From ce1fa632752ec951a775a9157933c77c9ae3e168 Mon Sep 17 00:00:00 2001 From: dtucker Date: Fri, 28 Apr 2017 03:20:27 +0000 Subject: [PATCH] Add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok djm@ --- usr.bin/ssh/readconf.c | 20 ++++++++++++++++++-- usr.bin/ssh/readconf.h | 3 ++- usr.bin/ssh/ssh.c | 11 +++++++---- usr.bin/ssh/ssh_config.5 | 10 ++++++++-- 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 213048c8653..e66f2e820bd 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.271 2017/04/28 03:20:27 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -137,7 +137,7 @@ typedef enum { oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, - oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, + oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oProtocol, oMacs, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, @@ -250,6 +250,7 @@ static struct { { "tcpkeepalive", oTCPKeepAlive }, { "keepalive", oTCPKeepAlive }, /* obsolete */ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, + { "syslogfacility", oLogFacility }, { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, { "preferredauthentications", oPreferredAuthentications }, @@ -815,6 +816,7 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, u_int i, *uintptr, max_entries = 0; int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; LogLevel *log_level_ptr; + SyslogFacility *log_facility_ptr; long long val64; size_t len; struct Forward fwd; @@ -1249,6 +1251,17 @@ parse_keytypes: *log_level_ptr = (LogLevel) value; break; + case oLogFacility: + log_facility_ptr = &options->log_facility; + arg = strdelim(&s); + value = log_facility_number(arg); + if (value == SYSLOG_FACILITY_NOT_SET) + fatal("%.200s line %d: unsupported log facility '%s'", + filename, linenum, arg ? arg : ""); + if (*log_facility_ptr == -1) + *log_facility_ptr = (SyslogFacility) value; + break; + case oLocalForward: case oRemoteForward: case oDynamicForward: @@ -1823,6 +1836,7 @@ initialize_options(Options * options) options->num_local_forwards = 0; options->remote_forwards = NULL; options->num_remote_forwards = 0; + options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; options->preferred_authentications = NULL; options->bind_address = NULL; @@ -1997,6 +2011,8 @@ fill_default_options(Options * options) } if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; + if (options->log_facility == SYSLOG_FACILITY_NOT_SET) + options->log_facility = SYSLOG_FACILITY_USER; if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; if (options->identities_only == -1) diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index cef55f71c91..d6242810139 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.117 2016/07/15 00:24:30 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.118 2017/04/28 03:20:27 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -59,6 +59,7 @@ typedef struct { int tcp_keep_alive; /* Set SO_KEEPALIVE. */ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 771c2241e0a..3579b1f4cce 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.452 2017/04/28 03:20:27 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -976,8 +976,11 @@ main(int ac, char **av) if (logfile != NULL) log_redirect_stderr_to(logfile); log_init(argv0, - options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, - SYSLOG_FACILITY_USER, !use_syslog); + options.log_level == SYSLOG_LEVEL_NOT_SET ? + SYSLOG_LEVEL_INFO : options.log_level, + options.log_facility == SYSLOG_FACILITY_NOT_SET ? + SYSLOG_FACILITY_USER : options.log_facility, + !use_syslog); if (debug_flag) logit("%s, %s", SSH_VERSION, @@ -1118,7 +1121,7 @@ main(int ac, char **av) options.use_privileged_port = 0; /* reinit */ - log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog); + log_init(argv0, options.log_level, options.log_facility, !use_syslog); if (options.request_tty == REQUEST_TTY_YES || options.request_tty == REQUEST_TTY_FORCE) diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 532745b2ff4..dd088c5ad80 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $ -.Dd $Mdocdate: February 27 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.243 2017/04/28 03:20:27 dtucker Exp $ +.Dd $Mdocdate: April 28 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1101,6 +1101,12 @@ indicates that the listening port be bound for local use only, while an empty address or .Sq * indicates that the port should be available from all interfaces. +.It Cm SyslogFacility +Gives the facility code that is used when logging messages from +.Xr ssh 1 . +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. +The default is USER. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Xr ssh 1 . -- 2.20.1