Standardise logging of supplemental information during userauth. Keys

and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.

Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@

1 files changed, 7 insertions, 3 deletions

diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index d110f84de8e..e79cf2c4605 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.73 2013/03/07 19:27:25 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.74 2013/05/19 02:42:42 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -55,6 +55,7 @@ struct Authctxt {
 	struct passwd	*pw;		/* set if 'valid' */
 	char		*style;
 	void		*kbdintctxt;
+	char		*info;		/* Extra info for next auth_log */
 	void		*jpake_ctx;
 	auth_session_t	*as;
 	char		**auth_methods;	/* modified from server config */
@@ -112,6 +113,7 @@ int	 auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
 int	 auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
 int	 hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
 int	 user_key_allowed(struct passwd *, Key *);
+void	 pubkey_auth_info(Authctxt *, const Key *);
 
 struct stat;
 int	 auth_secure_path(const char *, struct stat *, const char *, uid_t,
@@ -127,8 +129,10 @@ void	krb5_cleanup_proc(Authctxt *authctxt);
 void	do_authentication(Authctxt *);
 void	do_authentication2(Authctxt *);
 
-void	auth_log(Authctxt *, int, int, const char *, const char *,
-    const char *);
+void	auth_info(Authctxt *authctxt, const char *, ...)
+	    __attribute__((__format__ (printf, 2, 3)))
+	    __attribute__((__nonnull__ (2)));
+void	auth_log(Authctxt *, int, int, const char *, const char *);
 void	userauth_finish(Authctxt *, int, const char *, const char *);
 int	auth_root_allowed(const char *);