Their offer: %s", ssh_remote_ipaddr(ssh), - ssh_remote_port(ssh), ssh_err(r), + logdie("Unable to negotiate with %s: %s. " + "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice); } /* FALLTHROUGH */ default: - logdie("%s%sConnection %s %.200s port %d: %s", + logdie("%s%sConnection %s %s: %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); + remote_id, ssh_err(r)); } } @@ -2125,7 +2152,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) void ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) { - char buf[1024]; + char buf[1024], remote_id[512]; va_list args; static int disconnecting = 0; int r; @@ -2138,12 +2165,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) * Format the message. Note that the caller must make sure the * message is of limited size. */ + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); /* Display the error locally */ - logit("Disconnecting: %.100s", buf); + logit("Disconnecting %s: %.100s", remote_id, buf); /* * Send the disconnect message to the other side, and wait diff --git a/packet.h b/packet.h index c33dd17df..0d25b352c 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.75 2017/02/03 02:56:00 dtucker Exp $ */ +/* $OpenBSD: packet.h,v 1.76 2017/02/03 23:03:33 djm Exp $ */ /* * Author: Tatu Ylonen @@ -62,6 +62,9 @@ struct ssh { char *local_ipaddr; int local_port; + /* Optional preamble for log messages (e.g. username) */ + char *log_preamble; + /* Dispatcher table */ dispatch_fn *dispatch[DISPATCH_MAX]; /* number of packets to ignore in the dispatcher */ @@ -104,6 +107,8 @@ void ssh_packet_set_server(struct ssh *); void ssh_packet_set_authenticated(struct ssh *); void ssh_packet_set_mux(struct ssh *); int ssh_packet_get_mux(struct ssh *); +int ssh_packet_set_log_preamble(struct ssh *, const char *, ...) + __attribute__((format(printf, 2, 3))); int ssh_packet_log_type(u_char); -- cgit v1.2.3