Attachment #2295 for bug #2064

View | Details | Raw Unified | Return to bug 2064
Collapse All | Expand All

Lines 329-335 auth_rsa(Authctxt authctxt, BIGNUM cli Link Here

(-)auth-rsa.c (-1 / +1 lines)
329	* options; this will be reset if the options cause the	329	* options; this will be reset if the options cause the
330	* authentication to be rejected.	330	* authentication to be rejected.
331	*/	331	*/
332	pubkey_auth_info(authctxt, key);	332	pubkey_auth_info(authctxt, key, NULL);
333		333
334	packet_send_debug("RSA authentication accepted.");	334	packet_send_debug("RSA authentication accepted.");
335	return (1);	335	return (1);

Lines 113-119 int auth_rsa_key_allowed(struct passwd Link Here

(-)auth.h (-1 / +2 lines)
113	int auth_rhosts_rsa_key_allowed(struct passwd , char , char , Key );	113	int auth_rhosts_rsa_key_allowed(struct passwd , char , char , Key );
114	int hostbased_key_allowed(struct passwd , const char , char , Key );	114	int hostbased_key_allowed(struct passwd , const char , char , Key );
115	int user_key_allowed(struct passwd , Key );	115	int user_key_allowed(struct passwd , Key );
116	void pubkey_auth_info(Authctxt , const Key );	116	void pubkey_auth_info(Authctxt , const Key , const char *, ...)
		117	__attribute__((__format__ (printf, 3, 4)));
117		118
118	struct stat;	119	struct stat;
119	int auth_secure_path(const char , struct stat , const char *, uid_t,	120	int auth_secure_path(const char , struct stat , const char *, uid_t,




#ifdef DEBUG_PK
		buffer_dump(&b);
#endif
		pubkey_auth_info(authctxt, key, NULL);

		/* test for correct signature */
		authenticated = 0;

}

void
pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
{
	char *fp, *extra;
	va_list ap;
	int i;

	extra = NULL;
	if (fmt != NULL) {
		va_start(ap, fmt);
		i = vasprintf(&extra, fmt, ap);
		va_end(ap);
		if (i < 0 || extra == NULL)
			fatal("%s: vasprintf failed", __func__);	
	}

	if (key_is_cert(key)) {
		fp = key_fingerprint(key->cert->signature_key,
		    SSH_FP_MD5, SSH_FP_HEX);
		auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", 
		    key_type(key), key->cert->key_id,
		    (unsigned long long)key->cert->serial,
		    key_type(key->cert->signature_key), fp,
		    extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
		free(fp);
	} else {
		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);

Lines 881-887 mm_answer_keyallowed(int sock, Buffer *m Link Here

(-)monitor.c (-1 / +4 lines)
881	case MM_USERKEY:	883	case MM_USERKEY:
882	allowed = options.pubkey_authentication &&	884	allowed = options.pubkey_authentication &&
883	user_key_allowed(authctxt->pw, key);	885	user_key_allowed(authctxt->pw, key);
884	pubkey_auth_info(authctxt, key);	886	pubkey_auth_info(authctxt, key, NULL);
885	auth_method = "publickey";	887	auth_method = "publickey";
886	if (options.pubkey_authentication && allowed != 1)	888	if (options.pubkey_authentication && allowed != 1)
887	auth_clear_options();	889	auth_clear_options();
Lines 890-895 mm_answer_keyallowed(int sock, Buffer *m Link Here
890	allowed = options.hostbased_authentication &&	892	allowed = options.hostbased_authentication &&
891	hostbased_key_allowed(authctxt->pw,	893	hostbased_key_allowed(authctxt->pw,
892	cuser, chost, key);	894	cuser, chost, key);
		895	pubkey_auth_info(authctxt, key,
		896	"client user \"%.100s\", client host \"%.100s\"",
		897	cuser, chost);
893	auth_method = "hostbased";	898	auth_method = "hostbased";
894	break;	899	break;
895	case MM_RSAHOSTKEY:	900	case MM_RSAHOSTKEY:

Lines 115-120 userauth_hostbased(Authctxt *authctxt) Link Here

(-)auth2-hostbased.c (+4 lines)
115	#ifdef DEBUG_PK	115	#ifdef DEBUG_PK
116	buffer_dump(&b);	116	buffer_dump(&b);
117	#endif	117	#endif
		118
		119	pubkey_auth_info(authctxt, key,
		120	"client user \"%.100s\", client host \"%.100s\"", cuser, chost);
		121
118	/* test for allowed key and correct signature */	122	/* test for allowed key and correct signature */
119	authenticated = 0;	123	authenticated = 0;
120	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&	124	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&

Return to bug 2064

Lines 144-150 userauth_pubkey(Authctxt *authctxt) Link Here

(-)auth2-pubkey.c (-5 / +17 lines)
144	#ifdef DEBUG_PK	144	#ifdef DEBUG_PK
145	buffer_dump(&b);	145	buffer_dump(&b);
146	#endif	146	#endif
147	pubkey_auth_info(authctxt, key);	147	pubkey_auth_info(authctxt, key, NULL);
148		148
149	/* test for correct signature */	149	/* test for correct signature */
150	authenticated = 0;	150	authenticated = 0;
Lines 187-203 done: Link Here
187	}	187	}
188		188
189	void	189	void
190	pubkey_auth_info(Authctxt authctxt, const Key key)	190	pubkey_auth_info(Authctxt authctxt, const Key key, const char *fmt, ...)
191	{	191	{
192	char *fp;	192	char fp, extra;
		193	va_list ap;
		194	int i;
		195
		196	extra = NULL;
		197	if (fmt != NULL) {
		198	va_start(ap, fmt);
		199	i = vasprintf(&extra, fmt, ap);
		200	va_end(ap);
		201	if (i < 0 \|\| extra == NULL)
		202	fatal("%s: vasprintf failed", __func__);
		203	}
193		204
194	if (key_is_cert(key)) {	205	if (key_is_cert(key)) {
195	fp = key_fingerprint(key->cert->signature_key,	206	fp = key_fingerprint(key->cert->signature_key,
196	SSH_FP_MD5, SSH_FP_HEX);	207	SSH_FP_MD5, SSH_FP_HEX);
197	auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s",	208	auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
198	key_type(key), key->cert->key_id,	209	key_type(key), key->cert->key_id,
199	(unsigned long long)key->cert->serial,	210	(unsigned long long)key->cert->serial,
200	key_type(key->cert->signature_key), fp);	211	key_type(key->cert->signature_key), fp,
		212	extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
201	free(fp);	213	free(fp);
202	} else {	214	} else {
203	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);	215	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);