From 657d9143d121dfff74f5a63f734d0096c7f37194 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Thu, 15 Sep 2022 20:48:19 +0200 Subject: [PATCH] SSH_LOG_DEBUG: Recategorize loglevels Loglevel INFO is the default openssh configuration setting which does not print redundant information. On a system using openssh with loglevels set by the terms of openssh will cause unwanted log lines in the output. recategorized based on - SSH_LOG_DEBUG are informational debug logs (no error) Signed-off-by: Norbert Pocs Reviewed-by: Jakub Jelen Reviewed-by: Andreas Schneider --- src/agent.c | 6 +++--- src/auth.c | 14 +++++++------- src/bind.c | 2 +- src/bind_config.c | 4 ++-- src/channels.c | 26 +++++++++++++------------- src/client.c | 6 +++--- src/config.c | 6 +++--- src/curve25519.c | 6 +++--- src/dh-gex.c | 16 ++++++++-------- src/dh.c | 2 +- src/ecdh.c | 2 +- src/ecdh_crypto.c | 4 ++-- src/ecdh_gcrypt.c | 4 ++-- src/ecdh_mbedcrypto.c | 4 ++-- src/gssapi.c | 36 ++++++++++++++++++------------------ src/kex.c | 4 ++-- src/libcrypto.c | 10 +++++----- src/libgcrypt.c | 2 +- src/libmbedcrypto.c | 8 ++++---- src/messages.c | 16 ++++++++-------- src/misc.c | 8 ++++---- src/packet.c | 4 ++-- src/packet_cb.c | 6 +++--- src/pki.c | 4 ++-- src/pki_container_openssh.c | 6 +++--- src/scp.c | 8 ++++---- src/server.c | 11 +++++------ src/sftp.c | 14 +++++++------- src/socket.c | 6 +++--- 29 files changed, 122 insertions(+), 123 deletions(-) diff --git a/src/agent.c b/src/agent.c index 8ada57fb..3c162b52 100644 --- a/src/agent.c +++ b/src/agent.c @@ -306,12 +306,12 @@ static int agent_talk(struct ssh_session_struct *session, payload = ssh_buffer_allocate(reply, len); if (payload == NULL) { - SSH_LOG(SSH_LOG_WARN, "Not enough space"); + SSH_LOG(SSH_LOG_DEBUG, "Not enough space"); return -1; } if (atomicio(session->agent, payload, len, 1) != len) { - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_DEBUG, "Error reading response from authentication socket."); /* Rollback the unused space */ ssh_buffer_pass_bytes_end(reply, len); @@ -587,7 +587,7 @@ ssh_string ssh_agent_sign_data(ssh_session session, #endif if (agent_failed(type)) { - SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key"); + SSH_LOG(SSH_LOG_DEBUG, "Agent reports failure in signing the key"); SSH_BUFFER_FREE(reply); return NULL; } else if (type != SSH2_AGENT_SIGN_RESPONSE) { diff --git a/src/auth.c b/src/auth.c index b991bf99..027b9bfd 100644 --- a/src/auth.c +++ b/src/auth.c @@ -240,7 +240,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure) { if (partial) { session->auth.state = SSH_AUTH_STATE_PARTIAL; - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "Partial success for '%s'. Authentication that can continue: %s", current_method, auth_methods); @@ -250,7 +250,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure) { "Access denied for '%s'. Authentication that can continue: %s", current_method, auth_methods); - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "%s", ssh_get_error(session)); @@ -1061,7 +1061,7 @@ int ssh_userauth_agent(ssh_session session, session->agent_state = NULL; goto done; } else if (rc != SSH_AUTH_SUCCESS) { - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "Server accepted public key but refused the signature"); ssh_key_free(state->pubkey); state->pubkey = ssh_agent_get_next_ident(session, &state->comment); @@ -1345,7 +1345,7 @@ int ssh_userauth_publickey_auto(ssh_session session, /* If the file doesn't exist, continue */ ssh_key_free(state->pubkey); state->pubkey = NULL; - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "Private key %s doesn't exist.", privkey_file); state->it = state->it->next; @@ -1360,7 +1360,7 @@ int ssh_userauth_publickey_auto(ssh_session session, ssh_key_free(state->pubkey); SAFE_FREE(session->auth.auto_state); if (rc == SSH_AUTH_SUCCESS) { - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "Successfully authenticated using %s", privkey_file); } @@ -1373,7 +1373,7 @@ int ssh_userauth_publickey_auto(ssh_session session, ssh_key_free(state->privkey); ssh_key_free(state->pubkey); - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_DEBUG, "The server accepted the public key but refused the signature"); state->it = state->it->next; state->state = SSH_AUTH_AUTO_STATE_PUBKEY; @@ -2123,7 +2123,7 @@ int ssh_userauth_gssapi(ssh_session session) } else if (rc == SSH_ERROR) { return SSH_AUTH_ERROR; } - SSH_LOG(SSH_LOG_PROTOCOL, "Authenticating with gssapi-with-mic"); + SSH_LOG(SSH_LOG_DEBUG, "Authenticating with gssapi-with-mic"); session->auth.current_method = SSH_AUTH_METHOD_GSSAPI_MIC; session->auth.state = SSH_AUTH_STATE_NONE; diff --git a/src/bind.c b/src/bind.c index 77acbb66..d947cd78 100644 --- a/src/bind.c +++ b/src/bind.c @@ -297,7 +297,7 @@ int ssh_bind_listen(ssh_bind sshbind) { sshbind->bindfd = fd; } else { - SSH_LOG(SSH_LOG_INFO, "Using app-provided bind socket"); + SSH_LOG(SSH_LOG_DEBUG, "Using app-provided bind socket"); } return 0; } diff --git a/src/bind_config.c b/src/bind_config.c index a2f2efe4..a4c7a8d7 100644 --- a/src/bind_config.c +++ b/src/bind_config.c @@ -546,7 +546,7 @@ ssh_bind_config_parse_line(ssh_bind bind, return -1; } args++; - SSH_LOG(SSH_LOG_WARN, + SSH_LOG(SSH_LOG_DEBUG, "line %d: Unsupported Match keyword '%s', ignoring\n", count, p2); @@ -595,7 +595,7 @@ ssh_bind_config_parse_line(ssh_bind bind, } break; case BIND_CFG_NOT_ALLOWED_IN_MATCH: - SSH_LOG(SSH_LOG_WARN, "Option not allowed in Match block: %s, line: %d", + SSH_LOG(SSH_LOG_DEBUG, "Option not allowed in Match block: %s, line: %d", keyword, count); break; case BIND_CFG_UNKNOWN: diff --git a/src/channels.c b/src/channels.c index 73a6ffe4..440707d6 100644 --- a/src/channels.c +++ b/src/channels.c @@ -192,7 +192,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){ if (rc != SSH_OK) goto error; - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Received a CHANNEL_OPEN_CONFIRMATION for channel %d:%d", channel->local_channel, channel->remote_channel); @@ -205,7 +205,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Remote window : %"PRIu32", maxpacket : %"PRIu32, (uint32_t) channel->remote_window, (uint32_t) channel->remote_maxpacket); @@ -327,7 +327,7 @@ channel_open(ssh_channel channel, channel->local_maxpacket = maxpacket; channel->local_window = window; - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Creating a channel %d with %d window and %d max packet", channel->local_channel, window, maxpacket); @@ -417,7 +417,7 @@ static int grow_window(ssh_session session, int rc; if (new_window <= channel->local_window) { - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "growing window (channel %d:%d) to %d bytes : not needed (%d bytes)", channel->local_channel, channel->remote_channel, new_window, channel->local_window); @@ -441,7 +441,7 @@ static int grow_window(ssh_session session, goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "growing window (channel %d:%d) to %d bytes", channel->local_channel, channel->remote_channel, @@ -512,7 +512,7 @@ SSH_PACKET_CALLBACK(channel_rcv_change_window) { return SSH_PACKET_USED; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Adding %d bytes to channel (%d:%d) (from %d bytes)", bytes, channel->local_channel, @@ -831,7 +831,7 @@ SSH_PACKET_CALLBACK(channel_rcv_request) { } if(strcmp(request,"keepalive@openssh.com")==0){ SAFE_FREE(request); - SSH_LOG(SSH_LOG_PROTOCOL,"Responding to Openssh's keepalive"); + SSH_LOG(SSH_LOG_DEBUG,"Responding to Openssh's keepalive"); rc = ssh_buffer_pack(session->out_buffer, "bd", @@ -849,7 +849,7 @@ SSH_PACKET_CALLBACK(channel_rcv_request) { int status; SAFE_FREE(request); - SSH_LOG(SSH_LOG_PROTOCOL, "Received an auth-agent-req request"); + SSH_LOG(SSH_LOG_DEBUG, "Received an auth-agent-req request"); status = SSH2_MSG_CHANNEL_FAILURE; ssh_callbacks_iterate(channel->callbacks, @@ -884,7 +884,7 @@ SSH_PACKET_CALLBACK(channel_rcv_request) { */ ssh_message_handle_channel_request(session,channel,packet,request,want_reply); #else - SSH_LOG(SSH_LOG_WARNING, "Unhandled channel request %s", request); + SSH_LOG(SSH_LOG_DEBUG, "Unhandled channel request %s", request); #endif SAFE_FREE(request); @@ -1490,14 +1490,14 @@ static int channel_write_common(ssh_channel channel, } while (len > 0) { if (channel->remote_window < len) { - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Remote window is %d bytes. going to write %d bytes", channel->remote_window, len); /* What happens when the channel window is zero? */ if(channel->remote_window == 0) { /* nothing can be written */ - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Wait for a growing window message..."); rc = ssh_handle_packets_termination(session, SSH_TIMEOUT_DEFAULT, ssh_channel_waitwindow_termination,channel); @@ -1822,7 +1822,7 @@ pending: rc=SSH_ERROR; break; case SSH_CHANNEL_REQ_STATE_ACCEPTED: - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Channel request %s success",request); rc=SSH_OK; break; @@ -2396,7 +2396,7 @@ pending: } switch(session->global_req_state){ case SSH_CHANNEL_REQ_STATE_ACCEPTED: - SSH_LOG(SSH_LOG_PROTOCOL, "Global request %s success",request); + SSH_LOG(SSH_LOG_DEBUG, "Global request %s success",request); rc=SSH_OK; break; case SSH_CHANNEL_REQ_STATE_DENIED: diff --git a/src/client.c b/src/client.c index d80d9e5c..7cb64941 100644 --- a/src/client.c +++ b/src/client.c @@ -405,7 +405,7 @@ static void ssh_client_connection_callback(ssh_session session) goto error; } set_status(session, 0.4f); - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "SSH server banner: %s", session->serverbanner); /* Here we analyze the different protocols the server allows. */ @@ -565,7 +565,7 @@ int ssh_connect(ssh_session