return (1);
}
/* Failure - cancel cleanup function, leaving ticket for inspection. */
- log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
+ logit("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
fatal_remove_cleanup(krb4_cleanup_proc, authctxt);
cleanup_registered = 0;
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) {
/* Set up our ticket file. */
if (!krb4_init(authctxt)) {
- log("Couldn't initialize Kerberos ticket file for %s!",
+ logit("Couldn't initialize Kerberos ticket file for %s!",
pw->pw_name);
goto failure;
}
if (r == KSUCCESS) {
if ((hp = gethostbyname(localhost)) == NULL) {
- log("Couldn't get local host address!");
+ logit("Couldn't get local host address!");
goto failure;
}
memmove((void *)&faddr, (void *)hp->h_addr,
* Probably didn't have a srvtab on
* localhost. Disallow login.
*/
- log("Kerberos v4 TGT for %s unverifiable, "
+ logit("Kerberos v4 TGT for %s unverifiable, "
"no srvtab installed? krb_rd_req: %s",
pw->pw_name, krb_err_txt[r]);
goto failure;
} else if (r != KSUCCESS) {
- log("Kerberos v4 %s ticket unverifiable: %s",
+ logit("Kerberos v4 %s ticket unverifiable: %s",
KRB4_SERVICE_NAME, krb_err_txt[r]);
goto failure;
}
* Disallow login if no rcmd service exists, and
* log the error.
*/
- log("Kerberos v4 TGT for %s unverifiable: %s; %s.%s "
+ logit("Kerberos v4 TGT for %s unverifiable: %s; %s.%s "
"not registered, or srvtab is wrong?", pw->pw_name,
krb_err_txt[r], KRB4_SERVICE_NAME, phost);
goto failure;
/* Check ~/.klogin authorization now. */
if (kuserok(&adat, authctxt->user) != KSUCCESS) {
- log("Kerberos v4 .klogin authorization failed for %s to "
+ logit("Kerberos v4 .klogin authorization failed for %s to "
"account %s", *client, authctxt->user);
xfree(*client);
*client = NULL;
temporarily_use_uid(pw);
if (!radix_to_creds(string, &creds)) {
- log("Protocol error decoding Kerberos v4 TGT");
+ logit("Protocol error decoding Kerberos v4 TGT");
goto failure;
}
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
strlcpy(creds.service, "krbtgt", sizeof creds.service);
if (strcmp(creds.service, "krbtgt")) {
- log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
+ logit("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
creds.realm, pw->pw_name);
goto failure;
return (0);
if (!radix_to_creds(token_string, &creds)) {
- log("Protocol error decoding AFS token");
+ logit("Protocol error decoding AFS token");
return (0);
}
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
uid = pw->pw_uid;
if (kafs_settoken(creds.realm, uid, &creds)) {
- log("AFS token (%s@%s) rejected for %s",
+ logit("AFS token (%s@%s) rejected for %s",
creds.pname, creds.realm, pw->pw_name);
memset(&creds, 0, sizeof(creds));
return (0);
snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
- log("mkstemp(): %.100s", strerror(errno));
+ logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
goto fail;
}
if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
- log("fchmod(): %.100s", strerror(errno));
+ logit("fchmod(): %.100s", strerror(errno));
close(tmpfd);
problem = errno;
goto fail;
snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
- log("mkstemp(): %.100s", strerror(errno));
+ logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
goto out;
}
if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
- log("fchmod(): %.100s", strerror(errno));
+ logit("fchmod(): %.100s", strerror(errno));
close(tmpfd);
problem = errno;
goto out;
if (match_host_and_ip(remote_host, remote_ip,
patterns) != 1) {
xfree(patterns);
- log("Authentication tried for %.100s with "
+ logit("Authentication tried for %.100s with "
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
pw->pw_name, remote_host, remote_ip);
return 1;
bad_option:
- log("Bad options in %.100s file, line %lu: %.50s",
+ logit("Bad options in %.100s file, line %lu: %.50s",
file, linenum, opts);
auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
file, linenum, opts);
if (__pamh && session_opened) {
pam_retval = pam_close_session(__pamh, 0);
if (pam_retval != PAM_SUCCESS)
- log("Cannot close PAM session[%d]: %.200s",
+ logit("Cannot close PAM session[%d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval));
}
if (__pamh) {
pam_retval = pam_end(__pamh, pam_retval);
if (pam_retval != PAM_SUCCESS)
- log("Cannot release PAM authentication[%d]: %.200s",
+ logit("Cannot release PAM authentication[%d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval));
}
}
break;
#endif
default:
- log("PAM rejected by account configuration[%d]: "
+ logit("PAM rejected by account configuration[%d]: "
"%.200s", pam_retval, PAM_STRERROR(__pamh,
pam_retval));
return(0);
/* Perform the challenge-response dialog with the client for the host key. */
if (!auth_rsa_challenge_dialog(client_host_key)) {
- log("Client on %.800s failed to respond correctly to host authentication.",
+ logit("Client on %.800s failed to respond correctly to host authentication.",
chost);
return 0;
}
* not group or world writable.
*/
if (stat(pw->pw_dir, &st) < 0) {
- log("Rhosts authentication refused for %.100s: "
+ logit("Rhosts authentication refused for %.100s: "
"no home directory %.200s", pw->pw_name, pw->pw_dir);
auth_debug_add("Rhosts authentication refused for %.100s: "
"no home directory %.200s", pw->pw_name, pw->pw_dir);
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
- log("Rhosts authentication refused for %.100s: "
+ logit("Rhosts authentication refused for %.100s: "
"bad ownership or modes for home directory.", pw->pw_name);
auth_debug_add("Rhosts authentication refused for %.100s: "
"bad ownership or modes for home directory.", pw->pw_name);
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
- log("Rhosts authentication refused for %.100s: bad modes for %.200s",
+ logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
pw->pw_name, buf);
auth_debug_add("Bad file modes for %.200s", buf);
continue;
secure_filename(f, file, pw, line, sizeof(line)) != 0) {
xfree(file);
fclose(f);
- log("Authentication refused: %s", line);
+ logit("Authentication refused: %s", line);
restore_uid();
return (0);
}
/* check the real bits */
if (bits != BN_num_bits(key->rsa->n))
- log("Warning: %s, line %lu: keysize mismatch: "
+ logit("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
* day after the day specified.
