diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
commit | 0acca3797d53d958d240c69a5f222f2aa8444858 (patch) | |
tree | 0a1e1208f2d9abed88716b9a12e091864e2f8d2d /auth.c | |
parent | 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0 (diff) |
- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 30 |
1 files changed, 26 insertions, 4 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.102 2013/05/17 00:13:13 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -72,6 +72,7 @@ | |||
72 | #include "authfile.h" | 72 | #include "authfile.h" |
73 | #include "monitor_wrap.h" | 73 | #include "monitor_wrap.h" |
74 | #include "krl.h" | 74 | #include "krl.h" |
75 | #include "compat.h" | ||
75 | 76 | ||
76 | /* import */ | 77 | /* import */ |
77 | extern ServerOptions options; | 78 | extern ServerOptions options; |
@@ -252,8 +253,25 @@ allowed_user(struct passwd * pw) | |||
252 | } | 253 | } |
253 | 254 | ||
254 | void | 255 | void |
256 | auth_info(Authctxt *authctxt, const char *fmt, ...) | ||
257 | { | ||
258 | va_list ap; | ||
259 | int i; | ||
260 | |||
261 | free(authctxt->info); | ||
262 | authctxt->info = NULL; | ||
263 | |||
264 | va_start(ap, fmt); | ||
265 | i = vasprintf(&authctxt->info, fmt, ap); | ||
266 | va_end(ap); | ||
267 | |||
268 | if (i < 0 || authctxt->info == NULL) | ||
269 | fatal("vasprintf failed"); | ||
270 | } | ||
271 | |||
272 | void | ||
255 | auth_log(Authctxt *authctxt, int authenticated, int partial, | 273 | auth_log(Authctxt *authctxt, int authenticated, int partial, |
256 | const char *method, const char *submethod, const char *info) | 274 | const char *method, const char *submethod) |
257 | { | 275 | { |
258 | void (*authlog) (const char *fmt,...) = verbose; | 276 | void (*authlog) (const char *fmt,...) = verbose; |
259 | char *authmsg; | 277 | char *authmsg; |
@@ -275,7 +293,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
275 | else | 293 | else |
276 | authmsg = authenticated ? "Accepted" : "Failed"; | 294 | authmsg = authenticated ? "Accepted" : "Failed"; |
277 | 295 | ||
278 | authlog("%s %s%s%s for %s%.100s from %.200s port %d%s", | 296 | authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", |
279 | authmsg, | 297 | authmsg, |
280 | method, | 298 | method, |
281 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, | 299 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, |
@@ -283,7 +301,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
283 | authctxt->user, | 301 | authctxt->user, |
284 | get_remote_ipaddr(), | 302 | get_remote_ipaddr(), |
285 | get_remote_port(), | 303 | get_remote_port(), |
286 | info); | 304 | compat20 ? "ssh2" : "ssh1", |
305 | authctxt->info != NULL ? ": " : "", | ||
306 | authctxt->info != NULL ? authctxt->info : ""); | ||
307 | free(authctxt->info); | ||
308 | authctxt->info = NULL; | ||
287 | 309 | ||
288 | #ifdef CUSTOM_FAILED_LOGIN | 310 | #ifdef CUSTOM_FAILED_LOGIN |
289 | if (authenticated == 0 && !authctxt->postponed && | 311 | if (authenticated == 0 && !authctxt->postponed && |