diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
| commit | 0acca3797d53d958d240c69a5f222f2aa8444858 (patch) | |
| tree | 0a1e1208f2d9abed88716b9a12e091864e2f8d2d /monitor.c | |
| parent | 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0 (diff) | |
- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
Diffstat (limited to 'monitor.c')
| -rw-r--r-- | monitor.c | 9 |
1 files changed, 4 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.124 2013/05/17 00:13:13 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.125 2013/05/19 02:42:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -422,8 +422,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
| 422 | } | 422 | } |
| 423 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { | 423 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
| 424 | auth_log(authctxt, authenticated, partial, | 424 | auth_log(authctxt, authenticated, partial, |
| 425 | auth_method, auth_submethod, | 425 | auth_method, auth_submethod); |
| 426 | compat20 ? " ssh2" : ""); | ||
| 427 | if (!authenticated) | 426 | if (!authenticated) |
| 428 | authctxt->failures++; | 427 | authctxt->failures++; |
| 429 | } | 428 | } |
| @@ -1168,6 +1167,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
| 1168 | case MM_USERKEY: | 1167 | case MM_USERKEY: |
| 1169 | allowed = options.pubkey_authentication && | 1168 | allowed = options.pubkey_authentication && |
| 1170 | user_key_allowed(authctxt->pw, key); | 1169 | user_key_allowed(authctxt->pw, key); |
| 1170 | pubkey_auth_info(authctxt, key); | ||
| 1171 | auth_method = "publickey"; | 1171 | auth_method = "publickey"; |
| 1172 | if (options.pubkey_authentication && allowed != 1) | 1172 | if (options.pubkey_authentication && allowed != 1) |
| 1173 | auth_clear_options(); | 1173 | auth_clear_options(); |
| @@ -1207,8 +1207,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
| 1207 | hostbased_chost = chost; | 1207 | hostbased_chost = chost; |
| 1208 | } else { | 1208 | } else { |
| 1209 | /* Log failed attempt */ | 1209 | /* Log failed attempt */ |
| 1210 | auth_log(authctxt, 0, 0, auth_method, NULL, | 1210 | auth_log(authctxt, 0, 0, auth_method, NULL); |
| 1211 | compat20 ? " ssh2" : ""); | ||
| 1212 | free(blob); | 1211 | free(blob); |
| 1213 | free(cuser); | 1212 | free(cuser); |
| 1214 | free(chost); | 1213 | free(chost); |