*/
if (spw->sp_expire != -1 && today > spw->sp_expire) {
- log("Account %.100s has expired", pw->pw_name);
+ logit("Account %.100s has expired", pw->pw_name);
return 0;
}
if (spw->sp_lstchg == 0) {
- log("User %.100s password has expired (root forced)",
+ logit("User %.100s password has expired (root forced)",
pw->pw_name);
return 0;
}
if (spw->sp_max != -1 &&
today > spw->sp_lstchg + spw->sp_max) {
- log("User %.100s password has expired (password aged)",
+ logit("User %.100s password has expired (password aged)",
pw->pw_name);
return 0;
}
/* deny if shell does not exists or is not executable */
if (stat(shell, &st) != 0) {
- log("User %.100s not allowed because shell %.100s does not exist",
+ logit("User %.100s not allowed because shell %.100s does not exist",
pw->pw_name, shell);
return 0;
}
if (S_ISREG(st.st_mode) == 0 ||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
- log("User %.100s not allowed because shell %.100s is not executable",
+ logit("User %.100s not allowed because shell %.100s is not executable",
pw->pw_name, shell);
return 0;
}
for (i = 0; i < options.num_deny_users; i++)
if (match_user(pw->pw_name, hostname, ipaddr,
options.deny_users[i])) {
- log("User %.100s not allowed because listed in DenyUsers",
+ logit("User %.100s not allowed because listed in DenyUsers",
pw->pw_name);
return 0;
}
break;
/* i < options.num_allow_users iff we break for loop */
if (i >= options.num_allow_users) {
- log("User %.100s not allowed because not listed in AllowUsers",
+ logit("User %.100s not allowed because not listed in AllowUsers",
pw->pw_name);
return 0;
}
if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
/* Get the user's group access list (primary and supplementary) */
if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
- log("User %.100s not allowed because not in any group",
+ logit("User %.100s not allowed because not in any group",
pw->pw_name);
return 0;
}
if (ga_match(options.deny_groups,
options.num_deny_groups)) {
ga_free();
- log("User %.100s not allowed because a group is listed in DenyGroups",
+ logit("User %.100s not allowed because a group is listed in DenyGroups",
pw->pw_name);
return 0;
}
if (!ga_match(options.allow_groups,
options.num_allow_groups)) {
ga_free();
- log("User %.100s not allowed because none of user's groups are listed in AllowGroups",
+ logit("User %.100s not allowed because none of user's groups are listed in AllowGroups",
pw->pw_name);
return 0;
}
}
/* Remove trailing newline */
*--p = '\0';
- log("Login restricted for %s: %.100s", pw->pw_name,
+ logit("Login restricted for %s: %.100s", pw->pw_name,
loginmsg);
}
/* Don't fail if /etc/nologin set */
break;
case PERMIT_FORCED_ONLY:
if (forced_command) {
- log("Root login accepted for forced command.");
+ logit("Root login accepted for forced command.");
return 1;
}
break;
}
- log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
+ logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
return 0;
}
(stat(user_hostfile, &st) == 0) &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
- log("Authentication refused for %.100s: "
+ logit("Authentication refused for %.100s: "
"bad owner or modes for %.200s",
pw->pw_name, user_hostfile);
} else {
pw = getpwnam(user);
if (pw == NULL) {
- log("Illegal user %.100s from %.100s",
+ logit("Illegal user %.100s from %.100s",
user, get_remote_ipaddr());
#ifdef WITH_AIXAUTHENTICATE
loginfailed(user,
* Any unknown messages will be ignored (and failure
* returned) during authentication.
*/
- log("Unknown message during authentication: type %d", type);
+ logit("Unknown message during authentication: type %d", type);
break;
}
#ifdef BSD_AUTH
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
- log("userauth_hostbased: unsupported "
+ logit("userauth_hostbased: unsupported "
"public key algorithm: %s", pkalg);
goto done;
}
chost[len - 1] = '\0';
}
if (strcasecmp(resolvedname, chost) != 0)
- log("userauth_hostbased mismatch: "
+ logit("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s",
chost, ipaddr, resolvedname);
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)
u_int len;
change = packet_get_char();
if (change)
- log("password change not supported");
+ logit("password change not supported");
password = packet_get_string(&len);
packet_check_eom();
if (authctxt->valid &&
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
- log("userauth_pubkey: unsupported public key algorithm: %s",
+ logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
if (options.strict_modes &&
secure_filename(f, file, pw, line, sizeof(line)) != 0) {
fclose(f);
- log("Authentication refused: %s", line);
+ logit("Authentication refused: %s", line);
restore_uid();
return 0;
}
PRIVSEP(start_pam(authctxt->pw->pw_name));
#endif
} else {
- log("input_userauth_request: illegal user %s", user);
+ logit("input_userauth_request: illegal user %s", user);
#ifdef USE_PAM
PRIVSEP(start_pam("NOUSER"));
#endif
buffer_get_bignum(&auth->identities, key->rsa->n);
*comment = buffer_get_string(&auth->identities, NULL);
if (bits != BN_num_bits(key->rsa->n))
- log("Warning: identity keysize mismatch: actual %d, announced %u",
+ logit("Warning: identity keysize mismatch: actual %d, announced %u",
BN_num_bits(key->rsa->n), bits);
break;
case 2:
if (key->type != KEY_RSA1)
return 0;
if (response_type == 0) {
- log("Compatibility with ssh protocol version 1.0 no longer supported.");
+ logit("Compatibility with ssh protocol version 1.0 no longer supported.");
return 0;
}
buffer_init(&buffer);
type = buffer_get_char(&buffer);
if (agent_failed(type)) {
- log("Agent admitted failure to authenticate using the key.");
+ logit("Agent admitted failure to authenticate using the key.");
} else if (type != SSH_AGENT_RSA_RESPONSE) {
fatal("Bad authentication response: %d", type);
} else {
}
type = buffer_get_char(&msg);
if (agent_failed(type)) {
- log("Agent admitted failure to sign using the key.");
+ logit("Agent admitted failure to sign using the key.");
} else if (type != SSH2_AGENT_SIGN_RESPONSE) {
fatal("Bad authentication response: %d", type);
} else {
case SSH_AGENT_FAILURE:
case SSH_COM_AGENT2_FAILURE:
case SSH2_AGENT_FAILURE:
- log("SSH_AGENT_FAILURE");
+ logit("SSH_AGENT_FAILURE");
return 0;
case SSH_AGENT_SUCCESS:
return 1;
/**XXX should be two's-complement */
int i, carry;
u_char *uc = buf;
- log("negativ!");
+ logit("negativ!");
for (i = bytes-1, carry = 1; i>=0; i--) {
uc[i] ^= 0xff;
if (carry)
NULL, 0, NI_NAMEREQD) != 0) {
/* Host name not found. Use ip address. */
#if 0
- log("Could not reverse map address %.100s.", ntop);
+ logit("Could not reverse map address %.100s.", ntop);
#endif
return xstrdup(ntop);
}
hints.ai_family = from.ss_family;
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
- log("reverse mapping checking getaddrinfo for %.700s "
+ logit("reverse mapping checking getaddrinfo for %.700s "
"failed - POSSIBLE BREAKIN ATTEMPT!", name);
return xstrdup(ntop);
}
/* If we reached the end of the list, the address was not there. */
if (!ai) {
/* Address not found for the host name. */
- log("Address %.100s maps to %.600s, but this does not "
+ logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAKIN ATTEMPT!",
ntop, name);
return xstrdup(ntop);
for (i = 0; i < option_size; i++)
snprintf(text + i*3, sizeof(text) - i*3,
" %2.2x", options[i]);
- log("Connection from %.100s with IP options:%.800s",
+ logit("Connection from %.100s with IP options:%.800s",
ipaddr, text);
packet_disconnect("Connection from %.100s with IP options:%.800s",
ipaddr, text);
Channel *c;
if (id < 0 || id >= channels_alloc) {
- log("channel_lookup: %d: bad id", id);
+ logit("channel_lookup: %d: bad id", id);
return NULL;
}
c = channels[id];
if (c == NULL) {
- log("channel_lookup: %d: bad id: channel free", id);
+ logit("channel_lookup: %d: bad id: channel free", id);
return NULL;
}
return c;
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_send_open: %d: bad id", id);
+ logit("channel_send_open: %d: bad id", id);
return;
}
debug2("channel %d: send open", id);
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_request_start: %d: unknown channel id", id);
+ logit("channel_request_start: %d: unknown channel id", id);
return;
}
debug("channel %d: request %s", id, service) ;
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_register_comfirm: %d: bad id", id);
+ logit("channel_register_comfirm: %d: bad id", id);
return;
}
c->confirm = fn;
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_register_cleanup: %d: bad id", id);
+ logit("channel_register_cleanup: %d: bad id", id);
return;
}
c->detach_user = fn;
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_cancel_cleanup: %d: bad id", id);
+ logit("channel_cancel_cleanup: %d: bad id", id);
return;
}
c->detach_user = NULL;
Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_register_filter: %d: bad id", id);
+ logit("channel_register_filter: %d: bad id", id);
return;
}
c->input_filter = fn;
* We have received an X11 connection that has bad
* authentication information.
*/
- log("X11 connection rejected because of wrong authentication.");
+ logit("X11 connection rejected because of wrong authentication.");
buffer_clear(&c->input);
buffer_clear(&c->output);
channel_close_fd(&c->sock);
c->type = SSH_CHANNEL_OPEN;
channel_pre_open(c, readset, writeset);
} else if (ret == -1) {
- log("X11 connection rejected because of wrong authentication.");
+ logit("X11 connection rejected because of wrong authentication.");
debug("X11 rejected %d i%d/o%d", c->self, c->istate, c->ostate);
chan_read_failed(c);
buffer_clear(&c->input);
if (compat20) {
if (data_len > c->local_maxpacket) {
- log("channel %d: rcvd big packet %d, maxpack %d",
+ logit("channel %d: rcvd big packet %d, maxpack %d",
c->self, data_len, c->local_maxpacket);
}
if (data_len > c->local_window) {
- log("channel %d: rcvd too much data %d, win %d",
+ logit("channel %d: rcvd too much data %d, win %d",
c->self, data_len, c->local_window);
xfree(data);
return;
if (c == NULL)
packet_disconnect("Received extended_data for bad channel %d.", id);
if (c->type != SSH_CHANNEL_OPEN) {
- log("channel %d: ext data for non open", id);
+ logit("channel %d: ext data for non open", id);
return;
}
if (c->flags & CHAN_EOF_RCVD) {
if (c->efd == -1 ||
c->extended_usage != CHAN_EXTENDED_WRITE ||
tcode != SSH2_EXTENDED_DATA_STDERR) {
- log("channel %d: bad ext data", c->self);
+ logit("channel %d: bad ext data", c->self);
return;
}
data = packet_get_string(&data_len);
packet_check_eom();
if (data_len > c->local_window) {
- log("channel %d: rcvd too much extended_data %d, win %d",
+ logit("channel %d: rcvd too much extended_data %d, win %d",
c->self, data_len, c->local_window);
xfree(data);
return;
msg = packet_get_string(NULL);
lang = packet_get_string(NULL);
}
- log("channel %d: open failed: %s%s%s", id,
+ logit("channel %d: open failed: %s%s%s", id,
reason2txt(reason), msg ? ": ": "", msg ? msg : "");
if (msg != NULL)
xfree(msg);
c = channel_lookup(id);
if (c == NULL || c->type != SSH_CHANNEL_OPEN) {
- log("Received window adjust for "
+ logit("Received window adjust for "
"non-open channel %d.", id);
return;
}
success = 1;
break;
case SSH_SMSG_FAILURE:
- log("Warning: Server denied remote port forwarding.");
+ logit("Warning: Server denied remote port forwarding.");
break;
default:
/* Unknown packet */
}
if (!permit) {
- log("Received request to connect to host %.100s port %d, "
+ logit("Received request to connect to host %.100s port %d, "
"but the request was denied.", host, port);
return -1;
}
if (*s == 0)
goto out;
if (strlen(s) < 2 || s[0] != '-' || !(s[1] == 'L' || s[1] == 'R')) {
- log("Invalid command.");
+ logit("Invalid command.");
goto out;
}
if (s[1] == 'L')
local = 1;
if (!local && !compat20) {
- log("Not supported for SSH protocol version 1.");
+ logit("Not supported for SSH protocol version 1.");
goto out;
