tlshd: Split the debug command-line option

chucklever · chucklever · commit a2e78a1a494f · 2022-04-28T16:52:13.000-04:00
Set the debugging level with one option and control where debug
messages go with a different one. This should prevent two copies of
each audit message appearing in the kernel log when debugging is
enabled.

Signed-off-by: Chuck Lever &lt;chuck.lever@oracle.com&gt;
diff --git a/src/tlshd/log.c b/src/tlshd/log.c
@@ -38,6 +38,7 @@
 
 int tlshd_debug;
 int tlshd_library_debug;
+int tlshd_stderr;
 
 /**
  * tlshd_log_success - Emit "handshake successful" notification
@@ -207,7 +208,7 @@ void tlshd_log_init(const char *progname)
 	int option;
 
 	option = LOG_NDELAY;
-	if (tlshd_debug)
+	if (tlshd_stderr)
 		option |= LOG_PERROR;
 	openlog(progname, option, LOG_AUTH);
 
diff --git a/src/tlshd/main.c b/src/tlshd/main.c
@@ -53,6 +53,7 @@ static const struct option longopts[] = {
 	{ "help",	no_argument,		NULL,	'h' },
 	{ "libdebug",	required_argument,	NULL,	'l' },
 	{ "noverify",	no_argument,		NULL,	'n' },
+	{ "stderr",	no_argument,		NULL,	's' },
 	{ "version",	no_argument,		NULL,	'v' },
 	{ NULL,		0,			NULL,	 0 }
 };
@@ -171,6 +172,9 @@ int main(int argc, char **argv)
 		case 'n':
 			tlshd_verify_server = 0;
 			break;
+		case 's':
+			tlshd_stderr = 1;
+			break;
 		case 'v':
 			fprintf(stderr, "%s, built from " PACKAGE_STRING
 				" on " __DATE__ " " __TIME__ "\n",
diff --git a/src/tlshd/tlshd.h b/src/tlshd/tlshd.h
@@ -21,6 +21,7 @@
 extern int tlshd_debug;
 extern int tlshd_library_debug;
 extern int tlshd_verify_server;
+extern int tlshd_stderr;
 
 /* handshake.c */
 extern void tlshd_client_handshake(gnutls_session_t session);
diff --git a/src/tlshd/tlshd.man b/src/tlshd/tlshd.man
@@ -39,10 +39,8 @@ the use of kTLS to secure subsequent communication on that socket.
 .SH OPTIONS
 .TP
 .B \-d " or " \-\-debug
-When specified this option forces audit messages to both
-.I stderr
-and the system log.
-By default, audit messages go only the system log.
+When specified this option enables verbose debugging.
+By default, operation is quiet.
 .TP
 .B \-h " or " \-\-help
 When specified tlshd displays a help message then exits immediately.
@@ -61,6 +59,12 @@ verifies server credentials during anonymous handshakes.
 .IP
 Do not use this option on secure systems.
 .TP
+.B \-s " or " \-\-stderr
+When specified this option forces messages to go to both
+.I stderr
+and the system log.
+By default, messages go only to the system log.
+.TP
 .B \-v " or " \-\-version
 When specified tlshd displays build version information then exits immediately.
 .SH ENVIRONMENT VARIABLES
