diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 22 |
1 files changed, 13 insertions, 9 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.132 2018/07/11 08:19:35 martijn Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -275,22 +275,26 @@ format_method_key(Authctxt *authctxt) | |||
275 | { | 275 | { |
276 | const struct sshkey *key = authctxt->auth_method_key; | 276 | const struct sshkey *key = authctxt->auth_method_key; |
277 | const char *methinfo = authctxt->auth_method_info; | 277 | const char *methinfo = authctxt->auth_method_info; |
278 | char *fp, *ret = NULL; | 278 | char *fp, *cafp, *ret = NULL; |
279 | 279 | ||
280 | if (key == NULL) | 280 | if (key == NULL) |
281 | return NULL; | 281 | return NULL; |
282 | 282 | ||
283 | if (sshkey_is_cert(key)) { | 283 | if (sshkey_is_cert(key)) { |
284 | fp = sshkey_fingerprint(key->cert->signature_key, | 284 | fp = sshkey_fingerprint(key, |
285 | options.fingerprint_hash, SSH_FP_DEFAULT); | 285 | options.fingerprint_hash, SSH_FP_DEFAULT); |
286 | xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s", | 286 | cafp = sshkey_fingerprint(key->cert->signature_key, |
287 | sshkey_type(key), key->cert->key_id, | 287 | options.fingerprint_hash, SSH_FP_DEFAULT); |
288 | xasprintf(&ret, "%s %s ID %s (serial %llu) CA %s %s%s%s", | ||
289 | sshkey_type(key), fp == NULL ? "(null)" : fp, | ||
290 | key->cert->key_id, | ||
288 | (unsigned long long)key->cert->serial, | 291 | (unsigned long long)key->cert->serial, |
289 | sshkey_type(key->cert->signature_key), | 292 | sshkey_type(key->cert->signature_key), |
290 | fp == NULL ? "(null)" : fp, | 293 | cafp == NULL ? "(null)" : cafp, |
291 | methinfo == NULL ? "" : ", ", | 294 | methinfo == NULL ? "" : ", ", |
292 | methinfo == NULL ? "" : methinfo); | 295 | methinfo == NULL ? "" : methinfo); |
293 | free(fp); | 296 | free(fp); |
297 | free(cafp); | ||
294 | } else { | 298 | } else { |
295 | fp = sshkey_fingerprint(key, options.fingerprint_hash, | 299 | fp = sshkey_fingerprint(key, options.fingerprint_hash, |
296 | SSH_FP_DEFAULT); | 300 | SSH_FP_DEFAULT); |
@@ -308,7 +312,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
308 | const char *method, const char *submethod) | 312 | const char *method, const char *submethod) |
309 | { | 313 | { |
310 | struct ssh *ssh = active_state; /* XXX */ | 314 | struct ssh *ssh = active_state; /* XXX */ |
311 | void (*authlog) (const char *fmt,...) = verbose; | 315 | int level = SYSLOG_LEVEL_VERBOSE; |
312 | const char *authmsg; | 316 | const char *authmsg; |
313 | char *extra = NULL; | 317 | char *extra = NULL; |
314 | 318 | ||
@@ -320,7 +324,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
320 | !authctxt->valid || | 324 | !authctxt->valid || |
321 | authctxt->failures >= options.max_authtries / 2 || | 325 | authctxt->failures >= options.max_authtries / 2 || |
322 | strcmp(method, "password") == 0) | 326 | strcmp(method, "password") == 0) |
323 | authlog = logit; | 327 | level = SYSLOG_LEVEL_INFO; |
324 | 328 | ||
325 | if (authctxt->postponed) | 329 | if (authctxt->postponed) |
326 | authmsg = "Postponed"; | 330 | authmsg = "Postponed"; |
@@ -334,7 +338,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
334 | extra = xstrdup(authctxt->auth_method_info); | 338 | extra = xstrdup(authctxt->auth_method_info); |
335 | } | 339 | } |
336 | 340 | ||
337 | authlog("%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", | 341 | do_log2(level, "%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", |
338 | authmsg, | 342 | authmsg, |
339 | method, | 343 | method, |
340 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, | 344 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, |