upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up

debug verbosity. Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run in debug mode ("ssh-agent -d"), so we get to see errors from the PKCS#11 code. ok markus@ OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
2019-01-21 12:53:35 +00:00 · 2019-01-21 12:53:35 +00:00 · c7670b091a
parent 49d8c8e214
commit c7670b091a
5 changed files with 85 additions and 17 deletions
--- a/ssh-add.1
+++ b/ssh-add.1
@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.68 2019/01/21 07:09:10 jmc Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.69 2019/01/21 12:53:35 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -43,7 +43,7 @@
 .Nd adds private key identities to the authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
-.Op Fl cDdkLlqXx
+.Op Fl cDdkLlqvXx
 .Op Fl E Ar fingerprint_hash
 .Op Fl t Ar life
 .Op Ar
@ -143,6 +143,16 @@ Set a maximum lifetime when adding identities to an agent.
 The lifetime may be specified in seconds or in a time format
 specified in
 .Xr sshd_config 5 .
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful in debugging problems.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
 .It Fl X
 Unlock the agent.
 .It Fl x
--- a/ssh-add.c
+++ b/ssh-add.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.137 2019/01/20 22:03:29 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.138 2019/01/21 12:53:35 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -560,6 +560,7 @@ usage(void)
 	fprintf(stderr, "  -e pkcs11   Remove keys provided by PKCS#11 provider.\n");
 	fprintf(stderr, "  -T pubkey   Test if ssh-agent can access matching private key.\n");
 	fprintf(stderr, "  -q          Be quiet after a successful operation.\n");
+	fprintf(stderr, "  -v          Be more verbose.\n");
 }

 int
@ -571,6 +572,8 @@ main(int argc, char **argv)
 	char *pkcs11provider = NULL;
 	int r, i, ch, deleting = 0, ret = 0, key_only = 0;
 	int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;
+	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
+	LogLevel log_level = SYSLOG_LEVEL_INFO;

 	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@ -579,6 +582,8 @@ main(int argc, char **argv)
 	__progname = ssh_get_progname(argv[0]);
 	seed_rng();

+	log_init(__progname, log_level, log_facility, 1);
+
 	setvbuf(stdout, NULL, _IOLBF, 0);

 	/* First, get a connection to the authentication agent. */
@ -594,8 +599,14 @@ main(int argc, char **argv)
 		exit(2);
 	}

-	while ((ch = getopt(argc, argv, "klLcdDTxXE:e:M:m:qs:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:")) != -1) {
 		switch (ch) {
+		case 'v':
+			if (log_level == SYSLOG_LEVEL_INFO)
+				log_level = SYSLOG_LEVEL_DEBUG1;
+			else if (log_level < SYSLOG_LEVEL_DEBUG3)
+				log_level++;
+			break;
 		case 'E':
 			fingerprint_hash = ssh_digest_alg_by_name(optarg);
 			if (fingerprint_hash == -1)
@ -667,6 +678,7 @@ main(int argc, char **argv)
 			goto done;
 		}
 	}
+	log_init(__progname, log_level, log_facility, 1);

 	if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1)
 		fatal("Invalid combination of actions");
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.14 2019/01/20 22:57:45 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.15 2019/01/21 12:53:35 djm Exp $ */
 /*
 * Copyright (c) 2010 Markus Friedl.  All rights reserved.
 * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@ -49,8 +49,8 @@

 /* borrows code from sftp-server and ssh-agent */

-int fd = -1;
-pid_t pid = -1;
+static int fd = -1;
+static pid_t pid = -1;

 static void
 send_msg(struct sshbuf *m)
@ -272,7 +272,10 @@ static int
 pkcs11_start_helper(void)
 {
 	int pair[2];
-	char *helper;
+	char *helper, *verbosity = NULL;
+
+	if (log_level_get() >= SYSLOG_LEVEL_DEBUG1)
+		verbosity = "-vvv";

 	if (pkcs11_start_helper_methods() == -1) {
 		error("pkcs11_start_helper_methods failed");
@ -297,7 +300,9 @@ pkcs11_start_helper(void)
 		helper = getenv("SSH_PKCS11_HELPER");
 		if (helper == NULL || strlen(helper) == 0)
 			helper = _PATH_SSH_PKCS11_HELPER;
-		execlp(helper, helper, (char *)NULL);
+		debug("%s: starting %s %s", __func__, helper,
+		    verbosity == NULL ? "" : verbosity);
+		execlp(helper, helper, verbosity, (char *)NULL);
 		fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno));
 		_exit(1);
 	}
--- a/ssh-pkcs11-helper.8
+++ b/ssh-pkcs11-helper.8
@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $
+.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.5 2019/01/21 12:53:35 djm Exp $
 .\"
 .\" Copyright (c) 2010 Markus Friedl.  All rights reserved.
 .\"
@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 16 2013 $
+.Dd $Mdocdate: January 21 2019 $
 .Dt SSH-PKCS11-HELPER 8
 .Os
 .Sh NAME
@ -22,6 +22,7 @@
 .Nd ssh-agent helper program for PKCS#11 support
 .Sh SYNOPSIS
 .Nm
+.Op Fl v
 .Sh DESCRIPTION
 .Nm
 is used by
@ -31,6 +32,28 @@ to access keys provided by a PKCS#11 token.
 .Nm
 is not intended to be invoked by the user, but from
 .Xr ssh-agent 1 .
+.Pp
+A single option is supported:
+.Bl -tag -width Ds
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful in debugging problems.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
+.Pp
+Note that
+.Xr ssh-agent 1
+will automatically pass the
+.Fl v
+flag to
+.Nm
+when it has itself been placed in debug mode.
+.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.15 2019/01/20 22:51:37 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.16 2019/01/21 12:53:35 djm Exp $ */
 /*
 * Copyright (c) 2010 Markus Friedl.  All rights reserved.
 *
@ -307,11 +307,12 @@ cleanup_exit(int i)
 	_exit(i);
 }

+
 int
 main(int argc, char **argv)
 {
 	fd_set *rset, *wset;
-	int r, in, out, max, log_stderr = 0;
+	int r, ch, in, out, max, log_stderr = 0;
 	ssize_t len, olen, set_size;
 	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
 	LogLevel log_level = SYSLOG_LEVEL_ERROR;
@ -320,14 +321,31 @@ main(int argc, char **argv)
 	extern char *__progname;

 	ssh_malloc_init();	/* must be called before any mallocs */
-	TAILQ_INIT(&pkcs11_keylist);
-	pkcs11_init(0);
-
-	seed_rng();
 	__progname = ssh_get_progname(argv[0]);
+	seed_rng();
+	TAILQ_INIT(&pkcs11_keylist);

 	log_init(__progname, log_level, log_facility, log_stderr);

+	while ((ch = getopt(argc, argv, "v")) != -1) {
+		switch (ch) {
+		case 'v':
+			log_stderr = 1;
+			if (log_level == SYSLOG_LEVEL_ERROR)
+				log_level = SYSLOG_LEVEL_DEBUG1;
+			else if (log_level < SYSLOG_LEVEL_DEBUG3)
+				log_level++;
+			break;
+		default:
+			fprintf(stderr, "usage: %s [-v]\n", __progname);
+			exit(1);
+		}
+	}
+
+	log_init(__progname, log_level, log_facility, log_stderr);
+
+	pkcs11_init(0);
+
 	in = STDIN_FILENO;
 	out = STDOUT_FILENO;