4 files changed, 77 insertions, 60 deletions
diff --git a/ChangeLog b/ChangeLog
index 3247f9589..2559e19e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,10 @@
   - itojun@cvs.openbsd.org 2002/05/13 02:37:39
     [auth-skey.c auth2.c]
     less warnings.  skey_{respond,query} are public (in auth.h)
+   - markus@cvs.openbsd.org 2002/05/13 20:44:58
+     [auth-options.c auth.c auth.h]
+     move the packet_send_debug handling from auth-options.c to auth.c; 
+     ok provos@
 20020514
 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
@@ -617,4 +621,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2125 2002/05/15 16:14:36 mouring Exp $
+$Id: ChangeLog,v 1.2126 2002/05/15 16:16:14 mouring Exp $
diff --git a/auth-options.c b/auth-options.c
index 3408b3d8f..2787d2948 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.23 2002/03/19 10:35:39 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $");
 #include "packet.h"
 #include "xmalloc.h"
@@ -23,10 +23,7 @@ RCSID("$OpenBSD: auth-options.c,v 1.23 2002/03/19 10:35:39 markus Exp $");
 #include "bufaux.h"
 #include "misc.h"
 #include "monitor_wrap.h"
+#include "auth.h"
-/* Debugging messages */
-Buffer auth_debug;
-int auth_debug_init;
 /* Flags set authorized_keys flags */
 int no_port_forwarding_flag = 0;
@@ -42,28 +39,9 @@ struct envstring *custom_environment = NULL;
 extern ServerOptions options;
-static void
-auth_send_debug(Buffer *m)
-{
-        char *msg;
-        while (buffer_len(m)) {
-                msg = buffer_get_string(m, NULL);
-                packet_send_debug("%s", msg);
-                xfree(msg);
-        }
-}
 void
 auth_clear_options(void)
 {
-        if (auth_debug_init)
-                buffer_clear(&auth_debug);
-        else {
-                buffer_init(&auth_debug);
-                auth_debug_init = 1;
-        }
        no_agent_forwarding_flag = 0;
        no_port_forwarding_flag = 0;
        no_pty_flag = 0;
@@ -79,6 +57,7 @@ auth_clear_options(void)
                forced_command = NULL;
        }
        channel_clear_permitted_opens();
+        auth_debug_reset();
 }
 /*
@@ -88,7 +67,6 @@ auth_clear_options(void)
 int
 auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 {
-        char tmp[1024];
        const char *cp;
        int i;
@@ -101,32 +79,28 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
        while (*opts && *opts != ' ' && *opts != '\t') {
                cp = "no-port-forwarding";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                        snprintf(tmp, sizeof(tmp), "Port forwarding disabled.");
+                        auth_debug_add("Port forwarding disabled.");
-                        buffer_put_cstring(&auth_debug, tmp);
                        no_port_forwarding_flag = 1;
                        opts += strlen(cp);
                        goto next_option;
                }
                cp = "no-agent-forwarding";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                        snprintf(tmp, sizeof(tmp), "Agent forwarding disabled.");
+                        auth_debug_add("Agent forwarding disabled.");
-                        buffer_put_cstring(&auth_debug, tmp);
                        no_agent_forwarding_flag = 1;
                        opts += strlen(cp);
                        goto next_option;
                }
                cp = "no-X11-forwarding";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                        snprintf(tmp, sizeof(tmp), "X11 forwarding disabled.");
+                        auth_debug_add("X11 forwarding disabled.");
-                        buffer_put_cstring(&auth_debug, tmp);
                        no_x11_forwarding_flag = 1;
                        opts += strlen(cp);
                        goto next_option;
                }
                cp = "no-pty";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-                        snprintf(tmp, sizeof(tmp), "Pty allocation disabled.");
+                        auth_debug_add("Pty allocation disabled.");
-                        buffer_put_cstring(&auth_debug, tmp);
                        no_pty_flag = 1;
                        opts += strlen(cp);
                        goto next_option;
@@ -149,16 +123,14 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        if (!*opts) {
                                debug("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+                                auth_debug_add("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                buffer_put_cstring(&auth_debug, tmp);
                                xfree(forced_command);
                                forced_command = NULL;
                                goto bad_option;
                        }
                        forced_command[i] = 0;
-                        snprintf(tmp, sizeof(tmp), "Forced command: %.900s", forced_command);
+                        auth_debug_add("Forced command: %.900s", forced_command);
-                        buffer_put_cstring(&auth_debug, tmp);
                        opts++;
                        goto next_option;
                }
@@ -183,15 +155,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        if (!*opts) {
                                debug("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+                                auth_debug_add("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                buffer_put_cstring(&auth_debug, tmp);
