diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
| commit | 0acca3797d53d958d240c69a5f222f2aa8444858 (patch) | |
| tree | 0a1e1208f2d9abed88716b9a12e091864e2f8d2d /auth1.c | |
| parent | 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0 (diff) | |
- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
Diffstat (limited to 'auth1.c')
| -rw-r--r-- | auth1.c | 35 |
1 files changed, 16 insertions, 19 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth1.c,v 1.78 2013/05/17 00:13:13 djm Exp $ */ | 1 | /* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -45,11 +45,11 @@ | |||
| 45 | extern ServerOptions options; | 45 | extern ServerOptions options; |
| 46 | extern Buffer loginmsg; | 46 | extern Buffer loginmsg; |
| 47 | 47 | ||
| 48 | static int auth1_process_password(Authctxt *, char *, size_t); | 48 | static int auth1_process_password(Authctxt *); |
| 49 | static int auth1_process_rsa(Authctxt *, char *, size_t); | 49 | static int auth1_process_rsa(Authctxt *); |
| 50 | static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t); | 50 | static int auth1_process_rhosts_rsa(Authctxt *); |
| 51 | static int auth1_process_tis_challenge(Authctxt *, char *, size_t); | 51 | static int auth1_process_tis_challenge(Authctxt *); |
| 52 | static int auth1_process_tis_response(Authctxt *, char *, size_t); | 52 | static int auth1_process_tis_response(Authctxt *); |
| 53 | 53 | ||
| 54 | static char *client_user = NULL; /* Used to fill in remote user for PAM */ | 54 | static char *client_user = NULL; /* Used to fill in remote user for PAM */ |
| 55 | 55 | ||
| @@ -57,7 +57,7 @@ struct AuthMethod1 { | |||
| 57 | int type; | 57 | int type; |
| 58 | char *name; | 58 | char *name; |
| 59 | int *enabled; | 59 | int *enabled; |
| 60 | int (*method)(Authctxt *, char *, size_t); | 60 | + int (*method)(Authctxt *); |
| 61 | }; | 61 | }; |
| 62 | 62 | ||
| 63 | const struct AuthMethod1 auth1_methods[] = { | 63 | const struct AuthMethod1 auth1_methods[] = { |
| @@ -112,7 +112,7 @@ get_authname(int type) | |||
| 112 | 112 | ||
| 113 | /*ARGSUSED*/ | 113 | /*ARGSUSED*/ |
| 114 | static int | 114 | static int |
| 115 | auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) | 115 | auth1_process_password(Authctxt *authctxt) |
| 116 | { | 116 | { |
| 117 | int authenticated = 0; | 117 | int authenticated = 0; |
| 118 | char *password; | 118 | char *password; |
| @@ -137,7 +137,7 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) | |||
| 137 | 137 | ||
| 138 | /*ARGSUSED*/ | 138 | /*ARGSUSED*/ |
| 139 | static int | 139 | static int |
| 140 | auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) | 140 | auth1_process_rsa(Authctxt *authctxt) |
| 141 | { | 141 | { |
| 142 | int authenticated = 0; | 142 | int authenticated = 0; |
| 143 | BIGNUM *n; | 143 | BIGNUM *n; |
| @@ -155,7 +155,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) | |||
| 155 | 155 | ||
| 156 | /*ARGSUSED*/ | 156 | /*ARGSUSED*/ |
| 157 | static int | 157 | static int |
| 158 | auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) | 158 | auth1_process_rhosts_rsa(Authctxt *authctxt) |
| 159 | { | 159 | { |
| 160 | int keybits, authenticated = 0; | 160 | int keybits, authenticated = 0; |
| 161 | u_int bits; | 161 | u_int bits; |
