diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 62 |
1 files changed, 44 insertions, 18 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.121 2017/05/30 08:52:19 markus Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.122 2017/06/24 06:34:38 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -267,21 +267,41 @@ allowed_user(struct passwd * pw) | |||
267 | return 1; | 267 | return 1; |
268 | } | 268 | } |
269 | 269 | ||
270 | void | 270 | /* |
271 | auth_info(Authctxt *authctxt, const char *fmt, ...) | 271 | * Formats any key left in authctxt->auth_method_key for inclusion in |
272 | * auth_log()'s message. Also includes authxtct->auth_method_info if present. | ||
273 | */ | ||
274 | static char * | ||
275 | format_method_key(Authctxt *authctxt) | ||
272 | { | 276 | { |
273 | va_list ap; | 277 | const struct sshkey *key = authctxt->auth_method_key; |
274 | int i; | 278 | const char *methinfo = authctxt->auth_method_info; |
275 | 279 | char *fp, *ret = NULL; | |
276 | free(authctxt->info); | ||
277 | authctxt->info = NULL; | ||
278 | 280 | ||
279 | va_start(ap, fmt); | 281 | if (key == NULL) |
280 | i = vasprintf(&authctxt->info, fmt, ap); | 282 | return NULL; |
281 | va_end(ap); | ||
282 | 283 | ||
283 | if (i < 0 || authctxt->info == NULL) | 284 | if (key_is_cert(key)) { |
284 | fatal("vasprintf failed"); | 285 | fp = sshkey_fingerprint(key->cert->signature_key, |
286 | options.fingerprint_hash, SSH_FP_DEFAULT); | ||
287 | xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s", | ||
288 | sshkey_type(key), key->cert->key_id, | ||
289 | (unsigned long long)key->cert->serial, | ||
290 | sshkey_type(key->cert->signature_key), | ||
291 | fp == NULL ? "(null)" : fp, | ||
292 | methinfo == NULL ? "" : ", ", | ||
293 | methinfo == NULL ? "" : methinfo); | ||
294 | free(fp); | ||
295 | } else { | ||
296 | fp = sshkey_fingerprint(key, options.fingerprint_hash, | ||
297 | SSH_FP_DEFAULT); | ||
298 | xasprintf(&ret, "%s %s%s%s", sshkey_type(key), | ||
299 | fp == NULL ? "(null)" : fp, | ||
300 | methinfo == NULL ? "" : ", ", | ||
301 | methinfo == NULL ? "" : methinfo); | ||
302 | free(fp); | ||
303 | } | ||
304 | return ret; | ||
285 | } | 305 | } |
286 | 306 | ||
287 | void | 307 | void |
@@ -290,7 +310,8 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
290 | { | 310 | { |
291 | struct ssh *ssh = active_state; /* XXX */ | 311 | struct ssh *ssh = active_state; /* XXX */ |
292 | void (*authlog) (const char *fmt,...) = verbose; | 312 | void (*authlog) (const char *fmt,...) = verbose; |
293 | char *authmsg; | 313 | const char *authmsg; |
314 | char *extra = NULL; | ||
294 | 315 | ||
295 | if (use_privsep && !mm_is_monitor() && !authctxt->postponed) | 316 | if (use_privsep && !mm_is_monitor() && !authctxt->postponed) |
296 | return; | 317 | return; |
@@ -309,6 +330,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
309 | else | 330 | else |
310 | authmsg = authenticated ? "Accepted" : "Failed"; | 331 | authmsg = authenticated ? "Accepted" : "Failed"; |
311 | 332 | ||
333 | if ((extra = format_method_key(authctxt)) == NULL) { | ||
334 | if (authctxt->auth_method_info != NULL) | ||
335 | extra = xstrdup(authctxt->auth_method_info); | ||
336 | } | ||
337 | |||
312 | authlog("%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", | 338 | authlog("%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", |
313 | authmsg, | 339 | authmsg, |
314 | method, | 340 | method, |
@@ -317,10 +343,10 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
317 | authctxt->user, | 343 | authctxt->user, |
318 | ssh_remote_ipaddr(ssh), | 344 | ssh_remote_ipaddr(ssh), |
319 | ssh_remote_port(ssh), | 345 | ssh_remote_port(ssh), |
320 | authctxt->info != NULL ? ": " : "", | 346 | extra != NULL ? ": " : "", |
321 | authctxt->info != NULL ? authctxt->info : ""); | 347 | extra != NULL ? extra : ""); |
322 | free(authctxt->info); | 348 | |
323 | authctxt->info = NULL; | 349 | free(extra); |
324 | 350 | ||
325 | #ifdef CUSTOM_FAILED_LOGIN | 351 | #ifdef CUSTOM_FAILED_LOGIN |
326 | if (authenticated == 0 && !authctxt->postponed && | 352 | if (authenticated == 0 && !authctxt->postponed && |