}
s += 2;
sfwd_port, buf, sfwd_host_port) != 3 &&
sscanf(s, "%5[0-9]/%255[^/]/%5[0-9]",
sfwd_port, buf, sfwd_host_port) != 3) {
- log("Bad forwarding specification.");
+ logit("Bad forwarding specification.");
goto out;
}
if ((fwd_port = a2port(sfwd_port)) == 0 ||
(fwd_host_port = a2port(sfwd_host_port)) == 0) {
- log("Bad forwarding port(s).");
+ logit("Bad forwarding port(s).");
goto out;
}
if (local) {
if (channel_setup_local_fwd_listener(fwd_port, buf,
fwd_host_port, options.gateway_ports) < 0) {
- log("Port forwarding failed.");
+ logit("Port forwarding failed.");
goto out;
}
} else
channel_request_remote_forwarding(fwd_port, buf,
fwd_host_port);
- log("Forwarding port.");
+ logit("Forwarding port.");
out:
signal(SIGINT, handler);
enter_raw_mode();
case 'R':
if (compat20) {
if (datafellows & SSH_BUG_NOREKEY)
- log("Server does not support re-keying");
+ logit("Server does not support re-keying");
else
need_rekeying = 1;
}
ret |= SSH_PROTO_2;
break;
default:
- log("ignoring bad proto spec: '%s'.", p);
+ logit("ignoring bad proto spec: '%s'.", p);
break;
}
}
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
- log("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI);
+ logit("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI);
return (dh_new_group1());
}
if (bestcount == 0) {
fclose(f);
- log("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
+ logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES);
return (NULL);
}
int bits_set = 0;
if (dh_pub->neg) {
- log("invalid public DH value: negativ");
+ logit("invalid public DH value: negativ");
return 0;
}
for (i = 0; i <= n; i++)
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
return 1;
- log("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
+ logit("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
return 0;
}
void
dispatch_protocol_error(int type, u_int32_t seq, void *ctxt)
{
- log("dispatch_protocol_error: type %d seq %u", type, seq);
+ logit("dispatch_protocol_error: type %d seq %u", type, seq);
if (!compat20)
fatal("protocol error");
packet_start(SSH2_MSG_UNIMPLEMENTED);
void
dispatch_protocol_ignore(int type, u_int32_t seq, void *ctxt)
{
- log("dispatch_protocol_ignore: type %d seq %u", type, seq);
+ logit("dispatch_protocol_ignore: type %d seq %u", type, seq);
}
void
dispatch_init(dispatch_fn *dflt)
ngroups = sizeof(groups_bygid) / sizeof(gid_t);
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
- log("getgrouplist: groups list too small");
+ logit("getgrouplist: groups list too small");
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
groups_byname[j++] = xstrdup(gr->gr_name);
if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
return 1;
if (bits != BN_num_bits(key->rsa->n)) {
- log("Warning: %s, line %d: keysize mismatch for host %s: "
+ logit("Warning: %s, line %d: keysize mismatch for host %s: "
"actual %d vs. announced %d.",
filename, linenum, host, BN_num_bits(key->rsa->n), bits);
- log("Warning: replace %d with %d in %s, line %d.",
+ logit("Warning: replace %d with %d in %s, line %d.",
bits, BN_num_bits(key->rsa->n), filename, linenum);
}
return 1;
/* Log this message (information that usually should go to the log). */
void
-log(const char *fmt,...)
+logit(const char *fmt,...)
{
va_list args;
void fatal(const char *, ...) __attribute__((format(printf, 1, 2)));
void error(const char *, ...) __attribute__((format(printf, 1, 2)));
-void log(const char *, ...) __attribute__((format(printf, 1, 2)));
+void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
{
#ifndef HAVE_CYGWIN
if ((int)geteuid() != 0) {
- log("Attempt to write login records by non-root user (aborting)");
+ logit("Attempt to write login records by non-root user (aborting)");
return 1;
}
#endif
endttyent();
if((struct ttyent *)0 == ty) {
- log("utmp_write_entry: tty not found");
+ logit("utmp_write_entry: tty not found");
return(1);
}
#else /* FIXME */
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut))
- log("utmp_write_direct: error writing %s: %s",
+ logit("utmp_write_direct: error writing %s: %s",
UTMP_FILE, strerror(errno));
(void)close(fd);
construct_utmp(li, &ut);
# ifdef UTMP_USE_LIBRARY
if (!utmp_write_library(li, &ut)) {
- log("utmp_perform_login: utmp_write_library() failed");
+ logit("utmp_perform_login: utmp_write_library() failed");
return 0;
}
# else
if (!utmp_write_direct(li, &ut)) {
- log("utmp_perform_login: utmp_write_direct() failed");
+ logit("utmp_perform_login: utmp_write_direct() failed");
return 0;
}
# endif
construct_utmp(li, &ut);
# ifdef UTMP_USE_LIBRARY
if (!utmp_write_library(li, &ut)) {
- log("utmp_perform_logout: utmp_write_library() failed");
+ logit("utmp_perform_logout: utmp_write_library() failed");
return 0;
}
# else
if (!utmp_write_direct(li, &ut)) {
- log("utmp_perform_logout: utmp_write_direct() failed");
+ logit("utmp_perform_logout: utmp_write_direct() failed");
return 0;
}
# endif
return utmp_perform_logout(li);
default:
- log("utmp_write_entry: invalid type field");
+ logit("utmp_write_entry: invalid type field");
return 0;
}
}
static int
utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
{
- log("utmpx_write_direct: not implemented!");
+ logit("utmpx_write_direct: not implemented!");
return 0;
}
# endif /* UTMPX_USE_LIBRARY */
construct_utmpx(li, &utx);
# ifdef UTMPX_USE_LIBRARY
if (!utmpx_write_library(li, &utx)) {
- log("utmpx_perform_login: utmp_write_library() failed");
+ logit("utmpx_perform_login: utmp_write_library() failed");
return 0;
}
# else
if (!utmpx_write_direct(li, &ut)) {
- log("utmpx_perform_login: utmp_write_direct() failed");
+ logit("utmpx_perform_login: utmp_write_direct() failed");
return 0;
}
# endif
case LTYPE_LOGOUT:
return utmpx_perform_logout(li);
default:
- log("utmpx_write_entry: invalid type field");
+ logit("utmpx_write_entry: invalid type field");
return 0;
}
}
int fd, ret = 1;
if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
