diff options
author | Damien Miller <djm@mindrot.org> | 2012-12-03 09:53:20 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-12-03 09:53:20 +1100 |
commit | 15b05cfa17592da7470d7bd4b2de063188697471 (patch) | |
tree | 50686085795dc25237f6aabe4c2a5963f38a6e06 /auth.c | |
parent | aa5b3f831417bac9538d2b6f21d55fef278e8926 (diff) | |
download | openssh-git-15b05cfa17592da7470d7bd4b2de063188697471.tar.gz |
- djm@cvs.openbsd.org 2012/12/02 20:34:10
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
[monitor.c monitor.h]
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 12 |
1 files changed, 8 insertions, 4 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.97 2012/10/30 21:29:54 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.98 2012/12/02 20:34:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -251,7 +251,8 @@ allowed_user(struct passwd * pw) } void -auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) +auth_log(Authctxt *authctxt, int authenticated, int partial, + const char *method, const char *submethod, const char *info) { void (*authlog) (const char *fmt,...) = verbose; char *authmsg; @@ -268,12 +269,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) if (authctxt->postponed) authmsg = "Postponed"; + else if (partial) + authmsg = "Partial"; else authmsg = authenticated ? "Accepted" : "Failed"; - authlog("%s %s for %s%.100s from %.200s port %d%s", + authlog("%s %s%s%s for %s%.100s from %.200s port %d%s", authmsg, method, + submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, authctxt->valid ? "" : "invalid user ", authctxt->user, get_remote_ipaddr(), @@ -303,7 +307,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) * Check whether root logins are disallowed. */ int -auth_root_allowed(char *method) +auth_root_allowed(const char *method) { switch (options.permit_root_login) { case PERMIT_YES: |