upstream: LogVerbose keyword for ssh and sshd
Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@ OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
This commit is contained in:
parent
752250caab
commit
793b583d09
6
auth.c
6
auth.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth.c,v 1.147 2020/08/27 01:07:09 djm Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.148 2020/10/16 13:26:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -569,11 +569,15 @@ getpwnamallow(struct ssh *ssh, const char *user)
|
|||
#endif
|
||||
struct passwd *pw;
|
||||
struct connection_info *ci;
|
||||
u_int i;
|
||||
|
||||
ci = get_connection_info(ssh, 1, options.use_dns);
|
||||
ci->user = user;
|
||||
parse_server_match_config(&options, &includes, ci);
|
||||
log_change_level(options.log_level);
|
||||
log_verbose_reset();
|
||||
for (i = 0; i < options.num_log_verbose; i++)
|
||||
log_verbose_add(options.log_verbose[i]);
|
||||
process_permitopen(ssh, &options);
|
||||
|
||||
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: monitor_wrap.c,v 1.119 2020/10/16 13:24:45 djm Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.c,v 1.120 2020/10/16 13:26:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -332,6 +332,9 @@ out:
|
|||
|
||||
copy_set_server_options(&options, newopts, 1);
|
||||
log_change_level(options.log_level);
|
||||
log_verbose_reset();
|
||||
for (i = 0; i < options.num_log_verbose; i++)
|
||||
log_verbose_add(options.log_verbose[i]);
|
||||
process_permitopen(ssh, &options);
|
||||
free(newopts);
|
||||
|
||||
|
|
23
readconf.c
23
readconf.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: readconf.c,v 1.338 2020/10/07 02:18:45 djm Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.339 2020/10/16 13:26:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -152,7 +152,7 @@ typedef enum {
|
|||
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
|
||||
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
|
||||
oTCPKeepAlive, oNumberOfPasswordPrompts,
|
||||
oLogFacility, oLogLevel, oCiphers, oMacs,
|
||||
oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs,
|
||||
oPubkeyAuthentication,
|
||||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||
|
@ -263,6 +263,7 @@ static struct {
|
|||
{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
|
||||
{ "syslogfacility", oLogFacility },
|
||||
{ "loglevel", oLogLevel },
|
||||
{ "logverbose", oLogVerbose },
|
||||
{ "dynamicforward", oDynamicForward },
|
||||
{ "preferredauthentications", oPreferredAuthentications },
|
||||
{ "hostkeyalgorithms", oHostKeyAlgorithms },
|
||||
|
@ -901,7 +902,7 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
|
|||
int linenum, int *activep, int flags, int *want_final_pass, int depth)
|
||||
{
|
||||
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
|
||||
char **cpptr, fwdarg[256];
|
||||
char **cpptr, ***cppptr, fwdarg[256];
|
||||
u_int i, *uintptr, max_entries = 0;
|
||||
int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
|
||||
int remotefwd, dynamicfwd;
|
||||
|
@ -1349,6 +1350,18 @@ parse_keytypes:
|
|||
*log_facility_ptr = (SyslogFacility) value;
|
||||
break;
|
||||
|
||||
case oLogVerbose:
|
||||
cppptr = &options->log_verbose;
|
||||
uintptr = &options->num_log_verbose;
|
||||
if (*activep && *uintptr == 0) {
|
||||
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
||||
*cppptr = xrecallocarray(*cppptr, *uintptr,
|
||||
*uintptr + 1, sizeof(**cppptr));
|
||||
(*cppptr)[(*uintptr)++] = xstrdup(arg);
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
|
||||
case oLocalForward:
|
||||
case oRemoteForward:
|
||||
case oDynamicForward:
|
||||
|
@ -2004,6 +2017,8 @@ initialize_options(Options * options)
|
|||
options->num_remote_forwards = 0;
|
||||
options->log_facility = SYSLOG_FACILITY_NOT_SET;
|
||||
options->log_level = SYSLOG_LEVEL_NOT_SET;
|
||||
options->num_log_verbose = 0;
|
||||
options->log_verbose = NULL;
|
||||
options->preferred_authentications = NULL;
|
||||
options->bind_address = NULL;
|
||||
options->bind_interface = NULL;
|
||||
|
@ -2839,6 +2854,8 @@ dump_client_config(Options *o, const char *host)
|
|||
dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
|
||||
dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
|
||||
dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv);
|
||||
dump_cfg_strarray_oneline(oLogVerbose,
|
||||
o->num_log_verbose, o->log_verbose);
|
||||
|
||||
/* Special cases */
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: readconf.h,v 1.134 2020/08/11 09:49:57 djm Exp $ */
|
||||
/* $OpenBSD: readconf.h,v 1.135 2020/10/16 13:26:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -55,7 +55,8 @@ typedef struct {
|
|||
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
|
||||
SyslogFacility log_facility; /* Facility for system logging. */
|
||||
LogLevel log_level; /* Level for logging. */
|
||||
|
||||