- log("wtmp_write: problem writing %s: %s",
+ logit("wtmp_write: problem writing %s: %s",
WTMP_FILE, strerror(errno));
return 0;
}
if (fstat(fd, &buf) == 0)
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
ftruncate(fd, buf.st_size);
- log("wtmp_write: problem writing %s: %s",
+ logit("wtmp_write: problem writing %s: %s",
WTMP_FILE, strerror(errno));
ret = 0;
}
case LTYPE_LOGOUT:
return wtmp_perform_logout(li);
default:
- log("wtmp_write_entry: invalid type field");
+ logit("wtmp_write_entry: invalid type field");
return 0;
}
}
li->tv_sec = li->tv_usec = 0;
if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
- log("wtmp_get_entry: problem opening %s: %s",
+ logit("wtmp_get_entry: problem opening %s: %s",
WTMP_FILE, strerror(errno));
return 0;
}
if (fstat(fd, &st) != 0) {
- log("wtmp_get_entry: couldn't stat %s: %s",
+ logit("wtmp_get_entry: couldn't stat %s: %s",
WTMP_FILE, strerror(errno));
close(fd);
return 0;
while (!found) {
if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
- log("wtmp_get_entry: read of %s failed: %s",
+ logit("wtmp_get_entry: read of %s failed: %s",
WTMP_FILE, strerror(errno));
close (fd);
return 0;
int fd, ret = 1;
if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
- log("wtmpx_write: problem opening %s: %s",
+ logit("wtmpx_write: problem opening %s: %s",
WTMPX_FILE, strerror(errno));
return 0;
}
if (fstat(fd, &buf) == 0)
if (atomicio(write, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
ftruncate(fd, buf.st_size);
- log("wtmpx_write: problem writing %s: %s",
+ logit("wtmpx_write: problem writing %s: %s",
WTMPX_FILE, strerror(errno));
ret = 0;
}
case LTYPE_LOGOUT:
return wtmpx_perform_logout(li);
default:
- log("wtmpx_write_entry: invalid type field");
+ logit("wtmpx_write_entry: invalid type field");
return 0;
}
}
li->tv_sec = li->tv_usec = 0;
if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
- log("wtmpx_get_entry: problem opening %s: %s",
+ logit("wtmpx_get_entry: problem opening %s: %s",
WTMPX_FILE, strerror(errno));
return 0;
}
if (fstat(fd, &st) != 0) {
- log("wtmpx_get_entry: couldn't stat %s: %s",
+ logit("wtmpx_get_entry: couldn't stat %s: %s",
WTMPX_FILE, strerror(errno));
close(fd);
return 0;
while (!found) {
if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
- log("wtmpx_get_entry: read of %s failed: %s",
+ logit("wtmpx_get_entry: read of %s failed: %s",
WTMPX_FILE, strerror(errno));
close (fd);
return 0;
struct utmp *ut;
if (! (ut = (struct utmp *)malloc(sizeof(*ut)))) {
- log("syslogin_perform_login: couldn't malloc()");
+ logit("syslogin_perform_login: couldn't malloc()");
return 0;
}
construct_utmp(li, ut);
(void)line_stripname(line, li->line, sizeof(line));
if (!logout(line)) {
- log("syslogin_perform_logout: logout() returned an error");
+ logit("syslogin_perform_logout: logout() returned an error");
# ifdef HAVE_LOGWTMP
} else {
logwtmp(line, "", "");
case LTYPE_LOGOUT:
return syslogin_perform_logout(li);
default:
- log("syslogin_write_entry: Invalid type field");
+ logit("syslogin_write_entry: Invalid type field");
return 0;
}
}
struct stat st;
if (stat(LASTLOG_FILE, &st) != 0) {
- log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
+ logit("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
strerror(errno));
return 0;
}
LASTLOG_FILE, li->username);
break;
default:
- log("lastlog_openseek: %.100s is not a file or directory!",
+ logit("lastlog_openseek: %.100s is not a file or directory!",
LASTLOG_FILE);
return 0;
}
offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
if ( lseek(*fd, offset, SEEK_SET) != offset ) {
- log("lastlog_openseek: %s->lseek(): %s",
+ logit("lastlog_openseek: %s->lseek(): %s",
lastlog_file, strerror(errno));
return 0;
}
/* write the entry */
if (atomicio(write, fd, &last, sizeof(last)) != sizeof(last)) {
close(fd);
- log("lastlog_write_filemode: Error writing to %s: %s",
+ logit("lastlog_write_filemode: Error writing to %s: %s",
LASTLOG_FILE, strerror(errno));
return 0;
}
case LTYPE_LOGIN:
return lastlog_perform_login(li);
default:
- log("lastlog_write_entry: Invalid type field");
+ logit("lastlog_write_entry: Invalid type field");
return 0;
}
}
fail++;
p = buffer_get_string(&b, NULL);
if (strcmp(authctxt->user, p) != 0) {
- log("wrong user name passed to monitor: expected %s != %.100s",
+ logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
fail++;
}
fail++;
p = buffer_get_string(&b, NULL);
if (strcmp(authctxt->user, p) != 0) {
- log("wrong user name passed to monitor: expected %s != %.100s",
+ logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
fail++;
}
c->self, c->sock, strerror(errno));
} else {
if (channel_close_fd(&c->wfd) < 0)
- log("channel %d: chan_shutdown_write: "
+ logit("channel %d: chan_shutdown_write: "
"close() failed for fd%d: %.100s",
c->self, c->wfd, strerror(errno));
}
strerror(errno));
} else {
if (channel_close_fd(&c->rfd) < 0)
- log("channel %d: chan_shutdown_read: "
+ logit("channel %d: chan_shutdown_read: "
"close() failed for fd%d: %.100s",
c->self, c->rfd, strerror(errno));
}
#endif
/* increment sequence number for outgoing packets */
if (++p_send.seqnr == 0)
- log("outgoing seqnr wraps around");
+ logit("outgoing seqnr wraps around");
if (++p_send.packets == 0)
if (!(datafellows & SSH_BUG_NOREKEY))
fatal("XXX too many packets with same key");
/* Read data from the socket. */
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
- log("Connection closed by %.200s", get_remote_ipaddr());
+ logit("Connection closed by %.200s", get_remote_ipaddr());
fatal_cleanup();
}
if (len < 0)
if (seqnr_p != NULL)
*seqnr_p = p_read.seqnr;
if (++p_read.seqnr == 0)
- log("incoming seqnr wraps around");
+ logit("incoming seqnr wraps around");
if (++p_read.packets == 0)
if (!(datafellows & SSH_BUG_NOREKEY))
fatal("XXX too many packets with same key");
case SSH2_MSG_DISCONNECT:
reason = packet_get_int();
msg = packet_get_string(NULL);
- log("Received disconnect from %s: %u: %.400s",
