diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2013-06-21 00:34:50 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2013-06-21 00:34:50 +0000 |
commit | 2a586b5423b654288ad0b2b8f3b0a8188ec66471 (patch) | |
tree | 0a9a8b062f878911434e7383f213daed08109615 /usr.bin/ssh | |
parent | 07a861bf4089b3b357a0dfd968099a685d0f25e7 (diff) |
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/auth-rsa.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/auth.h | 5 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-hostbased.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-pubkey.c | 28 | ||||
-rw-r--r-- | usr.bin/ssh/monitor.c | 7 |
5 files changed, 36 insertions, 14 deletions
diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 9c96eada8d9..f7f8513311d 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rsa.c,v 1.83 2013/05/19 02:42:42 djm Exp $ */ +/* $OpenBSD: auth-rsa.c,v 1.84 2013/06/21 00:34:49 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -329,7 +329,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) * options; this will be reset if the options cause the * authentication to be rejected. */ - pubkey_auth_info(authctxt, key); + pubkey_auth_info(authctxt, key, NULL); packet_send_debug("RSA authentication accepted."); return (1); diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index e79cf2c4605..2ce518a17df 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.74 2013/05/19 02:42:42 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.75 2013/06/21 00:34:49 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -113,7 +113,8 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); int user_key_allowed(struct passwd *, Key *); -void pubkey_auth_info(Authctxt *, const Key *); +void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) + __attribute__((__format__ (printf, 3, 4))); struct stat; int auth_secure_path(const char *, struct stat *, const char *, uid_t, diff --git a/usr.bin/ssh/auth2-hostbased.c b/usr.bin/ssh/auth2-hostbased.c index 2ab0dae6d6f..1714deb1b03 100644 --- a/usr.bin/ssh/auth2-hostbased.c +++ b/usr.bin/ssh/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.15 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -115,6 +115,10 @@ userauth_hostbased(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif + + pubkey_auth_info(authctxt, key, + "client user \"%.100s\", client host \"%.100s\"", cuser, chost); + /* test for allowed key and correct signature */ authenticated = 0; if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && diff --git a/usr.bin/ssh/auth2-pubkey.c b/usr.bin/ssh/auth2-pubkey.c index 61f7c207ef0..1cace440cee 100644 --- a/usr.bin/ssh/auth2-pubkey.c +++ b/usr.bin/ssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.37 2013/05/19 02:38:28 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -144,7 +144,7 @@ userauth_pubkey(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif - pubkey_auth_info(authctxt, key); + pubkey_auth_info(authctxt, key, NULL); /* test for correct signature */ authenticated = 0; @@ -187,23 +187,37 @@ done: } void -pubkey_auth_info(Authctxt *authctxt, const Key *key) +pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) { - char *fp; + char *fp, *extra; + va_list ap; + int i; + + extra = NULL; + if (fmt != NULL) { + va_start(ap, fmt); + i = vasprintf(&extra, fmt, ap); + va_end(ap); + if (i < 0 || extra == NULL) + fatal("%s: vasprintf failed", __func__); + } if (key_is_cert(key)) { fp = key_fingerprint(key->cert->signature_key, SSH_FP_MD5, SSH_FP_HEX); - auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s", + auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", key_type(key), key->cert->key_id, (unsigned long long)key->cert->serial, - key_type(key->cert->signature_key), fp); + key_type(key->cert->signature_key), fp, + extra == NULL ? "" : ", ", extra == NULL ? "" : extra); free(fp); } else { fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); - auth_info(authctxt, "%s %s", key_type(key), fp); + auth_info(authctxt, "%s %s%s%s", key_type(key), fp, + extra == NULL ? "" : ", ", extra == NULL ? "" : extra); free(fp); } + free(extra); } static int diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index c0e75e4e1ac..4fad8eee5ee 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.125 2013/05/19 02:42:42 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.126 2013/06/21 00:34:49 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -881,7 +881,7 @@ mm_answer_keyallowed(int sock, Buffer *m) case MM_USERKEY: allowed = options.pubkey_authentication && user_key_allowed(authctxt->pw, key); - pubkey_auth_info(authctxt, key); + pubkey_auth_info(authctxt, key, NULL); auth_method = "publickey"; if (options.pubkey_authentication && allowed != 1) auth_clear_options(); @@ -890,6 +890,9 @@ mm_answer_keyallowed(int sock, Buffer *m) allowed = options.hostbased_authentication && hostbased_key_allowed(authctxt->pw, cuser, chost, key); + pubkey_auth_info(authctxt, key, + "client user \"%.100s\", client host \"%.100s\"", + cuser, chost); auth_method = "hostbased"; break; case MM_RSAHOSTKEY: |