session) return SSH_ERROR; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "libssh %s, using threading %s", ssh_copyright(), ssh_threads_get_type()); @@ -600,7 +600,7 @@ int ssh_connect(ssh_session session) set_status(session, 0.2f); session->alive = 1; - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Socket connecting, now waiting for the callbacks to work"); pending: diff --git a/src/config.c b/src/config.c index 6e762eef..d7c6dfcb 100644 --- a/src/config.c +++ b/src/config.c @@ -668,7 +668,7 @@ ssh_config_parse_line(ssh_session session, break; } args++; - SSH_LOG(SSH_LOG_TRACE, "line %d: Processing Match keyword '%s'", + SSH_LOG(SSH_LOG_DEBUG, "line %d: Processing Match keyword '%s'", count, p); /* If the option is prefixed with ! the result should be negated */ @@ -700,7 +700,7 @@ ssh_config_parse_line(ssh_session session, case MATCH_FINAL: case MATCH_CANONICAL: - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "line %d: Unsupported Match keyword '%s', skipping", count, p); @@ -718,7 +718,7 @@ ssh_config_parse_line(ssh_session session, return -1; } if (result != 1) { - SSH_LOG(SSH_LOG_INFO, "line %d: Skipped match exec " + SSH_LOG(SSH_LOG_DEBUG, "line %d: Skipped match exec " "'%s' as previous conditions already failed.", count, p2); continue; diff --git a/src/curve25519.c b/src/curve25519.c index 6a930faf..89206903 100644 --- a/src/curve25519.c +++ b/src/curve25519.c @@ -339,7 +339,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; return SSH_PACKET_USED; @@ -491,7 +491,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_ECDH_REPLY sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_ECDH_REPLY sent"); rc = ssh_packet_send(session); if (rc == SSH_ERROR) { return SSH_ERROR; @@ -508,7 +508,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){ if (rc == SSH_ERROR) { goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); return SSH_PACKET_USED; error: diff --git a/src/dh-gex.c b/src/dh-gex.c index d0d2890b..6f9cd3f1 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -116,7 +116,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group) (void) type; (void) user; - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_DH_GEX_GROUP received"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_DH_GEX_GROUP received"); if (bignum_ctx_invalid(ctx)) { goto error; @@ -256,7 +256,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) bignum server_pubkey = NULL; (void)type; (void)user; - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_DH_GEX_REPLY received"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_DH_GEX_REPLY received"); ssh_packet_remove_callbacks(session, &ssh_dhgex_client_callbacks); rc = ssh_buffer_unpack(packet, @@ -300,7 +300,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) if (rc == SSH_ERROR) { goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; return SSH_PACKET_USED; @@ -435,7 +435,7 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli, if (rc == EOF) { break; } - SSH_LOG(SSH_LOG_INFO, "Invalid moduli entry line %zu", line); + SSH_LOG(SSH_LOG_DEBUG, "Invalid moduli entry line %zu", line); do { firstbyte = getc(moduli); } while(firstbyte != '\n' && firstbyte != EOF); @@ -473,13 +473,13 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli, } } if (*best_size != 0) { - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "Selected %zu bits modulus out of %zu candidates in %zu lines", *best_size, best_nlines - 1, line); } else { - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_DEBUG, "No moduli found for [%u:%u:%u]", pmin, pn, @@ -526,7 +526,7 @@ static int ssh_retrieve_dhgroup(char *moduli_file, if (moduli == NULL) { char err_msg[SSH_ERRNO_MSG_MAX] = {0}; - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_DEBUG, "Unable to open moduli file: %s", ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX)); return ssh_fallback_group(pmax, p, g); @@ -621,7 +621,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request) ssh_set_error_invalid(session); goto error; } - SSH_LOG(SSH_LOG_INFO, "dh-gex: DHGEX_REQUEST[%u:%u:%u]", pmin, pn, pmax); + SSH_LOG(SSH_LOG_DEBUG, "dh-gex: DHGEX_REQUEST[%u:%u:%u]", pmin, pn, pmax); if (pmin > pn || pn > pmax || pn > DH_PMAX || pmax < DH_PMIN) { ssh_set_error(session, diff --git a/src/dh.c b/src/dh.c index 1251eb64..cf63fec9 100644 --- a/src/dh.c +++ b/src/dh.c @@ -400,7 +400,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; return SSH_PACKET_USED; error: diff --git a/src/ecdh.c b/src/ecdh.c index a4c07ccb..b57789d4 100644 --- a/src/ecdh.c +++ b/src/ecdh.c @@ -97,7 +97,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_ecdh_reply){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; return SSH_PACKET_USED; diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c index 51084b7a..e3ed8eb1 100644 --- a/src/ecdh_crypto.c +++ b/src/ecdh_crypto.c @@ -613,7 +613,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEXDH_REPLY sent"); rc = ssh_packet_send(session); if (rc == SSH_ERROR) { goto error; @@ -630,7 +630,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ if (rc == SSH_ERROR){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); return SSH_PACKET_USED; error: diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c index d9c41bf9..ca643467 100644 --- a/src/ecdh_gcrypt.c +++ b/src/ecdh_gcrypt.c @@ -366,7 +366,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ goto out; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEXDH_REPLY sent"); rc = ssh_packet_send(session); if (rc != SSH_OK) { goto out; @@ -381,7 +381,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; rc = ssh_packet_send(session); - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); out: gcry_sexp_release(param); diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c index cfe017a0..1c930fb5 100644 --- a/src/ecdh_mbedcrypto.c +++ b/src/ecdh_mbedcrypto.c @@ -311,7 +311,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ goto out; } - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEXDH_REPLY sent"); rc = ssh_packet_send(session); if (rc != SSH_OK) { rc = SSH_ERROR; @@ -326,7 +326,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; rc = ssh_packet_send(session); - SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); out: mbedtls_ecp_group_free(&grp); diff --git a/src/gssapi.c b/src/gssapi.c index f60f8d72..3fcbc1fe 100644 --- a/src/gssapi.c +++ b/src/gssapi.c @@ -224,8 +224,8 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user, maj_stat = gss_indicate_mechs(&min_stat, &supported); if (maj_stat != GSS_S_COMPLETE) { - SSH_LOG(SSH_LOG_WARNING, "indicate mecks %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_DEBUG, "indicate mecks %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(SSH_LOG_DEBUG, "indicate mechs", maj_stat, min_stat); @@ -259,7 +259,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user, } gss_release_oid_set(&min_stat, &supported); if (oid_count == 0){ - SSH_LOG(SSH_LOG_PROTOCOL,"GSSAPI: no OID match"); + SSH_LOG(SSH_LOG_DEBUG,"GSSAPI: no OID match"); ssh_auth_reply_default(session, 0); gss_release_oid_set(&min_stat, &both_supported); return SSH_OK; @@ -273,8 +273,8 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user, maj_stat = gss_import_name(&min_stat, &name_buf, (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name); if (maj_stat != GSS_S_COMPLETE) { - SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_DEBUG, "importing name %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(SSH_LOG_DEBUG, "importing name", maj_stat, min_stat); @@ -297,7 +297,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user, return SSH_ERROR; } - SSH_LOG(SSH_LOG_PROTOCOL, "acquiring credentials %d, %d", maj_stat, min_stat); + SSH_LOG(SSH_LOG_DEBUG, "acquiring credentials %d, %d", maj_stat, min_stat); /* finding which OID from client we selected */ for (i=0 ; i< n_oid ; ++i){ @@ -339,7 +339,7 @@ static char *ssh_gssapi_name_to_char(gss_name_t name) OM_uint32 maj_stat, min_stat; char *ptr; maj_stat = gss_display_name(&min_stat, name, &buffer, NULL); - ssh_gssapi_log_error(SSH_LOG_WARNING, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "converting name", maj_stat, min_stat); @@ -414,7 +414,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds, &input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags, NULL /*time*/, &session->gssapi->client_creds); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "accepting token", maj_stat, min_stat); @@ -424,7 +424,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){ session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name); } if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(SSH_LOG_WARNING, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "Gssapi error", maj_stat, min_stat); @@ -531,7 +531,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic) mic_token_buf.value = ssh_string_data(mic_token); maj_stat = gss_verify_mic(&min_stat, session->gssapi->ctx, &mic_buf, &mic_token_buf, NULL); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "verifying MIC", maj_stat, min_stat); @@ -750,8 +750,8 @@ int ssh_gssapi_auth_mic(ssh_session session) (gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &session->gssapi->client.server_name); if (maj_stat != GSS_S_COMPLETE) { - SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat); - ssh_gssapi_log_error(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_DEBUG, "importing name %d, %d", maj_stat, min_stat); + ssh_gssapi_log_error(SSH_LOG_DEBUG, "importing name", maj_stat, min_stat); @@ -765,7 +765,7 @@ int ssh_gssapi_auth_mic(ssh_session session) return SSH_AUTH_ERROR; } - SSH_LOG(SSH_LOG_PROTOCOL, "Authenticating with gssapi to