diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-12-19 00:24:34 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-12-19 15:21:37 +1100 |
| commit | 278856320520e851063b06cef6ef1c60d4c5d652 (patch) | |
| tree | ed57ecdcaf75baa1fd762d35d7161f021e50d4e4 /auth2-pubkey.c | |
| parent | 7860731ef190b52119fa480f8064ab03c44a120a (diff) | |
| download | openssh-git-278856320520e851063b06cef6ef1c60d4c5d652.tar.gz | |
upstream commit
include signature type and CA key (if applicable) in some
debug messages
OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 0707b8ab..eac79cc3 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.72 2017/12/18 02:25:15 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.73 2017/12/19 00:24:34 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -73,13 +73,24 @@ extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; +static char * +format_key(const struct sshkey *key) +{ + char *ret, *fp = sshkey_fingerprint(key, + options.fingerprint_hash, SSH_FP_DEFAULT); + + xasprintf(&ret, "%s %s", sshkey_type(key), fp); + free(fp); + return ret; +} + static int userauth_pubkey(struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; struct sshbuf *b; struct sshkey *key = NULL; - char *pkalg, *userstyle = NULL, *fp = NULL; + char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; u_char *pkblob, *sig, have_sig; size_t blen, slen; int r, pktype; @@ -135,7 +146,6 @@ userauth_pubkey(struct ssh *ssh) "signature scheme"); goto done; } - fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); if (auth2_key_already_used(authctxt, key)) { logit("refusing previously-used %s key", sshkey_type(key)); goto done; @@ -147,9 +157,15 @@ userauth_pubkey(struct ssh *ssh) goto done; } + key_s = format_key(key); + if (sshkey_is_cert(key)) + ca_s = format_key(key->cert->signature_key); + if (have_sig) { - debug3("%s: have signature for %s %s", - __func__, sshkey_type(key), fp); + debug3("%s: have %s signature for %s%s%s", + __func__, pkalg, key_s, + ca_s == NULL ? "" : " CA ", + ca_s == NULL ? "" : ca_s); if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); @@ -205,8 +221,11 @@ userauth_pubkey(struct ssh *ssh) free(sig); auth2_record_key(authctxt, authenticated, key); } else { - debug("%s: test whether pkalg/pkblob are acceptable for %s %s", - __func__, sshkey_type(key), fp); + debug("%s: test pkalg %s pkblob %s%s%s", + __func__, pkalg, key_s, + ca_s == NULL ? "" : " CA ", + ca_s == NULL ? "" : ca_s); + if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); @@ -237,7 +256,8 @@ done: free(userstyle); free(pkalg); free(pkblob); - free(fp); + free(key_s); + free(ca_s); return authenticated; } |