+ logit("Received disconnect from %s: %u: %.400s",
get_remote_ipaddr(), reason, msg);
xfree(msg);
fatal_cleanup();
break;
case SSH_MSG_DISCONNECT:
msg = packet_get_string(NULL);
- log("Received disconnect from %s: %.400s",
+ logit("Received disconnect from %s: %.400s",
get_remote_ipaddr(), msg);
fatal_cleanup();
xfree(msg);
va_end(args);
/* Display the error locally */
- log("Disconnecting: %.100s", buf);
+ logit("Disconnecting: %.100s", buf);
/* Send the disconnect message to the other side, and wait for it to get sent. */
if (compat20) {
static int called = 0;
if (called) {
- log("packet_set_maxsize: called twice: old %d new %d",
+ logit("packet_set_maxsize: called twice: old %d new %d",
max_packet_size, s);
return -1;
}
if (s < 4 * 1024 || s > 1024 * 1024) {
- log("packet_set_maxsize: bad size %d", s);
+ logit("packet_set_maxsize: bad size %d", s);
return -1;
}
called = 1;
do { \
int _len = packet_remaining(); \
if (_len > 0) { \
- log("Packet integrity error (%d bytes remaining) at %s:%d", \
+ logit("Packet integrity error (%d bytes remaining) at %s:%d", \
_len ,__FILE__, __LINE__); \
packet_disconnect("Packet integrity error."); \
} \
debug("sc_read_pubkey() with cert id %02X", cinfo->id.value[0]);
r = sc_pkcs15_read_certificate(p15card, cinfo, &cert);
if (r) {
- log("Certificate read failed: %s", sc_strerror(r));
+ logit("Certificate read failed: %s", sc_strerror(r));
goto err;
}
x509 = X509_new();
}
p = cert->data;
if (!d2i_X509(&x509, &p, cert->data_len)) {
- log("Unable to parse X.509 certificate");
+ logit("Unable to parse X.509 certificate");
r = -1;
goto err;
}
X509_free(x509);
x509 = NULL;
if (pubkey->type != EVP_PKEY_RSA) {
- log("Public key is of unknown type");
+ logit("Public key is of unknown type");
r = -1;
goto err;
}
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509,
certs, 32);
if (r == 0) {
- log("No certificates found on smartcard");
+ logit("No certificates found on smartcard");
r = -1;
goto err;
} else if (r < 0) {
}
if (!sectok_swOK(sw))
goto done;
- log("cyberflex_load_rsa_priv done");
+ logit("cyberflex_load_rsa_priv done");
key_fid[0] = 0x73;
key_fid[1] = 0x68;
if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
}
if (!sectok_swOK(sw))
goto done;
- log("cyberflex_load_rsa_pub done");
+ logit("cyberflex_load_rsa_pub done");
status = 0;
done:
goto parse_int;
case sDeprecated:
- log("%s line %d: Deprecated option %s",
+ logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
while (arg)
arg = strdelim(&cp);
* Any unknown messages in this phase are ignored,
* and a failure message is returned.
*/
- log("Unknown packet type received after authentication: %d", type);
+ logit("Unknown packet type received after authentication: %d", type);
}
packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
packet_send();
#endif
if (f) {
/* /etc/nologin exists. Print its contents and exit. */
- log("User %.100s not allowed because %s exists",
+ logit("User %.100s not allowed because %s exists",
pw->pw_name, _PATH_NOLOGIN);
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
int i;
packet_check_eom();
- log("subsystem request for %.100s", subsys);
+ logit("subsystem request for %.100s", subsys);
for (i = 0; i < options.num_subsystems; i++) {
if (strcmp(subsys, options.subsystem_name[i]) == 0) {
}
if (!success)
- log("subsystem request for %.100s failed, subsystem not found",
+ logit("subsystem request for %.100s failed, subsystem not found",
subsys);
xfree(subsys);
Session *s;
if ((s = session_by_channel(c->self)) == NULL) {
- log("session_input_channel_req: no session %d req %.100s",
+ logit("session_input_channel_req: no session %d req %.100s",
c->self, rtype);
return 0;
}
if (quiet)
debug("Server version does not support lstat operation");
else
- log("Server version does not support lstat operation");
+ logit("Server version does not support lstat operation");
return(do_stat(conn, path, quiet));
}
(u_int64_t)off, len);
if (len > sizeof buf) {
len = sizeof buf;
- log("read change len %d", len);
+ logit("read change len %d", len);
}
fd = handle_to_fd(handle);
if (fd >= 0) {
} else if (ret == len) {
status = SSH2_FX_OK;
} else {
- log("nothing at all written");
+ logit("nothing at all written");
}
}
}
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
if (len <= 0 || len > 32) {
- log("process_authentication_challenge: bad challenge length %d", len);
+ logit("process_authentication_challenge: bad challenge length %d", len);
goto failure;
}
memset(buf, 0, 32);
buffer_get_bignum(&e->request, key->rsa->n);
if (bits != key_size(key))
- log("Warning: identity keysize mismatch: actual %u, announced %u",
+ logit("Warning: identity keysize mismatch: actual %u, announced %u",
key_size(key), bits);
break;
case 2:
key_free(prv);
if (ret < 0)
exit(1);
- log("loading key done");
+ logit("loading key done");
exit(0);
}
/* Get user data. */
pw = getpwuid(original_real_uid);
if (!pw) {
- log("You don't exist, go away!");
+ logit("You don't exist, go away!");
exit(1);
}
/* Take a copy of the returned structure. */
/* Do not allocate a tty if stdin is not a tty. */
if (!isatty(fileno(stdin)) && !force_tty_flag) {
if (tty_flag)
- log("Pseudo-terminal will not be allocated because stdin is not a terminal.");
+ logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
tty_flag = 0;
}
if (!got_data) {
u_int32_t rand = 0;
- log("Warning: No xauth data; using fake authentication data for X11 forwarding.");
+ logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");
strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
for (i = 0; i < 16; i++) {
if (i % 4 == 0)
if (type == SSH_SMSG_SUCCESS)
packet_start_compression(options.compression_level);
else if (type == SSH_SMSG_FAILURE)
- log("Warning: Remote host refused compression.");
+ logit("Warning: Remote host refused compression.");
else
packet_disconnect("Protocol error waiting for compression response.");
}
interactive = 1;
have_tty = 1;