u_int num_log_verbose; /* Verbose log overrides */
|
||||
char **log_verbose;
|
||||
int port; /* Port to connect. */
|
||||
int address_family;
|
||||
int connection_attempts; /* Max attempts (seconds) before
|
||||
|
|
19
servconf.c
19
servconf.c
|
@ -1,5 +1,5 @@
|
|||
|
||||
/* $OpenBSD: servconf.c,v 1.369 2020/08/28 03:15:52 dtucker Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.370 2020/10/16 13:26:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
@ -122,6 +122,8 @@ initialize_server_options(ServerOptions *options)
|
|||
options->tcp_keep_alive = -1;
|
||||
options->log_facility = SYSLOG_FACILITY_NOT_SET;
|
||||
options->log_level = SYSLOG_LEVEL_NOT_SET;
|
||||
options->num_log_verbose = 0;
|
||||
options->log_verbose = NULL;
|
||||
options->hostbased_authentication = -1;
|
||||
options->hostbased_uses_name_from_packet_only = -1;
|
||||
options->hostbased_key_types = NULL;
|
||||
|
@ -504,7 +506,7 @@ typedef enum {
|
|||
sUsePAM,
|
||||
/* Standard Options */
|
||||
sPort, sHostKeyFile, sLoginGraceTime,
|
||||
sPermitRootLogin, sLogFacility, sLogLevel,
|
||||
sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
|
||||
sRhostsRSAAuthentication, sRSAAuthentication,
|
||||
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
|
||||
sKerberosGetAFSToken, sChallengeResponseAuthentication,
|
||||
|
@ -569,6 +571,7 @@ static struct {
|
|||
{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
|
||||
{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
|
||||
{ "loglevel", sLogLevel, SSHCFG_ALL },
|
||||
{ "logverbose", sLogVerbose, SSHCFG_ALL },
|
||||
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
|
||||
{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
|
||||
{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
|
||||
|
@ -1717,6 +1720,16 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|||
*log_level_ptr = (LogLevel) value;
|
||||
break;
|
||||
|
||||
case sLogVerbose:
|
||||
while ((arg = strdelim(&cp)) && *arg != '\0') {
|
||||
if (!*activep)
|
||||
continue;
|
||||
array_append(filename, linenum, "oLogVerbose",
|
||||
&options->log_verbose, &options->num_log_verbose,
|
||||
arg);
|
||||
}
|
||||
break;
|
||||
|
||||
case sAllowTcpForwarding:
|
||||
intptr = &options->allow_tcp_forwarding;
|
||||
multistate_ptr = multistate_tcpfwd;
|
||||
|
@ -2884,6 +2897,8 @@ dump_config(ServerOptions *o)
|
|||
dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
|
||||
dump_cfg_strarray_oneline(sAuthenticationMethods,
|
||||
o->num_auth_methods, o->auth_methods);
|
||||
dump_cfg_strarray_oneline(sLogVerbose,
|
||||
o->num_log_verbose, o->log_verbose);
|
||||
|
||||
/* other arguments */
|
||||
for (i = 0; i < o->num_subsystems; i++)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: servconf.h,v 1.146 2020/08/27 01:07:10 djm Exp $ */
|
||||
/* $OpenBSD: servconf.h,v 1.147 2020/10/16 13:26:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -118,6 +118,8 @@ typedef struct {
|
|||
struct ForwardOptions fwd_opts; /* forwarding options */
|
||||
SyslogFacility log_facility; /* Facility for system logging. */
|
||||
LogLevel log_level; /* Level for system logging. */
|
||||
u_int num_log_verbose; /* Verbose log overrides */
|
||||
char **log_verbose;
|
||||
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
|
||||
int hostbased_uses_name_from_packet_only; /* experimental */
|
||||
char *hostbased_key_types; /* Key types allowed for hostbased */
|
||||
|
@ -280,6 +282,7 @@ TAILQ_HEAD(include_list, include_item);
|
|||
M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
|
||||
M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
|
||||
M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \
|
||||
M_CP_STRARRAYOPT(log_verbose, num_log_verbose); \
|
||||
} while (0)
|
||||
|
||||
struct connection_info *get_connection_info(struct ssh *, int, int);
|
||||
|
|
4
ssh.c
4
ssh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh.c,v 1.538 2020/10/12 08:36:36 kn Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.539 2020/10/16 13:26:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -1355,6 +1355,8 @@ main(int ac, char **av)
|
|||
|
||||
/* reinit */
|
||||
log_init(argv0, options.log_level, options.log_facility, !use_syslog);
|
||||
for (j = 0; j < options.num_log_verbose; j++)
|
||||
log_verbose_add(options.log_verbose[j]);
|
||||
|
||||
if (options.request_tty == REQUEST_TTY_YES ||
|
||||
options.request_tty == REQUEST_TTY_FORCE)
|
||||
|
|
21
ssh_config.5
21
ssh_config.5
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.336 2020/10/08 00:31:05 djm Exp $
|
||||
.Dd $Mdocdate: October 8 2020 $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.337 2020/10/16 13:26:13 djm Exp $
|
||||
.Dd $Mdocdate: October 16 2020 $
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -1183,6 +1183,23 @@ QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
|
|||
The default is INFO.
|
||||
DEBUG and DEBUG1 are equivalent.
|
||||
DEBUG2 and DEBUG3 each specify higher levels of verbose output.
|
||||
.It Cm LogVerbose
|
||||
Specify one or more overrides to LogLevel.
|
||||
An override consists of a pattern lists that matches the source file, function
|
||||
and line number to force detailed logging for.
|
||||
For example, an override pattern of:
|
||||
.Bd -literal -offset indent
|
||||
kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
|
||||
.Ed
|
||||
.Pp
|
||||
would enable detailed logging for line 1000 of
|
||||
.Pa kex.c,
|
||||
everything in the
|
||||
.Fn kex_exchange_identification
|
||||
function, and all code in the
|
||||
.Pa packet.c
|
||||
file.
|
||||
This option is intended for debugging and no overrides are enabled by default.
|
||||
.It Cm MACs
|
||||
Specifies the MAC (message authentication code) algorithms
|
||||
in order of preference.
|
||||
|
|
7
sshd.c
7
sshd.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshd.c,v 1.562 2020/10/03 09:22:26 djm Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.563 2020/10/16 13:26:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -2006,7 +2006,10 @@ main(int ac, char **av)
|
|||
/* Initialize the log (it is reinitialized below in case we forked). */
|
||||
if (debug_flag && (!inetd_flag || rexeced_flag))
|
||||
log_stderr = 1;
|
||||
log_init(__progname, options.log_level, options.log_facility, log_stderr);
|
||||
log_init(__progname, options.log_level,
|
||||
options.log_facility, log_stderr);
|
||||
for (i = 0; i < options.num_log_verbose; i++)
|
||||
log_verbose_add(options.log_verbose[i]);
|
||||
|
||||
/*
|
||||
* If not in debugging mode, not started from inetd and not already
|
||||
|
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.316 2020/10/03 04:15:06 djm Exp $
|
||||
.Dd $Mdocdate: October 3 2020 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.317 2020/10/16 13:26:13 djm Exp $
|
||||
.Dd $Mdocdate: October 16 2020 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -1028,6 +1028,23 @@ The default is INFO.
|
|||
DEBUG and DEBUG1 are equivalent.
|
||||
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
|
||||
Logging with a DEBUG level violates the privacy of users and is not recommended.
|
||||
.It Cm LogVerbose
|
||||
Specify one or more overrides to LogLevel.
|
||||
An override consists of a pattern lists that matches the source file, function
|
||||
and line number to force detailed logging for.
|
||||
For example, an override pattern of:
|
||||
.Bd -literal -offset indent
|
||||
kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
|
||||
.Ed
|
||||
.Pp
|
||||
would enable detailed logging for line 1000 of
|
||||
.Pa kex.c,
|
||||
everything in the
|
||||
.Fn kex_exchange_identification
|
||||
function, and all code in the
|
||||
.Pa packet.c
|
||||
file.
|
||||
This option is intended for debugging and no overrides are enabled by default.
|
||||
.It Cm MACs
|
||||
Specifies the available MAC (message authentication code) algorithms.
|
||||
The MAC algorithm is used for data integrity protection.
|
||||
|
|
Loading…
Reference in New Issue