tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up 

debug verbosity.

Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.

ok markus@

OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
This commit is contained in:
djm@openbsd.org 2019-01-21 12:53:35 +00:00 committed by Damien Miller
parent 49d8c8e214
commit c7670b091a
5 changed files with 85 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ssh-add.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.68 2019/01/21 07:09:10 jmc Exp $ .\" $OpenBSD: ssh-add.1,v 1.69 2019/01/21 12:53:35 djm Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -43,7 +43,7 @@
.Nd adds private key identities to the authentication agent .Nd adds private key identities to the authentication agent
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm ssh-add .Nm ssh-add
.Op Fl cDdkLlqXx .Op Fl cDdkLlqvXx
.Op Fl E Ar fingerprint_hash .Op Fl E Ar fingerprint_hash
.Op Fl t Ar life .Op Fl t Ar life
.Op Ar .Op Ar
@ -143,6 +143,16 @@ Set a maximum lifetime when adding identities to an agent.
The lifetime may be specified in seconds or in a time format The lifetime may be specified in seconds or in a time format
specified in specified in
.Xr sshd_config 5 . .Xr sshd_config 5 .
.It Fl v
Verbose mode.
Causes
.Nm
to print debugging messages about its progress.
This is helpful in debugging problems.
Multiple
.Fl v
options increase the verbosity.
The maximum is 3.
.It Fl X .It Fl X
Unlock the agent. Unlock the agent.
.It Fl x .It Fl x

16
ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.137 2019/01/20 22:03:29 djm Exp $ */ /* $OpenBSD: ssh-add.c,v 1.138 2019/01/21 12:53:35 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -560,6 +560,7 @@ usage(void)
fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n");
fprintf(stderr, " -q Be quiet after a successful operation.\n"); fprintf(stderr, " -q Be quiet after a successful operation.\n");
fprintf(stderr, " -v Be more verbose.\n");
} }
int int
@ -571,6 +572,8 @@ main(int argc, char **argv)
char *pkcs11provider = NULL; char *pkcs11provider = NULL;
int r, i, ch, deleting = 0, ret = 0, key_only = 0; int r, i, ch, deleting = 0, ret = 0, key_only = 0;
int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0; int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
LogLevel log_level = SYSLOG_LEVEL_INFO;
ssh_malloc_init(); /* must be called before any mallocs */ ssh_malloc_init(); /* must be called before any mallocs */
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@ -579,6 +582,8 @@ main(int argc, char **argv)
__progname = ssh_get_progname(argv[0]); __progname = ssh_get_progname(argv[0]);
seed_rng(); seed_rng();
log_init(__progname, log_level, log_facility, 1);
setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(stdout, NULL, _IOLBF, 0);
/* First, get a connection to the authentication agent. */ /* First, get a connection to the authentication agent. */
@ -594,8 +599,14 @@ main(int argc, char **argv)
exit(2); exit(2);
} }
while ((ch = getopt(argc, argv, "klLcdDTxXE:e:M:m:qs:t:")) != -1) { while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:")) != -1) {
switch (ch) { switch (ch) {
case 'v':
if (log_level == SYSLOG_LEVEL_INFO)
log_level = SYSLOG_LEVEL_DEBUG1;
else if (log_level < SYSLOG_LEVEL_DEBUG3)
log_level++;
break;
case 'E': case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg); fingerprint_hash = ssh_digest_alg_by_name(optarg);
if (fingerprint_hash == -1) if (fingerprint_hash == -1)
@ -667,6 +678,7 @@ main(int argc, char **argv)
goto done; goto done;
} }
} }
log_init(__progname, log_level, log_facility, 1);
if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1) if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1)
fatal("Invalid combination of actions"); fatal("Invalid combination of actions");

15
ssh-pkcs11-client.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-pkcs11-client.c,v 1.14 2019/01/20 22:57:45 djm Exp $ */ /* $OpenBSD: ssh-pkcs11-client.c,v 1.15 2019/01/21 12:53:35 djm Exp $ */
/* /*
* Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2010 Markus Friedl. All rights reserved.
* Copyright (c) 2014 Pedro Martelletto. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@ -49,8 +49,8 @@
/* borrows code from sftp-server and ssh-agent */ /* borrows code from sftp-server and ssh-agent */
int fd = -1; static int fd = -1;
pid_t pid = -1; static pid_t pid = -1;
static void static void
send_msg(struct sshbuf *m) send_msg(struct sshbuf *m)
@ -272,7 +272,10 @@ static int
pkcs11_start_helper(void) pkcs11_start_helper(void)
{ {
int pair[2]; int pair[2];
char *helper; char *helper, *verbosity = NULL;
if (log_level_get() >= SYSLOG_LEVEL_DEBUG1)
verbosity = "-vvv";
if (pkcs11_start_helper_methods() == -1) { if (pkcs11_start_helper_methods() == -1) {
error("pkcs11_start_helper_methods failed"); error("pkcs11_start_helper_methods failed");
@ -297,7 +300,9 @@ pkcs11_start_helper(void)
helper = getenv("SSH_PKCS11_HELPER"); helper = getenv("SSH_PKCS11_HELPER");
if (helper == NULL || strlen(helper) == 0) if (helper == NULL || strlen(helper) == 0)
helper = _PATH_SSH_PKCS11_HELPER; helper = _PATH_SSH_PKCS11_HELPER;
execlp(helper, helper, (char *)NULL); debug("%s: starting %s %s", __func__, helper,
verbosity == NULL ? "" : verbosity);
execlp(helper, helper, verbosity, (char *)NULL);
fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno)); fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno));
_exit(1); _exit(1);
} }