} else if (type == SSH_SMSG_FAILURE)
- log("Warning: Remote host failed or refused to allocate a pseudo tty.");
+ logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
else
packet_disconnect("Protocol error waiting for pty request response.");
}
if (type == SSH_SMSG_SUCCESS) {
interactive = 1;
} else if (type == SSH_SMSG_FAILURE) {
- log("Warning: Remote host denied X11 forwarding.");
+ logit("Warning: Remote host denied X11 forwarding.");
} else {
packet_disconnect("Protocol error waiting for X11 forwarding");
}
type = packet_read();
packet_check_eom();
if (type != SSH_SMSG_SUCCESS)
- log("Warning: Remote host denied authentication agent forwarding.");
+ logit("Warning: Remote host denied authentication agent forwarding.");
}
/* Initiate port forwardings. */
options.remote_forwards[i].host,
options.remote_forwards[i].host_port);
if (type == SSH2_MSG_REQUEST_FAILURE)
- log("Warning: remote port forwarding failed for listen port %d",
+ logit("Warning: remote port forwarding failed for listen port %d",
options.remote_forwards[i].port);
}
/* Return failure if we didn't get a successful connection. */
if (attempt >= connection_attempts) {
- log("ssh: connect to host %s port %s: %s",
+ logit("ssh: connect to host %s port %s: %s",
host, strport, strerror(errno));
return full_failure ? ECONNABORTED : ECONNREFUSED;
}
enable_compat13();
minor1 = 3;
if (options.forward_agent) {
- log("Agent forwarding disabled for protocol 1.3");
+ logit("Agent forwarding disabled for protocol 1.3");
options.forward_agent = 0;
}
}
debug("Found key in %s:%d", host_file, host_line);
if (options.check_host_ip && ip_status == HOST_NEW) {
if (readonly)
- log("%s host key for IP address "
+ logit("%s host key for IP address "
"'%.128s' not in list of known hosts.",
type, ip);
else if (!add_host_to_hostfile(user_hostfile, ip,
host_key))
- log("Failed to add the %s host key for IP "
+ logit("Failed to add the %s host key for IP "
"address '%.128s' to the list of known "
"hosts (%.30s).", type, ip, user_hostfile);
else
- log("Warning: Permanently added the %s host "
+ logit("Warning: Permanently added the %s host "
"key for IP address '%.128s' to the list "
"of known hosts.", type, ip);
}
* local known_hosts file.
*/
if (!add_host_to_hostfile(user_hostfile, hostp, host_key))
- log("Failed to add the host to the list of known "
+ logit("Failed to add the host to the list of known "
"hosts (%.500s).", user_hostfile);
else
- log("Warning: Permanently added '%.200s' (%s) to the "
+ logit("Warning: Permanently added '%.200s' (%s) to the "
"list of known hosts.", hostp, type);
break;
case HOST_CHANGED:
host_file, host_line);
}
if (options.strict_host_key_checking == 1) {
- log(msg);
+ logit(msg);
error("Exiting, you have requested strict checking.");
goto fail;
} else if (options.strict_host_key_checking == 2) {
if (!confirm(msg))
goto fail;
} else {
- log(msg);
+ logit(msg);
}
}
if ((ret = lookup_key_in_hostfile_by_type(file, host,
keytype, found, &line))) {
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
- log("WARNING: %s key found for host %s\n"
+ logit("WARNING: %s key found for host %s\n"
"in %s:%d\n"
"%s key fingerprint %s.",
key_type(found), host, file, line,
* although it advertised it supports this. Just
* return a wrong value.
*/
- log("Authentication agent failed to decrypt challenge.");
+ logit("Authentication agent failed to decrypt challenge.");
memset(response, 0, sizeof(response));
}
key_free(key);
if (i != 0)
error("Permission denied, please try again.");
if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! "
+ logit("WARNING: Encryption is disabled! "
"Response will be transmitted in clear text.");
response = read_passphrase(prompt, 0);
if (strcmp(response, "") == 0) {
debug("Doing password authentication.");
if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
+ logit("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
for (i = 0; i < options.number_of_password_prompts; i++) {
if (i != 0)
error("Permission denied, please try again.");
rbits = BN_num_bits(server_key->rsa->n);
if (bits != rbits) {
- log("Warning: Server lies about size of server public key: "
+ logit("Warning: Server lies about size of server public key: "
"actual size is %d bits vs. announced %d.", rbits, bits);
- log("Warning: This may be due to an old implementation of ssh.");
+ logit("Warning: This may be due to an old implementation of ssh.");
}
/* Get the host key. */
host_key = key_new(KEY_RSA1);
rbits = BN_num_bits(host_key->rsa->n);
if (bits != rbits) {
- log("Warning: Server lies about size of server host key: "
+ logit("Warning: Server lies about size of server host key: "
"actual size is %d bits vs. announced %d.", rbits, bits);
- log("Warning: This may be due to an old implementation of ssh.");
+ logit("Warning: This may be due to an old implementation of ssh.");
}
/* Get protocol flags. */
options.cipher = ssh_cipher_default;
} else if (options.cipher == SSH_CIPHER_ILLEGAL ||
!(cipher_mask_ssh1(1) & (1 << options.cipher))) {
- log("No valid SSH1 cipher, using %.100s instead.",
+ logit("No valid SSH1 cipher, using %.100s instead.",
cipher_name(ssh_cipher_default));
options.cipher = ssh_cipher_default;
}
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
options.kerberos_tgt_passing && context && auth_context) {
if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
+ logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
send_krb5_tgt(context, auth_context);
}
if (auth_context)
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
options.kerberos_tgt_passing) {
if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
+ logit("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
send_krb4_tgt();
}
/* Try AFS token passing if the server supports it. */
if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
options.afs_token_passing && k_hasafs()) {
if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
