diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-06-24 06:34:38 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-06-24 16:56:11 +1000 |
| commit | 8f574959272ac7fe9239c4f5d10fd913f8920ab0 (patch) | |
| tree | 51ab66a6011af6459e0d4ca15a4b4b78368607a1 /auth2-gss.c | |
| parent | e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba (diff) | |
upstream commit
refactor authentication logging
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
Diffstat (limited to 'auth2-gss.c')
| -rw-r--r-- | auth2-gss.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/auth2-gss.c b/auth2-gss.c index 680d5e712..589283b72 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-gss.c,v 1.25 2017/05/30 14:29:59 markus Exp $ */ | 1 | /* $OpenBSD: auth2-gss.c,v 1.26 2017/06/24 06:34:38 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -228,6 +228,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) | |||
| 228 | { | 228 | { |
| 229 | Authctxt *authctxt = ssh->authctxt; | 229 | Authctxt *authctxt = ssh->authctxt; |
| 230 | int authenticated; | 230 | int authenticated; |
| 231 | const char *displayname; | ||
| 231 | 232 | ||
| 232 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 233 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
| 233 | fatal("No authentication or GSSAPI context"); | 234 | fatal("No authentication or GSSAPI context"); |
| @@ -241,6 +242,10 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) | |||
| 241 | 242 | ||
| 242 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); | 243 | authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); |
| 243 | 244 | ||
| 245 | if ((!use_privsep || mm_is_monitor()) && | ||
| 246 | (displayname = ssh_gssapi_displayname()) != NULL) | ||
| 247 | auth2_record_info(authctxt, "%s", displayname); | ||
| 248 | |||
| 244 | authctxt->postponed = 0; | 249 | authctxt->postponed = 0; |
| 245 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 250 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| 246 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); | 251 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |
| @@ -259,6 +264,7 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) | |||
| 259 | Buffer b; | 264 | Buffer b; |
| 260 | gss_buffer_desc mic, gssbuf; | 265 | gss_buffer_desc mic, gssbuf; |
| 261 | u_int len; | 266 | u_int len; |
| 267 | const char *displayname; | ||
| 262 | 268 | ||
| 263 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 269 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
| 264 | fatal("No authentication or GSSAPI context"); | 270 | fatal("No authentication or GSSAPI context"); |
| @@ -282,6 +288,10 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) | |||
| 282 | buffer_free(&b); | 288 | buffer_free(&b); |
| 283 | free(mic.value); | 289 | free(mic.value); |
| 284 | 290 | ||
| 291 | if ((!use_privsep || mm_is_monitor()) && | ||
| 292 | (displayname = ssh_gssapi_displayname()) != NULL) | ||
| 293 | auth2_record_info(authctxt, "%s", displayname); | ||
| 294 | |||
| 285 | authctxt->postponed = 0; | 295 | authctxt->postponed = 0; |
| 286 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 296 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| 287 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); | 297 | ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); |