| @@ -187,14 +187,14 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) | |||
| 187 | client_host_key); | 187 | client_host_key); |
| 188 | key_free(client_host_key); | 188 | key_free(client_host_key); |
| 189 | 189 | ||
| 190 | snprintf(info, infolen, " ruser %.100s", client_user); | 190 | auth_info(authctxt, "ruser %.100s", client_user); |
| 191 | 191 | ||
| 192 | return (authenticated); | 192 | return (authenticated); |
| 193 | } | 193 | } |
| 194 | 194 | ||
| 195 | /*ARGSUSED*/ | 195 | /*ARGSUSED*/ |
| 196 | static int | 196 | static int |
| 197 | auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | 197 | auth1_process_tis_challenge(Authctxt *authctxt) |
| 198 | { | 198 | { |
| 199 | char *challenge; | 199 | char *challenge; |
| 200 | 200 | ||
| @@ -213,7 +213,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | |||
| 213 | 213 | ||
| 214 | /*ARGSUSED*/ | 214 | /*ARGSUSED*/ |
| 215 | static int | 215 | static int |
| 216 | auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) | 216 | auth1_process_tis_response(Authctxt *authctxt) |
| 217 | { | 217 | { |
| 218 | int authenticated = 0; | 218 | int authenticated = 0; |
| 219 | char *response; | 219 | char *response; |
| @@ -236,7 +236,6 @@ static void | |||
| 236 | do_authloop(Authctxt *authctxt) | 236 | do_authloop(Authctxt *authctxt) |
| 237 | { | 237 | { |
| 238 | int authenticated = 0; | 238 | int authenticated = 0; |
| 239 | char info[1024]; | ||
| 240 | int prev = 0, type = 0; | 239 | int prev = 0, type = 0; |
| 241 | const struct AuthMethod1 *meth; | 240 | const struct AuthMethod1 *meth; |
| 242 | 241 | ||
| @@ -254,7 +253,7 @@ do_authloop(Authctxt *authctxt) | |||
| 254 | #endif | 253 | #endif |
| 255 | { | 254 | { |
| 256 | auth_log(authctxt, 1, 0, "without authentication", | 255 | auth_log(authctxt, 1, 0, "without authentication", |
| 257 | NULL, ""); | 256 | NULL); |
| 258 | return; | 257 | return; |
| 259 | } | 258 | } |
| 260 | } | 259 | } |
| @@ -268,7 +267,6 @@ do_authloop(Authctxt *authctxt) | |||
| 268 | /* default to fail */ | 267 | /* default to fail */ |
| 269 | authenticated = 0; | 268 | authenticated = 0; |
| 270 | 269 | ||
| 271 | info[0] = '\0'; | ||
| 272 | 270 | ||
| 273 | /* Get a packet from the client. */ | 271 | /* Get a packet from the client. */ |
| 274 | prev = type; | 272 | prev = type; |
| @@ -298,7 +296,7 @@ do_authloop(Authctxt *authctxt) | |||
| 298 | goto skip; | 296 | goto skip; |
| 299 | } | 297 | } |
| 300 | 298 | ||
| 301 | authenticated = meth->method(authctxt, info, sizeof(info)); | 299 | authenticated = meth->method(authctxt); |
| 302 | if (authenticated == -1) | 300 | if (authenticated == -1) |
| 303 | continue; /* "postponed" */ | 301 | continue; /* "postponed" */ |
| 304 | 302 | ||
| @@ -353,8 +351,7 @@ do_authloop(Authctxt *authctxt) | |||
| 353 | 351 | ||
| 354 | skip: | 352 | skip: |
| 355 | /* Log before sending the reply */ | 353 | /* Log before sending the reply */ |
| 356 | auth_log(authctxt, authenticated, 0, get_authname(type), | 354 | auth_log(authctxt, authenticated, 0, get_authname(type), NULL); |
| 357 | NULL, info); | ||
| 358 | 355 | ||
| 359 | free(client_user); | 356 | free(client_user); |
| 360 | client_user = NULL; | 357 | client_user = NULL; |