27
ssh-pkcs11-helper.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.5 2019/01/21 12:53:35 djm Exp $
.\" .\"
.\" Copyright (c) 2010 Markus Friedl. All rights reserved. .\" Copyright (c) 2010 Markus Friedl. All rights reserved.
.\" .\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd $Mdocdate: July 16 2013 $ .Dd $Mdocdate: January 21 2019 $
.Dt SSH-PKCS11-HELPER 8 .Dt SSH-PKCS11-HELPER 8
.Os .Os
.Sh NAME .Sh NAME
@ -22,6 +22,7 @@
.Nd ssh-agent helper program for PKCS#11 support .Nd ssh-agent helper program for PKCS#11 support
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm .Nm
.Op Fl v
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm .Nm
is used by is used by
@ -31,6 +32,28 @@ to access keys provided by a PKCS#11 token.
.Nm .Nm
is not intended to be invoked by the user, but from is not intended to be invoked by the user, but from
.Xr ssh-agent 1 . .Xr ssh-agent 1 .
.Pp
A single option is supported:
.Bl -tag -width Ds
.It Fl v
Verbose mode.
Causes
.Nm
to print debugging messages about its progress.
This is helpful in debugging problems.
Multiple
.Fl v
options increase the verbosity.
The maximum is 3.
.Pp
Note that
.Xr ssh-agent 1
will automatically pass the
.Fl v
flag to
.Nm
when it has itself been placed in debug mode.
.El
.Sh SEE ALSO .Sh SEE ALSO
.Xr ssh 1 , .Xr ssh 1 ,
.Xr ssh-add 1 , .Xr ssh-add 1 ,

30
ssh-pkcs11-helper.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.15 2019/01/20 22:51:37 djm Exp $ */ /* $OpenBSD: ssh-pkcs11-helper.c,v 1.16 2019/01/21 12:53:35 djm Exp $ */
/* /*
* Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2010 Markus Friedl. All rights reserved.
* *
@ -307,11 +307,12 @@ cleanup_exit(int i)
_exit(i); _exit(i);
} }
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
fd_set *rset, *wset; fd_set *rset, *wset;
int r, in, out, max, log_stderr = 0; int r, ch, in, out, max, log_stderr = 0;
ssize_t len, olen, set_size; ssize_t len, olen, set_size;
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
LogLevel log_level = SYSLOG_LEVEL_ERROR; LogLevel log_level = SYSLOG_LEVEL_ERROR;
@ -320,14 +321,31 @@ main(int argc, char **argv)
extern char *__progname; extern char *__progname;
ssh_malloc_init(); /* must be called before any mallocs */ ssh_malloc_init(); /* must be called before any mallocs */
TAILQ_INIT(&pkcs11_keylist);
pkcs11_init(0);
seed_rng();
__progname = ssh_get_progname(argv[0]); __progname = ssh_get_progname(argv[0]);
seed_rng();
TAILQ_INIT(&pkcs11_keylist);
log_init(__progname, log_level, log_facility, log_stderr); log_init(__progname, log_level, log_facility, log_stderr);
while ((ch = getopt(argc, argv, "v")) != -1) {
switch (ch) {
case 'v':
log_stderr = 1;
if (log_level == SYSLOG_LEVEL_ERROR)
log_level = SYSLOG_LEVEL_DEBUG1;
else if (log_level < SYSLOG_LEVEL_DEBUG3)
log_level++;
break;
default:
fprintf(stderr, "usage: %s [-v]\n", __progname);
exit(1);
}
}
log_init(__progname, log_level, log_facility, log_stderr);
pkcs11_init(0);
in = STDIN_FILENO; in = STDIN_FILENO;
out = STDOUT_FILENO; out = STDOUT_FILENO;