diff options
| author | Damien Miller <djm@mindrot.org> | 2012-12-03 09:53:20 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2012-12-03 09:53:20 +1100 |
| commit | 15b05cfa17592da7470d7bd4b2de063188697471 (patch) | |
| tree | 50686085795dc25237f6aabe4c2a5963f38a6e06 /auth.c | |
| parent | aa5b3f831417bac9538d2b6f21d55fef278e8926 (diff) | |
- djm@cvs.openbsd.org 2012/12/02 20:34:10
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
[monitor.c monitor.h]
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 12 |
1 files changed, 8 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth.c,v 1.97 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.98 2012/12/02 20:34:09 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -251,7 +251,8 @@ allowed_user(struct passwd * pw) | |||
| 251 | } | 251 | } |
| 252 | 252 | ||
| 253 | void | 253 | void |
| 254 | auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | 254 | auth_log(Authctxt *authctxt, int authenticated, int partial, |
| 255 | const char *method, const char *submethod, const char *info) | ||
| 255 | { | 256 | { |
| 256 | void (*authlog) (const char *fmt,...) = verbose; | 257 | void (*authlog) (const char *fmt,...) = verbose; |
| 257 | char *authmsg; | 258 | char *authmsg; |
| @@ -268,12 +269,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
| 268 | 269 | ||
| 269 | if (authctxt->postponed) | 270 | if (authctxt->postponed) |
| 270 | authmsg = "Postponed"; | 271 | authmsg = "Postponed"; |
| 272 | else if (partial) | ||
| 273 | authmsg = "Partial"; | ||
| 271 | else | 274 | else |
| 272 | authmsg = authenticated ? "Accepted" : "Failed"; | 275 | authmsg = authenticated ? "Accepted" : "Failed"; |
| 273 | 276 | ||
| 274 | authlog("%s %s for %s%.100s from %.200s port %d%s", | 277 | authlog("%s %s%s%s for %s%.100s from %.200s port %d%s", |
| 275 | authmsg, | 278 | authmsg, |
| 276 | method, | 279 | method, |
| 280 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, | ||
| 277 | authctxt->valid ? "" : "invalid user ", | 281 | authctxt->valid ? "" : "invalid user ", |
| 278 | authctxt->user, | 282 | authctxt->user, |
| 279 | get_remote_ipaddr(), | 283 | get_remote_ipaddr(), |
| @@ -303,7 +307,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
| 303 | * Check whether root logins are disallowed. | 307 | * Check whether root logins are disallowed. |
| 304 | */ | 308 | */ |
| 305 | int | 309 | int |
| 306 | auth_root_allowed(char *method) | 310 | auth_root_allowed(const char *method) |
| 307 | { | 311 | { |
| 308 | switch (options.permit_root_login) { | 312 | switch (options.permit_root_login) { |
| 309 | case PERMIT_YES: | 313 | case PERMIT_YES: |