host %s with user %s", + SSH_LOG(SSH_LOG_DEBUG, "Authenticating with gssapi to host %s with user %s", session->opts.host, session->gssapi->user); rc = ssh_gssapi_match(session, &selected); if (rc == SSH_ERROR) { @@ -773,7 +773,7 @@ int ssh_gssapi_auth_mic(ssh_session session) } n_oids = selected->count; - SSH_LOG(SSH_LOG_PROTOCOL, "Sending %zu oids", n_oids); + SSH_LOG(SSH_LOG_DEBUG, "Sending %zu oids", n_oids); oids = calloc(n_oids, sizeof(ssh_string)); if (oids == NULL) { @@ -886,7 +886,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){ 0, NULL, &input_token, NULL, &output_token, NULL, NULL); if(GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(SSH_LOG_WARNING, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "Initializing gssapi context", maj_stat, min_stat); @@ -935,7 +935,7 @@ static int ssh_gssapi_send_mic(ssh_session session) &mic_buf, &mic_token_buf); if (GSS_ERROR(maj_stat)){ SSH_BUFFER_FREE(mic_buffer); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "generating MIC", maj_stat, min_stat); @@ -992,13 +992,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){ 0, NULL, &input_token, NULL, &output_token, NULL, NULL); - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "accepting token", maj_stat, min_stat); SSH_STRING_FREE(token); if (GSS_ERROR(maj_stat)){ - ssh_gssapi_log_error(SSH_LOG_PROTOCOL, + ssh_gssapi_log_error(SSH_LOG_DEBUG, "Gssapi error", maj_stat, min_stat); diff --git a/src/kex.c b/src/kex.c index 52d9c2ee..64083997 100644 --- a/src/kex.c +++ b/src/kex.c @@ -356,7 +356,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit) (void)user; if (session->session_state == SSH_SESSION_STATE_AUTHENTICATED) { - SSH_LOG(SSH_LOG_INFO, "Initiating key re-exchange"); + SSH_LOG(SSH_LOG_DEBUG, "Initiating key re-exchange"); } else if (session->session_state != SSH_SESSION_STATE_INITIAL_KEX) { ssh_set_error(session,SSH_FATAL,"SSH_KEXINIT received in wrong state"); goto error; @@ -824,7 +824,7 @@ int ssh_kex_select_methods (ssh_session session) } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256") == 0){ session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256; } - SSH_LOG(SSH_LOG_INFO, "Negotiated %s,%s,%s,%s,%s,%s,%s,%s,%s,%s", + SSH_LOG(SSH_LOG_DEBUG, "Negotiated %s,%s,%s,%s,%s,%s,%s,%s,%s,%s", session->next_crypto->kex_methods[SSH_KEX], session->next_crypto->kex_methods[SSH_HOSTKEYS], session->next_crypto->kex_methods[SSH_CRYPT_C_S], diff --git a/src/libcrypto.c b/src/libcrypto.c index d2fe2289..7fb3ba4d 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -109,7 +109,7 @@ ENGINE *pki_get_engine(void) ERR_error_string(ERR_get_error(), NULL)); return NULL; } - SSH_LOG(SSH_LOG_INFO, "Engine loaded successfully"); + SSH_LOG(SSH_LOG_DEBUG, "Engine loaded successfully"); ok = ENGINE_init(engine); if (!ok) { @@ -120,7 +120,7 @@ ENGINE *pki_get_engine(void) return NULL; } - SSH_LOG(SSH_LOG_INFO, "Engine init success"); + SSH_LOG(SSH_LOG_DEBUG, "Engine init success"); } return engine; } @@ -532,7 +532,7 @@ static void evp_cipher_encrypt(struct ssh_cipher_struct *cipher, return; } if (outlen != (int)len){ - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_DEBUG, "EVP_EncryptUpdate: output size %d for %zu in", outlen, len); @@ -558,7 +558,7 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher, return; } if (outlen != (int)len){ - SSH_LOG(SSH_LOG_WARNING, + SSH_LOG(SSH_LOG_DEBUG, "EVP_DecryptUpdate: output size %d for %zu in", outlen, len); @@ -1377,7 +1377,7 @@ int ssh_crypto_init(void) return SSH_OK; } if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER){ - SSH_LOG(SSH_LOG_WARNING, "libssh compiled with %s " + SSH_LOG(SSH_LOG_DEBUG, "libssh compiled with %s " "headers, currently running with %s.", OPENSSL_VERSION_TEXT, OpenSSL_version(OpenSSL_version_num()) diff --git a/src/libgcrypt.c b/src/libgcrypt.c index a450e78a..0b6ccc39 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -433,7 +433,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher, (unsigned char *)complete_packet + aadlen + encrypted_size, authlen); if (gpg_err_code(err) == GPG_ERR_CHECKSUM) { - SSH_LOG(SSH_LOG_WARNING, "The authentication tag does not match"); + SSH_LOG(SSH_LOG_DEBUG, "The authentication tag does not match"); return SSH_ERROR; } else if (err != GPG_ERR_NO_ERROR) { SSH_LOG(SSH_LOG_TRACE, "General error while decryption: %s", diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c index e3baecca..4f4d21c3 100644 --- a/src/libmbedcrypto.c +++ b/src/libmbedcrypto.c @@ -429,7 +429,7 @@ static void cipher_encrypt(struct ssh_cipher_struct *cipher, } if (total_len != len) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu", + SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu", outlen, len); return; } @@ -448,7 +448,7 @@ static void cipher_encrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void } if (outlen != len) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu", + SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu", outlen, len); return; } @@ -487,7 +487,7 @@ static void cipher_decrypt(struct ssh_cipher_struct *cipher, total_len += outlen; if (total_len != len) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu", + SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu", outlen, len); return; } @@ -532,7 +532,7 @@ static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void } if (outlen != len) { - SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu", + SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu", outlen, len); return; } diff --git a/src/messages.c b/src/messages.c index d1d06490..80f77638 100644 --- a/src/messages.c +++ b/src/messages.c @@ -1055,7 +1055,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ } if (session->kbdint == NULL) { - SSH_LOG(SSH_LOG_PROTOCOL, "Warning: Got a keyboard-interactive " + SSH_LOG(SSH_LOG_DEBUG, "Warning: Got a keyboard-interactive " "response but it seems we didn't send the request."); session->kbdint = ssh_kbdint_new(); @@ -1089,7 +1089,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){ if(nanswers != session->kbdint->nprompts) { /* warn but let the application handle this case */ - SSH_LOG(SSH_LOG_PROTOCOL, "Warning: Number of prompts and answers" + SSH_LOG(SSH_LOG_DEBUG, "Warning: Number of prompts and answers" " mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers); } session->kbdint->nanswers = nanswers; @@ -1504,7 +1504,7 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ (void)type; (void)packet; - SSH_LOG(SSH_LOG_PROTOCOL,"Received SSH_MSG_GLOBAL_REQUEST packet"); + SSH_LOG(SSH_LOG_DEBUG,"Received SSH_MSG_GLOBAL_REQUEST packet"); r = ssh_buffer_unpack(packet, "sb", &request, &want_reply); @@ -1536,12 +1536,12 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ msg->global_request.type = SSH_GLOBAL_REQUEST_TCPIP_FORWARD; msg->global_request.want_reply = want_reply; - SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, want_reply, + SSH_LOG(SSH_LOG_DEBUG, "Received SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, want_reply, msg->global_request.bind_address, msg->global_request.bind_port); if(ssh_callbacks_exists(session->common.callbacks, global_request_function)) { - SSH_LOG(SSH_LOG_PROTOCOL, "Calling callback for SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, + SSH_LOG(SSH_LOG_DEBUG, "Calling callback for SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, want_reply, msg->global_request.bind_address, msg->global_request.bind_port); session->common.callbacks->global_request_function(session, msg, session->common.callbacks->userdata); @@ -1566,7 +1566,7 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ msg->global_request.type = SSH_GLOBAL_REQUEST_CANCEL_TCPIP_FORWARD; msg->global_request.want_reply = want_reply; - SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, want_reply, + SSH_LOG(SSH_LOG_DEBUG, "Received SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, want_reply, msg->global_request.bind_address, msg->global_request.bind_port); @@ -1580,14 +1580,14 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){ } else if(strcmp(request, "keepalive@openssh.com") == 0) { msg->global_request.type = SSH_GLOBAL_REQUEST_KEEPALIVE; msg->global_request.want_reply = want_reply; - SSH_LOG(SSH_LOG_PROTOCOL, "Received keepalive@openssh.com %d", want_reply); + SSH_LOG(SSH_LOG_DEBUG, "Received keepalive@openssh.com %d", want_reply); if(ssh_callbacks_exists(session->common.callbacks, global_request_function)) { session->common.callbacks->global_request_function(session, msg, session->common.callbacks->userdata); } else { ssh_message_global_request_reply_success(msg, 0); } } else { - SSH_LOG(SSH_LOG_PROTOCOL, "UNKNOWN SSH_MSG_GLOBAL_REQUEST %s, " + SSH_LOG(SSH_LOG_DEBUG, "UNKNOWN SSH_MSG_GLOBAL_REQUEST %s, " "want_reply = %d", request, want_reply); goto reply_with_failure; } diff --git a/src/misc.c b/src/misc.c index 7f37c869..e02e6da4 100644 --- a/src/misc.c +++ b/src/misc.c @@ -634,7 +634,7 @@ void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len) return; error: - SSH_LOG(SSH_LOG_WARN, "Could not print to buffer"); + SSH_LOG(SSH_LOG_DEBUG, "Could not print to buffer"); return; } @@ -1330,7 +1330,7 @@ int ssh_analyze_banner(ssh_session session, int server) return -1; } - SSH_LOG(SSH_LOG_PROTOCOL, "Analyzing banner: %s", banner); + SSH_LOG(SSH_LOG_DEBUG, "Analyzing banner: %s", banner); switch (banner[4]) { case '2': @@ -1384,7 +1384,7 @@ int ssh_analyze_banner(ssh_session session, int server) session->openssh = SSH_VERSION_INT(((int) major), ((int) minor), 0); - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "We are talking to an OpenSSH %s version: %lu.