summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authordtucker <dtucker>2013-06-01 21:41:51 +0000
committerdtucker <dtucker>2013-06-01 21:41:51 +0000
commit2d1838493e4d5589a1ccbb8df2d1957198ca0d42 (patch)
tree80c65f62cea718f3f8bcc3b91e3e38f91cf9be6e /auth.c
parent9234291d23faeb70125c9344e3cd4afe8eb1a260 (diff)
downloadopenssh-2d1838493e4d5589a1ccbb8df2d1957198ca0d42.tar.gz
- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] Standardise logging of supplemental information during userauth. Keys and ruser is now logged in the auth success/failure message alongside the local username, remote host/port and protocol in use. Certificates contents and CA are logged too. Pushing all logging onto a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. "I like it" markus@
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c30
1 files changed, 26 insertions, 4 deletions
diff --git a/auth.c b/auth.c
index ac126e6f..9a36f1da 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.102 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -72,6 +72,7 @@
#include "authfile.h"
#include "monitor_wrap.h"
#include "krl.h"
+#include "compat.h"
/* import */
extern ServerOptions options;
@@ -252,8 +253,25 @@ allowed_user(struct passwd * pw)
}
void
+auth_info(Authctxt *authctxt, const char *fmt, ...)
+{
+ va_list ap;
+ int i;
+
+ free(authctxt->info);
+ authctxt->info = NULL;
+
+ va_start(ap, fmt);
+ i = vasprintf(&authctxt->info, fmt, ap);
+ va_end(ap);
+
+ if (i < 0 || authctxt->info == NULL)
+ fatal("vasprintf failed");
+}
+
+void
auth_log(Authctxt *authctxt, int authenticated, int partial,
- const char *method, const char *submethod, const char *info)
+ const char *method, const char *submethod)
{
void (*authlog) (const char *fmt,...) = verbose;
char *authmsg;
@@ -275,7 +293,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
else
authmsg = authenticated ? "Accepted" : "Failed";
- authlog("%s %s%s%s for %s%.100s from %.200s port %d%s",
+ authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
authmsg,
method,
submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
@@ -283,7 +301,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
- info);
+ compat20 ? "ssh2" : "ssh1",
+ authctxt->info != NULL ? ": " : "",
+ authctxt->info != NULL ? authctxt->info : "");
+ free(authctxt->info);
+ authctxt->info = NULL;
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && !authctxt->postponed &&