                                xfree(s);
                                goto bad_option;
                        }
                        s[i] = 0;
-                        snprintf(tmp, sizeof(tmp), "Adding to environment: %.900s", s);
+                        auth_debug_add("Adding to environment: %.900s", s);
-                        buffer_put_cstring(&auth_debug, tmp);
                        debug("Adding to environment: %.900s", s);
                        opts++;
                        new_envstring = xmalloc(sizeof(struct envstring));
@@ -222,9 +192,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        if (!*opts) {
                                debug("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+                                auth_debug_add("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                buffer_put_cstring(&auth_debug, tmp);
                                xfree(patterns);
                                goto bad_option;
                        }
@@ -237,11 +206,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                                    "correct key but not from a permitted "
                                    "host (host=%.200s, ip=%.200s).",
                                    pw->pw_name, remote_host, remote_ip);
-                                snprintf(tmp, sizeof(tmp),
+                                auth_debug_add("Your host '%.200s' is not "
-                                    "Your host '%.200s' is not "
                                    "permitted to use this key for login.",
                                    remote_host);
-                                buffer_put_cstring(&auth_debug, tmp);
                                /* deny access */
                                return 0;
                        }
@@ -270,9 +237,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        if (!*opts) {
                                debug("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+                                auth_debug_add("%.100s, line %lu: missing end quote",
                                    file, linenum);
-                                buffer_put_cstring(&auth_debug, tmp);
                                xfree(patterns);
                                goto bad_option;
                        }
@@ -282,18 +248,16 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                            sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
                                debug("%.100s, line %lu: Bad permitopen specification "
                                    "<%.100s>", file, linenum, patterns);
-                                snprintf(tmp, sizeof(tmp), "%.100s, line %lu: "
+                                auth_debug_add("%.100s, line %lu: "
                                    "Bad permitopen specification", file, linenum);
-                                buffer_put_cstring(&auth_debug, tmp);
                                xfree(patterns);
                                goto bad_option;
                        }
                        if ((port = a2port(sport)) == 0) {
                                debug("%.100s, line %lu: Bad permitopen port <%.100s>",
                                    file, linenum, sport);
-                                snprintf(tmp, sizeof(tmp), "%.100s, line %lu: "
+                                auth_debug_add("%.100s, line %lu: "
                                    "Bad permitopen port", file, linenum);
-                                buffer_put_cstring(&auth_debug, tmp);
                                xfree(patterns);
                                goto bad_option;
                        }
@@ -318,7 +282,7 @@ next_option:
        }
        if (!use_privsep)
-                auth_send_debug(&auth_debug);
+                auth_debug_send();
        /* grant access */
        return 1;
@@ -326,13 +290,11 @@ next_option:
 bad_option:
        log("Bad options in %.100s file, line %lu: %.50s",
            file, linenum, opts);
-        snprintf(tmp, sizeof(tmp),
+        auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
-            "Bad options in %.100s file, line %lu: %.50s",
            file, linenum, opts);
-        buffer_put_cstring(&auth_debug, tmp);
        if (!use_privsep)
-                auth_send_debug(&auth_debug);
+                auth_debug_send();
        /* deny access */
        return 0;
diff --git a/auth.c b/auth.c
index 2f1979cfa..7c2faeed1 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.41 2002/03/19 15:31:47 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.42 2002/05/13 20:44:58 markus Exp $");
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -49,10 +49,16 @@ RCSID("$OpenBSD: auth.c,v 1.41 2002/03/19 15:31:47 markus Exp $");
 #include "uidswap.h"
 #include "tildexpand.h"
 #include "misc.h"
+#include "bufaux.h"
+#include "packet.h"
 /* import */
 extern ServerOptions options;
+/* Debugging messages */
+Buffer auth_debug;
+int auth_debug_init;
 /*
 * Check if the user is allowed to log in via ssh. If user is listed
 * in DenyUsers or one of user's groups is listed in DenyGroups, false
@@ -491,3 +497,43 @@ getpwnamallow(const char *user)
                return (pwcopy(pw));
        return (NULL);
 }
+void
+auth_debug_add(const char *fmt,...)