%lu (%x)", server ? "client" : "server", major, minor, session->openssh); @@ -1488,7 +1488,7 @@ int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout) * -2 means user-defined timeout as available in * session->timeout, session->timeout_usec. */ - SSH_LOG(SSH_LOG_WARN, "ssh_timeout_elapsed called with -2. this needs to " + SSH_LOG(SSH_LOG_DEBUG, "ssh_timeout_elapsed called with -2. this needs to " "be fixed. please set a breakpoint on misc.c:%d and " "fix the caller\n", __LINE__); return 0; diff --git a/src/packet.c b/src/packet.c index ab0e1a4c..f9d37dea 100644 --- a/src/packet.c +++ b/src/packet.c @@ -1867,7 +1867,7 @@ ssh_init_rekey_state(struct ssh_session_struct *session, session->opts.rekey_data / cipher->blocksize); } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Set rekey after %" PRIu64 " blocks", cipher->max_blocks); } @@ -1969,7 +1969,7 @@ ssh_packet_set_newkeys(ssh_session session, ssh_init_rekey_state(session, in_cipher); if (session->opts.rekey_time != 0) { ssh_timestamp_init(&session->last_rekey_time); - SSH_LOG(SSH_LOG_PROTOCOL, "Set rekey after %" PRIu32 " seconds", + SSH_LOG(SSH_LOG_DEBUG, "Set rekey after %" PRIu32 " seconds", session->opts.rekey_time/1000); } diff --git a/src/packet_cb.c b/src/packet_cb.c index 39575b17..98d21b12 100644 --- a/src/packet_cb.c +++ b/src/packet_cb.c @@ -87,7 +87,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ignore_callback){ (void)user; (void)type; (void)packet; - SSH_LOG(SSH_LOG_PROTOCOL,"Received %s packet",type==SSH2_MSG_IGNORE ? "SSH_MSG_IGNORE" : "SSH_MSG_DEBUG"); + SSH_LOG(SSH_LOG_DEBUG,"Received %s packet",type==SSH2_MSG_IGNORE ? "SSH_MSG_IGNORE" : "SSH_MSG_DEBUG"); /* TODO: handle a graceful disconnect */ return SSH_PACKET_USED; } @@ -99,7 +99,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){ (void)packet; (void)user; (void)type; - SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_NEWKEYS"); + SSH_LOG(SSH_LOG_DEBUG, "Received SSH_MSG_NEWKEYS"); if (session->session_state != SSH_SESSION_STATE_DH || session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) { @@ -158,7 +158,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){ if (rc == SSH_ERROR) { goto error; } - SSH_LOG(SSH_LOG_PROTOCOL,"Signature verified and valid"); + SSH_LOG(SSH_LOG_DEBUG,"Signature verified and valid"); /* When receiving this packet, we switch on the incomming crypto. */ rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN); diff --git a/src/pki.c b/src/pki.c index 1754b4d2..1463b43a 100644 --- a/src/pki.c +++ b/src/pki.c @@ -697,7 +697,7 @@ int ssh_key_cmp(const ssh_key k1, } if (k1->type != k2->type) { - SSH_LOG(SSH_LOG_WARN, "key types don't match!"); + SSH_LOG(SSH_LOG_DEBUG, "key types don't match!"); return 1; } @@ -830,7 +830,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key, return SSH_ERROR; } - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "Trying to decode privkey passphrase=%s", passphrase ? "true" : "false"); diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c index d78800fd..fc51c43c 100644 --- a/src/pki_container_openssh.c +++ b/src/pki_container_openssh.c @@ -298,7 +298,7 @@ ssh_pki_openssh_import(const char *text_key, SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (bad magic)"); goto out; } - SSH_LOG(SSH_LOG_INFO, + SSH_LOG(SSH_LOG_DEBUG, "Opening OpenSSH private key: ciphername: %s, kdf: %s, nkeys: %d", ciphername, kdfname, @@ -478,7 +478,7 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, return SSH_ERROR; } - SSH_LOG(SSH_LOG_WARN, "Encryption: %d key, %d IV, %d rounds, %zu bytes salt", + SSH_LOG(SSH_LOG_DEBUG, "Encryption: %d key, %d IV, %d rounds, %zu bytes salt", cipher.keysize/8, cipher.blocksize, rounds, ssh_string_len(salt)); @@ -559,7 +559,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, return NULL; } if (passphrase != NULL || auth_fn != NULL){ - SSH_LOG(SSH_LOG_INFO, "Enabling encryption for private key export"); + SSH_LOG(SSH_LOG_DEBUG, "Enabling encryption for private key export"); to_encrypt = 1; } buffer = ssh_buffer_new(); diff --git a/src/scp.c b/src/scp.c index ef5aa139..04eb4f1b 100644 --- a/src/scp.c +++ b/src/scp.c @@ -146,7 +146,7 @@ int ssh_scp_init(ssh_scp scp) return SSH_ERROR; } - SSH_LOG(SSH_LOG_PROTOCOL, "Initializing scp session %s %son location '%s'", + SSH_LOG(SSH_LOG_DEBUG, "Initializing scp session %s %son location '%s'", scp->mode == SSH_SCP_WRITE?"write":"read", scp->recursive ? "recursive " : "", scp->location); @@ -376,7 +376,7 @@ int ssh_scp_push_directory(ssh_scp scp, const char *dirname, int mode) goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "SCP pushing directory %s with permissions '%s'", vis_encoded, perms); @@ -517,7 +517,7 @@ int ssh_scp_push_file64(ssh_scp scp, const char *filename, uint64_t size, goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "SCP pushing file %s, size %" PRIu64 " with permissions '%s'", vis_encoded, size, perms); @@ -825,7 +825,7 @@ int ssh_scp_pull_request(ssh_scp scp) *p = '\0'; } - SSH_LOG(SSH_LOG_PROTOCOL, "Received SCP request: '%s'", buffer); + SSH_LOG(SSH_LOG_DEBUG, "Received SCP request: '%s'", buffer); switch(buffer[0]) { case 'C': /* File */ diff --git a/src/server.c b/src/server.c index 7e2fbfc1..684e2610 100644 --- a/src/server.c +++ b/src/server.c @@ -348,7 +348,7 @@ static void ssh_server_connection_callback(ssh_session session){ goto error; } set_status(session, 0.4f); - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "SSH client banner: %s", session->clientbanner); /* Here we analyze the different protocols the server allows. */ @@ -928,9 +928,8 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name, /* fill in the kbdint structure */ if (msg->session->kbdint == NULL) { - SSH_LOG(SSH_LOG_PROTOCOL, "Warning: Got a " - "keyboard-interactive response but it " - "seems we didn't send the request."); + SSH_LOG(SSH_LOG_DEBUG, "Warning: Got a keyboard-interactive response " + "but it seems we didn't send the request."); msg->session->kbdint = ssh_kbdint_new(); if (msg->session->kbdint == NULL) { @@ -1025,13 +1024,13 @@ int ssh_auth_reply_success(ssh_session session, int partial) crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT); if (crypto != NULL && crypto->delayed_compress_out) { - SSH_LOG(SSH_LOG_PROTOCOL, "Enabling delayed compression OUT"); + SSH_LOG(SSH_LOG_DEBUG, "Enabling delayed compression OUT"); crypto->do_compress_out = 1; } crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN); if (crypto != NULL && crypto->delayed_compress_in) { - SSH_LOG(SSH_LOG_PROTOCOL, "Enabling delayed compression IN"); + SSH_LOG(SSH_LOG_DEBUG, "Enabling delayed compression IN"); crypto->do_compress_in = 1; } return r; diff --git a/src/sftp.c b/src/sftp.c index e01012a8..9906e5aa 100644 --- a/src/sftp.c +++ b/src/sftp.c @@ -317,7 +317,7 @@ int sftp_server_init(sftp_session sftp){ } SSH_BUFFER_FREE(reply); - SSH_LOG(SSH_LOG_PROTOCOL, "Server version sent"); + SSH_LOG(SSH_LOG_DEBUG, "Server version sent"); if (version > LIBSFTP_VERSION) { sftp->version = LIBSFTP_VERSION; @@ -701,7 +701,7 @@ int sftp_init(sftp_session sftp) { sftp_set_error(sftp, SSH_FX_FAILURE); return -1; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "SFTP server version %d", version); rc = ssh_buffer_unpack(packet->payload, "s", &ext_name); @@ -714,7 +714,7 @@ int sftp_init(sftp_session sftp) { break; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "SFTP server extension: %s, version: %s", ext_name, ext_data); @@ -1347,7 +1347,7 @@ static sftp_attributes sftp_parse_attr_3(sftp_session sftp, ssh_buffer buf, if (rc != SSH_OK){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, "Name: %s", attr->name); + SSH_LOG(SSH_LOG_DEBUG, "Name: %s", attr->name); /* Set owner and group if we talk to openssh and have the longname */ if (ssh_get_openssh_version(sftp->session)) { @@ -1367,7 +1367,7 @@ static sftp_attributes sftp_parse_attr_3(sftp_session sftp, ssh_buffer buf, if (rc != SSH_OK){ goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Flags: %.8"PRIx32"\n", (uint32_t) attr->flags); if (attr->flags & SSH_FILEXFER_ATTR_SIZE) { @@ -1375,7 +1375,7 @@ static sftp_attributes sftp_parse_attr_3(sftp_session sftp, ssh_buffer buf, if(rc != SSH_OK) { goto error; } - SSH_LOG(SSH_LOG_PROTOCOL, + SSH_LOG(SSH_LOG_DEBUG, "Size: %"PRIu64"\n", (uint64_t) attr->size); } @@ -1638,7 +1638,7 @@ sftp_attributes sftp_readdir(sftp_session sftp, sftp_dir dir) return NULL; } - SSH_LOG(SSH_LOG_PROTOCOL, "Count is %d", dir->count); + SSH_LOG(SSH_LOG_DEBUG, "Count is %d", dir->count); attr = sftp_parse_attr(sftp, dir->buffer, 1); if (attr == NULL) { diff --git a/src/socket.c b/src/socket.c index 16c84e0e..35838e86 100644 --- a/src/socket.c +++ b/src/socket.c @@ -868,7 +868,7 @@ int ssh_socket_connect(ssh_socket s, return SSH_ERROR; } fd = ssh_connect_host_nonblocking(s->session, host, bind_addr, port); - SSH_LOG(SSH_LOG_PROTOCOL, "Nonblocking connection socket: %d", fd); + SSH_LOG(SSH_LOG_DEBUG, "Nonblocking connection socket: %d", fd); if (fd == SSH_INVALID_SOCKET) { return SSH_ERROR; } @@ -955,7 +955,7 @@ ssh_socket_connect_proxycommand(ssh_socket s, const char *command) return SSH_ERROR; } - SSH_LOG(SSH_LOG_PROTOCOL, "Executing proxycommand '%s'", command); + SSH_LOG(SSH_LOG_DEBUG, "Executing proxycommand '%s'", command); pid = fork(); if (pid == 0) { ssh_execute_command(command, pair[0], pair[0]); @@ -963,7 +963,7 @@ ssh_socket_connect_proxycommand(ssh_socket s, const char *command) } s->proxy_pid = pid; close(pair[0]); - SSH_LOG(SSH_LOG_PROTOCOL, "ProxyCommand connection pipe: [%d,%d]",pair[0],pair[1]); + SSH_LOG(SSH_LOG_DEBUG, "ProxyCommand connection pipe: [%d,%d]",pair[0],pair[1]); ssh_socket_set_fd(s, pair[1]); s->state=SSH_SOCKET_CONNECTED; s->fd_is_socket=0;