1221 – Banner only suppressed at log level = QUIET (used to be at log level < INFO)

Bug 1221 - Banner only suppressed at log level = QUIET (used to be at log level < INFO)

Summary: Banner only suppressed at log level = QUIET (used to be at log level < INFO)

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	4.3p2
Hardware:	All All

Importance:	P2 minor
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_4_4
	Show dependency tree / graph

Reported:	2006-08-25 03:39 AEST by Dean Kopesky
Modified:	2006-09-28 19:26 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dean Kopesky 2006-08-25 03:39:40 AEST

I don't know whether this counts as a "bug" or a "feature", but I figured I'd report it....

Prior to version 3.8, the pre-authentication banner (e.g., /etc/issue) was suppressed at LogLevel=ERROR|FATAL|QUIET.  Since 3.8, it has only been suppressed at LogLevel=QUIET.  This change was a side-effect of the following mod:

   - dtucker@cvs.openbsd.org 2003/10/07 01:47:27
     [sshconnect2.c]
     Don't use logit for banner, since it truncates to MSGBUFSIZ;
     bz #668 & #707.  ok markus@

The relevant code is in sshconnect2.c:

input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
        char *msg, *lang;

        debug3("input_userauth_banner");
        msg = packet_get_string(NULL);
        lang = packet_get_string(NULL);
        if (options.log_level > SYSLOG_LEVEL_QUIET)
                fprintf(stderr, "%s", msg);
        xfree(msg);
        xfree(lang);
}

Was this change in the log level at which the banner prints intentional?

When ssh is used inside scripts, or forked inside programs, it is (or rather, was) very nice to be able to suppress the banner, but still get error messages.  However, we must now choose both or neither.

Comment 1 Darren Tucker 2006-08-29 00:02:07 AEST

There was no deliberate change in behaviour so if there is one it was unintentional.

That said, I can't see a difference here: "ssh -q" and "ssh -o loglevel=quiet" both behave the same now and with the diff reverted.  Could you please give an example?  (also what platform are you running on, in case it matters?)

Comment 2 Dean Kopesky 2006-08-29 23:58:36 AEST

-o LogLevel=QUIET works the same before and after the diff, yes.

The problem is that -o LogLevel=ERROR and -o LogLevel=FATAL suppressed the banner before the diff, but don't suppress the banner after.

This is because, before the diff, input_userauth_banner() printed the banner with logit(), which uses a log level of INFO internally; whereas after the diff, input_userauth_banner() hardcodes a check for LOG_LEVEL_QUIET.

We are running on various Sun Sparc machines, with Solaris 5.6, 5.8, and 5.10.  I can see the cause of the behavior in the source code, though, so I doubt the behavior is platform-specific.

Comment 3 Darren Tucker 2006-08-30 00:23:14 AEST

Ah, I see.  So if the test was "if (options.log_level >= LOG_LEVEL_INFO)" then it would have the previous behaviour?

Comment 4 Dean Kopesky 2006-08-30 00:40:23 AEST

I believe that is correct, yes.

Comment 5 Damien Miller 2006-08-30 11:11:30 AEST

Darren applied his patch, so it will be in the 4.4p1 release - thanks

Comment 6 Darren Tucker 2006-08-30 19:51:43 AEST

Oops, that should have been "blocks bug #1155" not "depends on bug #1155".

Comment 7 Darren Tucker 2006-09-28 19:26:31 AEST

With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .