diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
commit | 0acca3797d53d958d240c69a5f222f2aa8444858 (patch) | |
tree | 0a1e1208f2d9abed88716b9a12e091864e2f8d2d /auth-rsa.c | |
parent | 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0 (diff) |
- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 748eaae09..92f0ad75c 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-rsa.c,v 1.82 2013/05/17 00:13:13 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.83 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -164,7 +164,7 @@ static int | |||
164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, | 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, |
165 | const BIGNUM *client_n, Key **rkey) | 165 | const BIGNUM *client_n, Key **rkey) |
166 | { | 166 | { |
167 | char line[SSH_MAX_PUBKEY_BYTES]; | 167 | char *fp, line[SSH_MAX_PUBKEY_BYTES]; |
168 | int allowed = 0; | 168 | int allowed = 0; |
169 | u_int bits; | 169 | u_int bits; |
170 | FILE *f; | 170 | FILE *f; |
@@ -232,6 +232,11 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | |||
232 | "actual %d vs. announced %d.", | 232 | "actual %d vs. announced %d.", |
233 | file, linenum, BN_num_bits(key->rsa->n), bits); | 233 | file, linenum, BN_num_bits(key->rsa->n), bits); |
234 | 234 | ||
235 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
236 | debug("matching key found: file %s, line %lu %s %s", | ||
237 | file, linenum, key_type(key), fp); | ||
238 | free(fp); | ||
239 | |||
235 | /* Never accept a revoked key */ | 240 | /* Never accept a revoked key */ |
236 | if (auth_key_is_revoked(key)) | 241 | if (auth_key_is_revoked(key)) |
237 | break; | 242 | break; |
@@ -298,7 +303,6 @@ int | |||
298 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | 303 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
299 | { | 304 | { |
300 | Key *key; | 305 | Key *key; |
301 | char *fp; | ||
302 | struct passwd *pw = authctxt->pw; | 306 | struct passwd *pw = authctxt->pw; |
303 | 307 | ||
304 | /* no user given */ | 308 | /* no user given */ |
@@ -328,11 +332,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | |||
328 | * options; this will be reset if the options cause the | 332 | * options; this will be reset if the options cause the |
329 | * authentication to be rejected. | 333 | * authentication to be rejected. |
330 | */ | 334 | */ |
331 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 335 | pubkey_auth_info(authctxt, key); |
332 | verbose("Found matching %s key: %s", | ||
333 | key_type(key), fp); | ||
334 | free(fp); | ||
335 | key_free(key); | ||
336 | 336 | ||
337 | packet_send_debug("RSA authentication accepted."); | 337 | packet_send_debug("RSA authentication accepted."); |
338 | return (1); | 338 | return (1); |