diff options
| author | Simon Tatham <anakin@pobox.com> | 2006-08-29 23:07:11 +0400 |
|---|---|---|
| committer | Simon Tatham <anakin@pobox.com> | 2006-08-29 23:07:11 +0400 |
| commit | 8b11c26c579d0c8aa92ec077941da3008e5a6638 (patch) | |
| tree | 34a7b09a88d8884fd91e936a1676dc81c1a1844c /logging.c | |
| parent | bb6482c35dca92a801046abe2dc2b665ee236e36 (diff) | |
New logging mode, which records the exact bytes sent over the wire
in an SSH connection _in addition_ to the decrypted packets. This
will hopefully come in useful for debugging wire data corruption
issues: you can strace the server, enable this mode in the client,
and compare the sent and received data.
I'd _like_ to have this mode also log Diffie-Hellman private
exponents, session IDs, encryption and MAC keys, so that the
resulting log file could be used to independently verify the
correctness of all cryptographic operations performed by PuTTY.
However, I haven't been able to convince myself that the security
implications are acceptable. (It doesn't matter that this
information would permit an attacker to decrypt the session, because
the _already_ decrypted session is stored alongside it in the log
file. And I'm not planning, under any circumstances, to log users'
private keys. But gaining access to the log file while the session
was still running would permit an attacker to _hijack_ the session,
and that's the iffy bit.)
[originally from svn r6835]
Diffstat (limited to 'logging.c')
| -rw-r--r-- | logging.c | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -106,6 +106,7 @@ static void logfopen_callback(void *handle, int mode) (ctx->cfg.logtype == LGTYP_ASCII ? "ASCII" : ctx->cfg.logtype == LGTYP_DEBUG ? "raw" : ctx->cfg.logtype == LGTYP_PACKETS ? "SSH packets" : + ctx->cfg.logtype == LGTYP_SSHRAW ? "SSH raw data" : "unknown"), filename_to_str(&ctx->currlogfilename)); logevent(ctx->frontend, event); @@ -203,9 +204,11 @@ void log_eventlog(void *handle, const char *event) fprintf(stderr, "%s\n", event); fflush(stderr); } - if (ctx->cfg.logtype != LGTYP_PACKETS) + if (ctx->cfg.logtype != LGTYP_PACKETS && + ctx->cfg.logtype != LGTYP_SSHRAW) return; logprintf(ctx, "Event Log: %s\r\n", event); + logflush(ctx); } /* @@ -222,13 +225,18 @@ void log_packet(void *handle, int direction, int type, int p = 0, b = 0, omitted = 0; int output_pos = 0; /* NZ if pending output in dumpdata */ - if (ctx->cfg.logtype != LGTYP_PACKETS) + if (!(ctx->cfg.logtype == LGTYP_SSHRAW || + (ctx->cfg.logtype == LGTYP_PACKETS && texttype))) return; /* Packet header. */ - logprintf(ctx, "%s packet type %d / 0x%02x (%s)\r\n", - direction == PKT_INCOMING ? "Incoming" : "Outgoing", - type, type, texttype); + if (texttype) + logprintf(ctx, "%s packet type %d / 0x%02x (%s)\r\n", + direction == PKT_INCOMING ? "Incoming" : "Outgoing", + type, type, texttype); + else + logprintf(ctx, "%s raw data\r\n", + direction == PKT_INCOMING ? "Incoming" : "Outgoing"); /* * Output a hex/ASCII dump of the packet body, blanking/omitting |