- Merged more OpenBSD CVS changes:

   - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
     + krb-cleanup cleanup
   - [clientloop.c log-client.c log-server.c ]
     [readconf.c readconf.h servconf.c servconf.h ]
     [ssh.1 ssh.c ssh.h sshd.8]
     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
     obsoletes QuietMode and FascistLogging in sshd.

1 files changed, 38 insertions, 28 deletions

diff --git a/sshd.c b/sshd.c
index a1f9449e..75ea61ea 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.12 1999/11/08 05:15:55 damien Exp $");
+RCSID("$Id: sshd.c,v 1.13 1999/11/11 06:57:40 damien Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -43,12 +43,8 @@ int deny_severity = LOG_WARNING;
 #define O_NOCTTY	0
 #endif
 
-#ifdef KRB4
-char *ticket = NULL;
-#endif /* KRB4 */
-
 /* Local Xauthority file. */
-char *xauthfile = NULL;
+static char *xauthfile = NULL;
 
 /* Server configuration options. */
 ServerOptions options;
@@ -65,6 +61,9 @@ int debug_flag = 0;
 /* Flag indicating that the daemon is being started from inetd. */
 int inetd_flag = 0;
 
+/* debug goes to stderr unless inetd_flag is set */
+int log_stderr = 0;
+
 /* argv[0] without path. */
 char *av0;
 
@@ -400,6 +399,7 @@ main(int ac, char **av)
 	  break;
 	case 'd':
 	  debug_flag = 1;
+	  options.log_level = SYSLOG_LEVEL_DEBUG;
 	  break;
 	case 'i':
 	  inetd_flag = 1;
@@ -408,7 +408,7 @@ main(int ac, char **av)
           silentrsa = 1;
 	  break;
 	case 'q':
-	  options.quiet_mode = 1;
+	  options.log_level = SYSLOG_LEVEL_QUIET;
 	  break;
 	case 'b':
 	  options.server_key_bits = atoi(optarg);
@@ -479,9 +479,11 @@ main(int ac, char **av)
     }
 
   /* Initialize the log (it is reinitialized below in case we forked). */
-  log_init(av0, debug_flag && !inetd_flag, 
-	   debug_flag || options.fascist_logging, 
-	   options.quiet_mode, options.log_facility);
+
+  if (debug_flag && !inetd_flag)
+    log_stderr = 1;
+
+  log_init(av0, options.log_level, options.log_facility, log_stderr);
 
   debug("sshd version %.100s", SSH_VERSION);
 
@@ -496,7 +498,8 @@ main(int ac, char **av)
       else
 	{
 	  int err = errno;
-	  log_init(av0, !inetd_flag, 1, 0, options.log_facility);
+ 	  /* force logging */
+          log_init(av0, SYSLOG_LEVEL_DEBUG, options.log_facility, log_stderr);
 	  error("Could not load host key: %.200s: %.100s", 
 		options.host_key_file, strerror(err));
 	}
@@ -526,9 +529,7 @@ main(int ac, char **av)
     }
 
   /* Reinitialize the log (because of the fork above). */
-  log_init(av0, debug_flag && !inetd_flag, 
-	   debug_flag || options.fascist_logging, 
-	   options.quiet_mode, options.log_facility);
+  log_init(av0, options.log_level, options.log_facility, log_stderr);
 
   /* Check that server and host key lengths differ sufficiently.  This is
      necessary to make double encryption work with rsaref.  Oh, I hate
@@ -696,9 +697,7 @@ main(int ac, char **av)
 		  close(listen_sock);
 		  sock_in = newsock;
 		  sock_out = newsock;
-		  log_init(av0, debug_flag && !inetd_flag, 
-			   options.fascist_logging || debug_flag, 
-			   options.quiet_mode, options.log_facility);
+                  log_init(av0, options.log_level, options.log_facility, log_stderr);
 		  break;
 		}
 	    }
@@ -1605,6 +1604,19 @@ void eat_packets_and_disconnect(const char *user)
   abort();
 }
 
+/* Remove local Xauthority file. */
+static void
+xauthfile_cleanup_proc(void *ignore)
+{
+  debug("xauthfile_cleanup_proc called");
+
+  if (xauthfile != NULL) {
+    unlink(xauthfile);
+    xfree(xauthfile);
+    xauthfile = NULL;
+  }
+}
+
 /* Prepares for an interactive session.  This is called after the user has
    been successfully authenticated.  During this message exchange, pseudo
    terminals are allocated, X11, TCP/IP, and authentication agent forwardings
@@ -1760,6 +1772,7 @@ void do_authenticated(struct passwd *pw)
 	  if ((xauthfd = mkstemp(xauthfile)) != -1) {
 	    fchown(xauthfd, pw->pw_uid, pw->pw_gid);
 	    close(xauthfd);
+            fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
 	  }
 	  else {
 	    xfree(xauthfile);
@@ -1905,8 +1918,7 @@ void do_exec_no_pty(const char *command, struct passwd *pw,
   if ((pid = fork()) == 0)
     {
       /* Child.  Reinitialize the log since the pid has changed. */
-      log_init(av0, debug_flag && !inetd_flag, debug_flag, 
-	       options.quiet_mode, options.log_facility);
+      log_init(av0, options.log_level, options.log_facility, log_stderr);
 
       /* Create a new session and process group since the 4.4BSD setlogin()
 	 affects the entire process group. */
@@ -1988,11 +2000,6 @@ void pty_cleanup_proc(void *context)
 
   debug("pty_cleanup_proc called");
 
-#if defined(KRB4)
-  /* Destroy user's ticket cache file. */
-  (void) dest_tkt();
-#endif /* KRB4 */
-  
   /* Record that the user has logged out. */
   record_logout(cu->pid, cu->ttyname);
 
@@ -2040,8 +2047,7 @@ void do_exec_pty(const char *command, int ptyfd, int ttyfd,
       pid = getpid();
 
       /* Child.  Reinitialize the log because the pid has changed. */
-      log_init(av0, debug_flag && !inetd_flag, debug_flag, options.quiet_mode, 
-	       options.log_facility);
+      log_init(av0, options.log_level, options.log_facility, log_stderr);
 
       /* Close the master side of the pseudo tty. */
       close(ptyfd);
@@ -2395,8 +2401,12 @@ void do_child(const char *command, struct passwd *pw, const char *term,
     child_set_env(&env, &envsize, "DISPLAY", display);
 
 #ifdef KRB4
-  if (ticket)
-    child_set_env(&env, &envsize, "KRBTKFILE", ticket);
+  {
+	 extern char *ticket;
+	 
+	 if (ticket)
+		child_set_env(&env, &envsize, "KRBTKFILE", ticket);
+  }
 #endif /* KRB4 */
 
 #ifdef HAVE_LIBPAM