+{
+        char buf[1024];
+        va_list args;
+        if (!auth_debug_init)
+                return;
+        va_start(args, fmt);
+        vsnprintf(buf, sizeof(buf), fmt, args);
+        va_end(args);
+        buffer_put_cstring(&auth_debug, buf);
+}
+void
+auth_debug_send(void)
+{
+        char *msg;
+        if (!auth_debug_init)
+                return;
+        while (buffer_len(&auth_debug)) {
+                msg = buffer_get_string(&auth_debug, NULL);
+                packet_send_debug("%s", msg);
+                xfree(msg);
+        }
+}
+void
+auth_debug_reset(void)
+{
+        if (auth_debug_init)
+                buffer_clear(&auth_debug);
+        else {
+                buffer_init(&auth_debug);
+                auth_debug_init = 1;
+        }
+}
diff --git a/auth.h b/auth.h
index f03a26e0a..2211c5b2a 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: auth.h,v 1.36 2002/05/12 23:53:45 djm Exp $   */
+/*      $OpenBSD: auth.h,v 1.37 2002/05/13 20:44:58 markus Exp $        */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -172,6 +172,11 @@ Key	*get_hostkey_by_type(int);
 int      get_hostkey_index(Key *);
 int      ssh1_session_key(BIGNUM *);
+/* debug messages during authentication */
+void     auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void     auth_debug_send(void);
+void     auth_debug_reset(void);
 #define AUTH_FAIL_MAX 6
 #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"

diff --git a/ChangeLog b/ChangeLog index 3247f9589..2559e19e0 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -13,6 +13,10 @@
13	- itojun@cvs.openbsd.org 2002/05/13 02:37:39	13	- itojun@cvs.openbsd.org 2002/05/13 02:37:39
14	[auth-skey.c auth2.c]	14	[auth-skey.c auth2.c]
15	less warnings. skey_{respond,query} are public (in auth.h)	15	less warnings. skey_{respond,query} are public (in auth.h)
		16	- markus@cvs.openbsd.org 2002/05/13 20:44:58
		17	[auth-options.c auth.c auth.h]
		18	move the packet_send_debug handling from auth-options.c to auth.c;
		19	ok provos@
16		20
17	20020514	21	20020514
18	- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.	22	- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
@@ -617,4 +621,4 @@
617	- (stevesk) entropy.c: typo in debug message	621	- (stevesk) entropy.c: typo in debug message
618	- (djm) ssh-keygen -i needs seeded RNG; report from markus@	622	- (djm) ssh-keygen -i needs seeded RNG; report from markus@
619		623
620	$Id: ChangeLog,v 1.2125 2002/05/15 16:14:36 mouring Exp $	624	$Id: ChangeLog,v 1.2126 2002/05/15 16:16:14 mouring Exp $


diff --git a/auth-options.c b/auth-options.c index 3408b3d8f..2787d2948 100644 --- a/auth-options.c +++ b/auth-options.c
@@ -10,7 +10,7 @@
10	*/	10	*/
11		11
12	#include "includes.h"	12	#include "includes.h"
13	RCSID("$OpenBSD: auth-options.c,v 1.23 2002/03/19 10:35:39 markus Exp $");	13	RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $");
14		14
15	#include "packet.h"	15	#include "packet.h"
16	#include "xmalloc.h"	16	#include "xmalloc.h"
@@ -23,10 +23,7 @@ RCSID("$OpenBSD: auth-options.c,v 1.23 2002/03/19 10:35:39 markus Exp $");
23	#include "bufaux.h"	23	#include "bufaux.h"
24	#include "misc.h"	24	#include "misc.h"
25	#include "monitor_wrap.h"	25	#include "monitor_wrap.h"
26		26	#include "auth.h"
27	/* Debugging messages */
28	Buffer auth_debug;
29	int auth_debug_init;
30		27
31	/* Flags set authorized_keys flags */	28	/* Flags set authorized_keys flags */
32	int no_port_forwarding_flag = 0;	29	int no_port_forwarding_flag = 0;
@@ -42,28 +39,9 @@ struct envstring *custom_environment = NULL;
42		39
43	extern ServerOptions options;	40	extern ServerOptions options;
44		41
45	static void
46	auth_send_debug(Buffer *m)
47	{
48	char *msg;
49
50	while (buffer_len(m)) {
51	msg = buffer_get_string(m, NULL);
52	packet_send_debug("%s", msg);
53	xfree(msg);
54	}
55	}
56
57	void	42	void
58	auth_clear_options(void)	43	auth_clear_options(void)
59	{	44	{
60	if (auth_debug_init)
61	buffer_clear(&auth_debug);
62	else {
63	buffer_init(&auth_debug);
64	auth_debug_init = 1;
65	}
66
67	no_agent_forwarding_flag = 0;	45	no_agent_forwarding_flag = 0;
68	no_port_forwarding_flag = 0;	46	no_port_forwarding_flag = 0;
69	no_pty_flag = 0;	47	no_pty_flag = 0;
@@ -79,6 +57,7 @@ auth_clear_options(void)
79	forced_command = NULL;	57	forced_command = NULL;
80	}	58	}
81	channel_clear_permitted_opens();	59	channel_clear_permitted_opens();
		60	auth_debug_reset();
82	}	61	}
83		62
84	/*	63	/*
@@ -88,7 +67,6 @@ auth_clear_options(void)
88	int	67	int
89	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)	68	auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
90	{	69	{
91	char tmp[1024];
92	const char *cp;	70	const char *cp;
93	int i;	71	int i;
94		72
@@ -101,32 +79,28 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
101	while (opts && opts != ' ' && *opts != '\t') {	79	while (opts && opts != ' ' && *opts != '\t') {
102	cp = "no-port-forwarding";	80	cp = "no-port-forwarding";
103	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	81	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
104	snprintf(tmp, sizeof(tmp), "Port forwarding disabled.");	82	auth_debug_add("Port forwarding disabled.");
105	buffer_put_cstring(&auth_debug, tmp);
106	no_port_forwarding_flag = 1;	83	no_port_forwarding_flag = 1;
107	opts += strlen(cp);	84	opts += strlen(cp);
108	goto next_option;	85	goto next_option;
109	}	86	}
110	cp = "no-agent-forwarding";	87	cp = "no-agent-forwarding";
111	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	88	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
112	snprintf(tmp, sizeof(tmp), "Agent forwarding disabled.");	89	auth_debug_add("Agent forwarding disabled.");
113	buffer_put_cstring(&auth_debug, tmp);
114	no_agent_forwarding_flag = 1;	90	no_agent_forwarding_flag = 1;
115	opts += strlen(cp);	91	opts += strlen(cp);
116	goto next_option;	92	goto next_option;
117	}	93	}
118	cp = "no-X11-forwarding";	94	cp = "no-X11-forwarding";
119	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	95	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
120	snprintf(tmp, sizeof(tmp), "X11 forwarding disabled.");	96	auth_debug_add("X11 forwarding disabled.");
121	buffer_put_cstring(&auth_debug, tmp);
122	no_x11_forwarding_flag = 1;	97	no_x11_forwarding_flag = 1;
123	opts += strlen(cp);	98	opts += strlen(cp);
124	goto next_option;	99	goto next_option;
125	}	100	}
126	cp = "no-pty";	101	cp = "no-pty";
127	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	102	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
128	snprintf(tmp, sizeof(tmp), "Pty allocation disabled.");	103	auth_debug_add("Pty allocation disabled.");
129	buffer_put_cstring(&auth_debug, tmp);
130	no_pty_flag = 1;	104	no_pty_flag = 1;
131	opts += strlen(cp);	105	opts += strlen(cp);
132	goto next_option;	106	goto next_option;
@@ -149,16 +123,14 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
149	if (!*opts) {	123	if (!*opts) {
150	debug("%.100s, line %lu: missing end quote",	124	debug("%.100s, line %lu: missing end quote",
151	file, linenum);	125	file, linenum);
152	snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",	126	auth_debug_add("%.100s, line %lu: missing end quote",
153	file, linenum);	127	file, linenum);
154	buffer_put_cstring(&auth_debug, tmp);
155	xfree(forced_command);	128	xfree(forced_command);
156	forced_command = NULL;	129	forced_command = NULL;
157	goto bad_option;	130	goto bad_option;
158	}	131	}
159	forced_command[i] = 0;	132	forced_command[i] = 0;
160	snprintf(tmp, sizeof(tmp), "Forced command: %.900s", forced_command);	133	auth_debug_add("Forced command: %.900s", forced_command);
161	buffer_put_cstring(&auth_debug, tmp);
162	opts++;	134	opts++;
163	goto next_option;	135	goto next_option;
164	}	136	}
@@ -183,15 +155,13 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
183	if (!*opts) {	155	if (!*opts) {
184	debug("%.100s, line %lu: missing end quote",	156	debug("%.100s, line %lu: missing end quote",
185	file, linenum);	157	file, linenum);
186	snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",	158	auth_debug_add("%.100s, line %lu: missing end quote",
187	file, linenum);	159	file, linenum);
188	buffer_put_cstring(&auth_debug, tmp);
189	xfree(s);	160	xfree(s);
190	goto bad_option;	161	goto bad_option;
191	}	162	}
192	s[i] = 0;	163	s[i] = 0;
193	snprintf(tmp, sizeof(tmp), "Adding to environment: %.900s", s);	164	auth_debug_add("Adding to environment: %.900s", s);
194	buffer_put_cstring(&auth_debug, tmp);
195	debug("Adding to environment: %.900s", s);	165	debug("Adding to environment: %.900s", s);
196	opts++;	166	opts++;
197	new_envstring = xmalloc(sizeof(struct envstring));	167	new_envstring = xmalloc(sizeof(struct envstring));
@@ -222,9 +192,8 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
222	if (!*opts) {	192	if (!*opts) {
223	debug("%.100s, line %lu: missing end quote",	193	debug("%.100s, line %lu: missing end quote",
224	file, linenum);	194	file, linenum);
225	snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",	195	auth_debug_add("%.100s, line %lu: missing end quote",
226	file, linenum);	196	file, linenum);
227	buffer_put_cstring(&auth_debug, tmp);
228	xfree(patterns);	197	xfree(patterns);
229	goto bad_option;	198	goto bad_option;
230	}	199	}
@@ -237,11 +206,9 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
237	"correct key but not from a permitted "	206	"correct key but not from a permitted "
238	"host (host=%.200s, ip=%.200s).",	207	"host (host=%.200s, ip=%.200s).",
239	pw->pw_name, remote_host, remote_ip);	208	pw->pw_name, remote_host, remote_ip);
240	snprintf(tmp, sizeof(tmp),	209	auth_debug_add("Your host '%.200s' is not "
241	"Your host '%.200s' is not "
242	"permitted to use this key for login.",	210	"permitted to use this key for login.",
243	remote_host);	211	remote_host);
244	buffer_put_cstring(&auth_debug, tmp);
245	/* deny access */	212	/* deny access */
246	return 0;	213	return 0;
247	}	214	}
@@ -270,9 +237,8 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
270	if (!*opts) {	237	if (!*opts) {
271	debug("%.100s, line %lu: missing end quote",	238	debug("%.100s, line %lu: missing end quote",
272	file, linenum);	239	file, linenum);
273	snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",	240	auth_debug_add("%.100s, line %lu: missing end quote",
274	file, linenum);	241	file, linenum);
275	buffer_put_cstring(&auth_debug, tmp);
276	xfree(patterns);	242	xfree(patterns);
277	goto bad_option;	243	goto bad_option;
278	}	244	}
@@ -282,18 +248,16 @@ auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum)
282	sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {	248	sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
283	debug("%.100s, line %lu: Bad permitopen specification "	249	debug("%.100s, line %lu: Bad permitopen specification "
284	"<%.100s>", file, linenum, patterns);	250	"<%.100s>", file, linenum, patterns);
285	snprintf(tmp, sizeof(tmp), "%.100s, line %lu: "	251	auth_debug_add("%.100s, line %lu: "
286	"Bad permitopen specification", file, linenum);	252	"Bad permitopen specification", file, linenum);
287	buffer_put_cstring(&auth_debug, tmp);
288	xfree(patterns);	253	xfree(patterns);
289	goto bad_option;	254	goto bad_option;
290	}	255	}
291	if ((port = a2port(sport)) == 0) {	256	if ((port = a2port(sport)) == 0) {
292	debug("%.100s, line %lu: Bad permitopen port <%.100s>",	257	debug("%.100s, line %lu: Bad permitopen port <%.100s>",
293	file, linenum, sport);	258	file, linenum, sport);
294	snprintf(tmp, sizeof(tmp), "%.100s, line %lu: "	259	auth_debug_add("%.100s, line %lu: "
295	"Bad permitopen port", file, linenum);	260	"Bad permitopen port", file, linenum);
296	buffer_put_cstring(&auth_debug, tmp);
297	xfree(patterns);	261	xfree(patterns);
298	goto bad_option;	262	goto bad_option;
299	}	263	}
@@ -318,7 +282,7 @@ next_option:
318	}	282	}
319		283
320	if (!use_privsep)	284	if (!use_privsep)
321	auth_send_debug(&auth_debug);	285	auth_debug_send();
322		286
323	/* grant access */	287	/* grant access */
324	return 1;	288	return 1;
@@ -326,13 +290,11 @@ next_option:
326	bad_option:	290	bad_option:
327	log("Bad options in %.100s file, line %lu: %.50s",	291	log("Bad options in %.100s file, line %lu: %.50s",
328	file, linenum, opts);	292	file, linenum, opts);
329	snprintf(tmp, sizeof(tmp),	293	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
330	"Bad options in %.100s file, line %lu: %.50s",
331	file, linenum, opts);	294	file, linenum, opts);
332	buffer_put_cstring(&auth_debug, tmp);
333		295
334	if (!use_privsep)	296	if (!use_privsep)
335	auth_send_debug(&auth_debug);	297	auth_debug_send();
336		298
337	/* deny access */	299	/* deny access */
338	return 0;	300	return 0;


diff --git a/auth.c b/auth.c index 2f1979cfa..7c2faeed1 100644 --- a/auth.c +++ b/auth.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: auth.c,v 1.41 2002/03/19 15:31:47 markus Exp $");	26	RCSID("$OpenBSD: auth.c,v 1.42 2002/05/13 20:44:58 markus Exp $");
27		27
28	#ifdef HAVE_LOGIN_H	28	#ifdef HAVE_LOGIN_H
29	#include <login.h>	29	#include <login.h>
@@ -49,10 +49,16 @@ RCSID("$OpenBSD: auth.c,v 1.41 2002/03/19 15:31:47 markus Exp $");
49	#include "uidswap.h"	49	#include "uidswap.h"
50	#include "tildexpand.h"	50	#include "tildexpand.h"
51	#include "misc.h"	51	#include "misc.h"
		52	#include "bufaux.h"
		53	#include "packet.h"
52		54
53	/* import */	55	/* import */
54	extern ServerOptions options;	56	extern ServerOptions options;
55		57
		58	/* Debugging messages */
		59	Buffer auth_debug;
		60	int auth_debug_init;
		61
56	/*	62	/*
57	* Check if the user is allowed to log in via ssh. If user is listed	63	* Check if the user is allowed to log in via ssh. If user is listed
58	* in DenyUsers or one of user's groups is listed in DenyGroups, false	64	* in DenyUsers or one of user's groups is listed in DenyGroups, false
@@ -491,3 +497,43 @@ getpwnamallow(const char *user)
491	return (pwcopy(pw));	497	return (pwcopy(pw));
492	return (NULL);	498	return (NULL);
493	}	499	}
		500
		501	void
		502	auth_debug_add(const char *fmt,...)
		503	{
		504	char buf[1024];
		505	va_list args;
		506
		507	if (!auth_debug_init)
		508	return;
		509
		510	va_start(args, fmt);
		511	vsnprintf(buf, sizeof(buf), fmt, args);
		512	va_end(args);
		513	buffer_put_cstring(&auth_debug, buf);
		514	}
		515
		516	void
		517	auth_debug_send(void)
		518	{
		519	char *msg;
		520
		521	if (!auth_debug_init)
		522	return;
		523	while (buffer_len(&auth_debug)) {
		524	msg = buffer_get_string(&auth_debug, NULL);
		525	packet_send_debug("%s", msg);
		526	xfree(msg);
		527	}
		528	}
		529
		530	void
		531	auth_debug_reset(void)
		532	{
		533	if (auth_debug_init)
		534	buffer_clear(&auth_debug);
		535	else {
		536	buffer_init(&auth_debug);
		537	auth_debug_init = 1;
		538	}
		539	}


diff --git a/auth.h b/auth.h index f03a26e0a..2211c5b2a 100644 --- a/auth.h +++ b/auth.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth.h,v 1.36 2002/05/12 23:53:45 djm Exp $ */	1	/* $OpenBSD: auth.h,v 1.37 2002/05/13 20:44:58 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -172,6 +172,11 @@ Key *get_hostkey_by_type(int);
172	int get_hostkey_index(Key *);	172	int get_hostkey_index(Key *);
173	int ssh1_session_key(BIGNUM *);	173	int ssh1_session_key(BIGNUM *);
174		174
		175	/* debug messages during authentication */
		176	void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
		177	void auth_debug_send(void);
		178	void auth_debug_reset(void);
		179
175	#define AUTH_FAIL_MAX 6	180	#define AUTH_FAIL_MAX 6
176	#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)	181	#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
177	#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"	182	#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"