summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2013-06-21 00:34:50 +0000
committerDamien Miller <djm@cvs.openbsd.org>2013-06-21 00:34:50 +0000
commit2a586b5423b654288ad0b2b8f3b0a8188ec66471 (patch)
tree0a9a8b062f878911434e7383f213daed08109615 /usr.bin/ssh
parent07a861bf4089b3b357a0dfd968099a685d0f25e7 (diff)
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/auth-rsa.c4
-rw-r--r--usr.bin/ssh/auth.h5
-rw-r--r--usr.bin/ssh/auth2-hostbased.c6
-rw-r--r--usr.bin/ssh/auth2-pubkey.c28
-rw-r--r--usr.bin/ssh/monitor.c7
5 files changed, 36 insertions, 14 deletions
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index 9c96eada8d9..f7f8513311d 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.83 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.84 2013/06/21 00:34:49 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -329,7 +329,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
* options; this will be reset if the options cause the
* authentication to be rejected.
*/
- pubkey_auth_info(authctxt, key);
+ pubkey_auth_info(authctxt, key, NULL);
packet_send_debug("RSA authentication accepted.");
return (1);
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index e79cf2c4605..2ce518a17df 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.74 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.75 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -113,7 +113,8 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
-void pubkey_auth_info(Authctxt *, const Key *);
+void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
+ __attribute__((__format__ (printf, 3, 4)));
struct stat;
int auth_secure_path(const char *, struct stat *, const char *, uid_t,
diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c
index 2ab0dae6d6f..1714deb1b03 100644
--- a/usr.bin/ssh/auth2-hostbased.c
+++ b/usr.bin/ssh/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.15 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -115,6 +115,10 @@ userauth_hostbased(Authctxt *authctxt)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
+
+ pubkey_auth_info(authctxt, key,
+ "client user \"%.100s\", client host \"%.100s\"", cuser, chost);
+
/* test for allowed key and correct signature */
authenticated = 0;
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c
index 61f7c207ef0..1cace440cee 100644
--- a/usr.bin/ssh/auth2-pubkey.c
+++ b/usr.bin/ssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.37 2013/05/19 02:38:28 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -144,7 +144,7 @@ userauth_pubkey(Authctxt *authctxt)
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
- pubkey_auth_info(authctxt, key);
+ pubkey_auth_info(authctxt, key, NULL);
/* test for correct signature */
authenticated = 0;
@@ -187,23 +187,37 @@ done:
}
void
-pubkey_auth_info(Authctxt *authctxt, const Key *key)
+pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
{
- char *fp;
+ char *fp, *extra;
+ va_list ap;
+ int i;
+
+ extra = NULL;
+ if (fmt != NULL) {
+ va_start(ap, fmt);
+ i = vasprintf(&extra, fmt, ap);
+ va_end(ap);
+ if (i < 0 || extra == NULL)
+ fatal("%s: vasprintf failed", __func__);
+ }
if (key_is_cert(key)) {
fp = key_fingerprint(key->cert->signature_key,
SSH_FP_MD5, SSH_FP_HEX);
- auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s",
+ auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
key_type(key), key->cert->key_id,
(unsigned long long)key->cert->serial,
- key_type(key->cert->signature_key), fp);
+ key_type(key->cert->signature_key), fp,
+ extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
} else {
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- auth_info(authctxt, "%s %s", key_type(key), fp);
+ auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+ extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
}
+ free(extra);
}
static int
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index c0e75e4e1ac..4fad8eee5ee 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.125 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.126 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -881,7 +881,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
case MM_USERKEY:
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
- pubkey_auth_info(authctxt, key);
+ pubkey_auth_info(authctxt, key, NULL);
auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1)
auth_clear_options();
@@ -890,6 +890,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
allowed = options.hostbased_authentication &&
hostbased_key_allowed(authctxt->pw,
cuser, chost, key);
+ pubkey_auth_info(authctxt, key,
+ "client user \"%.100s\", client host \"%.100s\"",
+ cuser, chost);
auth_method = "hostbased";
break;
case MM_RSAHOSTKEY: