diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-01-27 00:53:12 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-01-27 16:54:26 +1100 |
| commit | ebacd377769ac07d1bf3c75169644336056b7060 (patch) | |
| tree | 66458137d52bc1ead418c8f823426dc8ce632837 /auth2-pubkey.c | |
| parent | 458abc2934e82034c5c281336d8dc0f910aecad3 (diff) | |
upstream commit
make the debug messages a bit more useful here
Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index b1b5b747b..41b34aed2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-pubkey.c,v 1.54 2015/10/27 01:44:45 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -79,19 +79,19 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 79 | { | 79 | { |
| 80 | Buffer b; | 80 | Buffer b; |
| 81 | Key *key = NULL; | 81 | Key *key = NULL; |
| 82 | char *pkalg, *userstyle; | 82 | char *pkalg, *userstyle, *fp = NULL; |
| 83 | u_char *pkblob, *sig; | 83 | u_char *pkblob, *sig; |
| 84 | u_int alen, blen, slen; | 84 | u_int alen, blen, slen; |
| 85 | int have_sig, pktype; | 85 | int have_sig, pktype; |
| 86 | int authenticated = 0; | 86 | int authenticated = 0; |
| 87 | 87 | ||
| 88 | if (!authctxt->valid) { | 88 | if (!authctxt->valid) { |
| 89 | debug2("userauth_pubkey: disabled because of invalid user"); | 89 | debug2("%s: disabled because of invalid user", __func__); |
| 90 | return 0; | 90 | return 0; |
| 91 | } | 91 | } |
| 92 | have_sig = packet_get_char(); | 92 | have_sig = packet_get_char(); |
| 93 | if (datafellows & SSH_BUG_PKAUTH) { | 93 | if (datafellows & SSH_BUG_PKAUTH) { |
| 94 | debug2("userauth_pubkey: SSH_BUG_PKAUTH"); | 94 | debug2("%s: SSH_BUG_PKAUTH", __func__); |
| 95 | /* no explicit pkalg given */ | 95 | /* no explicit pkalg given */ |
| 96 | pkblob = packet_get_string(&blen); | 96 | pkblob = packet_get_string(&blen); |
| 97 | buffer_init(&b); | 97 | buffer_init(&b); |
| @@ -106,18 +106,18 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 106 | pktype = key_type_from_name(pkalg); | 106 | pktype = key_type_from_name(pkalg); |
| 107 | if (pktype == KEY_UNSPEC) { | 107 | if (pktype == KEY_UNSPEC) { |
| 108 | /* this is perfectly legal */ | 108 | /* this is perfectly legal */ |
| 109 | logit("userauth_pubkey: unsupported public key algorithm: %s", | 109 | logit("%s: unsupported public key algorithm: %s", |
| 110 | pkalg); | 110 | __func__, pkalg); |
| 111 | goto done; | 111 | goto done; |
| 112 | } | 112 | } |
| 113 | key = key_from_blob(pkblob, blen); | 113 | key = key_from_blob(pkblob, blen); |
| 114 | if (key == NULL) { | 114 | if (key == NULL) { |
| 115 | error("userauth_pubkey: cannot decode key: %s", pkalg); | 115 | error("%s: cannot decode key: %s", __func__, pkalg); |
| 116 | goto done; | 116 | goto done; |
| 117 | } | 117 | } |
| 118 | if (key->type != pktype) { | 118 | if (key->type != pktype) { |
| 119 | error("userauth_pubkey: type mismatch for decoded key " | 119 | error("%s: type mismatch for decoded key " |
| 120 | "(received %d, expected %d)", key->type, pktype); | 120 | "(received %d, expected %d)", __func__, key->type, pktype); |
| 121 | goto done; | 121 | goto done; |
| 122 | } | 122 | } |
| 123 | if (key_type_plain(key->type) == KEY_RSA && | 123 | if (key_type_plain(key->type) == KEY_RSA && |
| @@ -126,6 +126,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 126 | "signature scheme"); | 126 | "signature scheme"); |
| 127 | goto done; | 127 | goto done; |
| 128 | } | 128 | } |
| 129 | fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); | ||
| 129 | if (auth2_userkey_already_used(authctxt, key)) { | 130 | if (auth2_userkey_already_used(authctxt, key)) { |
| 130 | logit("refusing previously-used %s key", key_type(key)); | 131 | logit("refusing previously-used %s key", key_type(key)); |
| 131 | goto done; | 132 | goto done; |
| @@ -138,6 +139,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 138 | } | 139 | } |
| 139 | 140 | ||
| 140 | if (have_sig) { | 141 | if (have_sig) { |
| 142 | debug3("%s: have signature for %s %s", | ||
| 143 | __func__, sshkey_type(key), fp); | ||
| 141 | sig = packet_get_string(&slen); | 144 | sig = packet_get_string(&slen); |
| 142 | packet_check_eom(); | 145 | packet_check_eom(); |
| 143 | buffer_init(&b); | 146 | buffer_init(&b); |
| @@ -183,7 +186,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 183 | buffer_free(&b); | 186 | buffer_free(&b); |
| 184 | free(sig); | 187 | free(sig); |
| 185 | } else { | 188 | } else { |
| 186 | debug("test whether pkalg/pkblob are acceptable"); | 189 | debug("%s: test whether pkalg/pkblob are acceptable for %s %s", |
| 190 | __func__, sshkey_type(key), fp); | ||
| 187 | packet_check_eom(); | 191 | packet_check_eom(); |
| 188 | 192 | ||
| 189 | /* XXX fake reply and always send PK_OK ? */ | 193 | /* XXX fake reply and always send PK_OK ? */ |
| @@ -206,11 +210,12 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 206 | if (authenticated != 1) | 210 | if (authenticated != 1) |
| 207 | auth_clear_options(); | 211 | auth_clear_options(); |
| 208 | done: | 212 | done: |
| 209 | debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); | 213 | debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); |
| 210 | if (key != NULL) | 214 | if (key != NULL) |
| 211 | key_free(key); | 215 | key_free(key); |
| 212 | free(pkalg); | 216 | free(pkalg); |
| 213 | free(pkblob); | 217 | free(pkblob); |
| 218 | free(fp); | ||
| 214 | return authenticated; | 219 | return authenticated; |
| 215 | } | 220 | } |
| 216 | 221 | ||