From 0acca3797d53d958d240c69a5f222f2aa8444858 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 2 Jun 2013 07:41:51 +1000
Subject:    - djm@cvs.openbsd.org 2013/05/19 02:42:42      [auth.h auth.c
 key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]      Standardise logging of
 supplemental information during userauth. Keys      and ruser is now logged
 in the auth success/failure message alongside      the local username, remote
 host/port and protocol in use. Certificates      contents and CA are logged
 too.      Pushing all logging onto a single line simplifies log analysis as
 it is      no longer necessary to relate information scattered across
 multiple log      entries. "I like it" markus@

---
 auth.c | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

(limited to 'auth.c')

diff --git a/auth.c b/auth.c
index ac126e6f3..9a36f1dac 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.102 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -72,6 +72,7 @@
 #include "authfile.h"
 #include "monitor_wrap.h"
 #include "krl.h"
+#include "compat.h"
 
 /* import */
 extern ServerOptions options;
@@ -251,9 +252,26 @@ allowed_user(struct passwd * pw)
 	return 1;
 }
 
+void
+auth_info(Authctxt *authctxt, const char *fmt, ...)
+{
+	va_list ap;
+        int i;
+
+	free(authctxt->info);
+	authctxt->info = NULL;
+
+	va_start(ap, fmt);
+	i = vasprintf(&authctxt->info, fmt, ap);
+	va_end(ap);
+
+	if (i < 0 || authctxt->info == NULL)
+		fatal("vasprintf failed");
+}
+
 void
 auth_log(Authctxt *authctxt, int authenticated, int partial,
-    const char *method, const char *submethod, const char *info)
+    const char *method, const char *submethod)
 {
 	void (*authlog) (const char *fmt,...) = verbose;
 	char *authmsg;
@@ -275,7 +293,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 	else
 		authmsg = authenticated ? "Accepted" : "Failed";
 
-	authlog("%s %s%s%s for %s%.100s from %.200s port %d%s",
+	authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
 	    authmsg,
 	    method,
 	    submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
@@ -283,7 +301,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 	    authctxt->user,
 	    get_remote_ipaddr(),
 	    get_remote_port(),
-	    info);
+	    compat20 ? "ssh2" : "ssh1",
+	    authctxt->info != NULL ? ": " : "",
+	    authctxt->info != NULL ? authctxt->info : "");
+	free(authctxt->info);
+	authctxt->info = NULL;
 
 #ifdef CUSTOM_FAILED_LOGIN
 	if (authenticated == 0 && !authctxt->postponed &&
-- 
cgit v1.2.3