+ logit("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
send_afs_tokens();
}
#endif /* AFS */
xxx_hostaddr = hostaddr;
if (options.ciphers == (char *)-1) {
- log("No valid ciphers for protocol version 2 given, using defaults.");
+ logit("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
packet_check_eom();
if (partial != 0)
- log("Authenticated with partial success.");
+ logit("Authenticated with partial success.");
debug("Authentications that can continue: %s", authlist);
clear_auth_state(authctxt);
info = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(info) > 0)
- log("%s", info);
+ logit("%s", info);
xfree(info);
xfree(lang);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
xfree(password);
- log("Mismatch; try again, EOF to quit.");
+ logit("Mismatch; try again, EOF to quit.");
password = NULL;
}
memset(retype, 0, strlen(retype));
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(name) > 0)
- log("%s", name);
+ logit("%s", name);
if (strlen(inst) > 0)
- log("%s", inst);
+ logit("%s", inst);
xfree(name);
xfree(inst);
xfree(lang);
static void
sighup_restart(void)
{
- log("Received SIGHUP; restarting.");
+ logit("Received SIGHUP; restarting.");
close_listen_socks();
close_startup_pipes();
execv(saved_argv[0], saved_argv);
- log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+ logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
exit(1);
}
if (atomicio(write, sock_out, server_version_string,
strlen(server_version_string))
!= strlen(server_version_string)) {
- log("Could not write ident string to %s", get_remote_ipaddr());
+ logit("Could not write ident string to %s", get_remote_ipaddr());
fatal_cleanup();
}
memset(buf, 0, sizeof(buf));
for (i = 0; i < sizeof(buf) - 1; i++) {
if (atomicio(read, sock_in, &buf[i], 1) != 1) {
- log("Did not receive identification string from %s",
+ logit("Did not receive identification string from %s",
get_remote_ipaddr());
fatal_cleanup();
}
(void) atomicio(write, sock_out, s, strlen(s));
close(sock_in);
close(sock_out);
- log("Bad protocol version identification '%.100s' from %s",
+ logit("Bad protocol version identification '%.100s' from %s",
client_version_string, get_remote_ipaddr());
fatal_cleanup();
}
compat_datafellows(remote_version);
if (datafellows & SSH_BUG_PROBE) {
- log("probed from %s with %s. Don't panic.",
+ logit("probed from %s with %s. Don't panic.",
get_remote_ipaddr(), client_version_string);
fatal_cleanup();
}
if (datafellows & SSH_BUG_SCANNER) {
- log("scanned from %s with %s. Don't panic.",
+ logit("scanned from %s with %s. Don't panic.",
get_remote_ipaddr(), client_version_string);
fatal_cleanup();
}
(void) atomicio(write, sock_out, s, strlen(s));
close(sock_in);
close(sock_out);
- log("Protocol major versions differ for %s: %.200s vs. %.200s",
+ logit("Protocol major versions differ for %s: %.200s vs. %.200s",
get_remote_ipaddr(),
server_version_string, client_version_string);
fatal_cleanup();
key_type(key));
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
- log("Disabling protocol version 1. Could not load host key");
+ logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
- log("Disabling protocol version 2. Could not load host key");
+ logit("Disabling protocol version 2. Could not load host key");
options.protocol &= ~SSH_PROTO_2;
}
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
- log("sshd: no hostkeys available -- exiting.");
+ logit("sshd: no hostkeys available -- exiting.");
exit(1);
}
num_listen_socks++;
/* Start listening on the port. */
- log("Server listening on %s port %s.", ntop, strport);
+ logit("Server listening on %s port %s.", ntop, strport);
if (listen(listen_sock, 5) < 0)
fatal("listen: %.100s", strerror(errno));
if (ret < 0 && errno != EINTR)
error("select: %.100s", strerror(errno));
if (received_sigterm) {
- log("Received signal %d; terminating.",
+ logit("Received signal %d; terminating.",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
u_char *buf = xmalloc(bytes);
MD5_CTX md;
- log("do_connection: generating a fake encryption key");
+ logit("do_connection: generating a fake encryption key");
BN_bn2bin(session_key_int, buf);
MD5_Init(&md);
MD5_Update(&md, buf, bytes);
}
/* set tty modes to a sane state for broken clients */
if (tcgetattr(*ptyfd, &tio) < 0)
- log("Getting tty modes for pty failed: %.100s", strerror(errno));
+ logit("Getting tty modes for pty failed: %.100s", strerror(errno));
else {
tio.c_lflag |= (ECHO | ISIG | ICANON);
tio.c_oflag |= (OPOST | ONLCR);
/* Set the new modes for the terminal. */
if (tcsetattr(*ptyfd, TCSANOW, &tio) < 0)
- log("Setting tty modes for pty failed: %.100s", strerror(errno));
+ logit("Setting tty modes for pty failed: %.100s", strerror(errno));
}
return 1;
if (tiop == NULL) {
if (tcgetattr(fd, &tio) == -1) {
- log("tcgetattr: %.100s", strerror(errno));
+ logit("tcgetattr: %.100s", strerror(errno));
goto end;
}
} else
* modes, they will initially have reasonable values.
*/
if (tcgetattr(fd, &tio) == -1) {
- log("tcgetattr: %.100s", strerror(errno));
+ logit("tcgetattr: %.100s", strerror(errno));
failure = -1;
}
* left in the packet; hopefully there is nothing
* more coming after the mode data.
*/
- log("parse_tty_modes: unknown opcode %d", opcode);
+ logit("parse_tty_modes: unknown opcode %d", opcode);
goto set;
}
} else {
(void) packet_get_int();
break;
} else {
- log("parse_tty_modes: unknown opcode %d", opcode);
+ logit("parse_tty_modes: unknown opcode %d", opcode);
goto set;
}
}
set:
if (*n_bytes_ptr != n_bytes) {
*n_bytes_ptr = n_bytes;
- log("parse_tty_modes: n_bytes_ptr != n_bytes: %d %d",
+ logit("parse_tty_modes: n_bytes_ptr != n_bytes: %d %d",
*n_bytes_ptr, n_bytes);
return; /* Don't process bytes passed */
}
/* Set the new modes for the terminal. */
if (tcsetattr(fd, TCSANOW, &tio) == -1)
- log("Setting tty modes failed: %.100s", strerror(errno));
+ logit("Setting tty modes failed: %.100s", strerror(errno));
}
andersk / openssh.git / commitdiff
