Bugzilla – Attachment 2295 Details for
Bug 2064
Enable logging of client_user at INFO priority rather than DEBUG2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Log key, client user and wire-specified client host for hostbased auth
hostbased-authinfo.diff (text/plain), 4.41 KB, created by
Damien Miller
on 2013-06-05 11:44:29 AEST
(
hide
)
Description:
Log key, client user and wire-specified client host for hostbased auth
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2013-06-05 11:44:29 AEST
Size:
4.41 KB
patch
obsolete
>Index: auth-rsa.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth-rsa.c,v >retrieving revision 1.83 >diff -u -p -r1.83 auth-rsa.c >--- auth-rsa.c 19 May 2013 02:42:42 -0000 1.83 >+++ auth-rsa.c 5 Jun 2013 01:40:26 -0000 >@@ -329,7 +329,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli > * options; this will be reset if the options cause the > * authentication to be rejected. > */ >- pubkey_auth_info(authctxt, key); >+ pubkey_auth_info(authctxt, key, NULL); > > packet_send_debug("RSA authentication accepted."); > return (1); >Index: auth.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth.h,v >retrieving revision 1.74 >diff -u -p -r1.74 auth.h >--- auth.h 19 May 2013 02:42:42 -0000 1.74 >+++ auth.h 5 Jun 2013 01:40:26 -0000 >@@ -113,7 +113,8 @@ int auth_rsa_key_allowed(struct passwd > int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); > int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); > int user_key_allowed(struct passwd *, Key *); >-void pubkey_auth_info(Authctxt *, const Key *); >+void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) >+ __attribute__((__format__ (printf, 3, 4))); > > struct stat; > int auth_secure_path(const char *, struct stat *, const char *, uid_t, >Index: auth2-pubkey.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth2-pubkey.c,v >retrieving revision 1.37 >diff -u -p -r1.37 auth2-pubkey.c >--- auth2-pubkey.c 19 May 2013 02:38:28 -0000 1.37 >+++ auth2-pubkey.c 5 Jun 2013 01:40:26 -0000 >@@ -144,7 +144,7 @@ userauth_pubkey(Authctxt *authctxt) > #ifdef DEBUG_PK > buffer_dump(&b); > #endif >- pubkey_auth_info(authctxt, key); >+ pubkey_auth_info(authctxt, key, NULL); > > /* test for correct signature */ > authenticated = 0; >@@ -187,17 +187,29 @@ done: > } > > void >-pubkey_auth_info(Authctxt *authctxt, const Key *key) >+pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) > { >- char *fp; >+ char *fp, *extra; >+ va_list ap; >+ int i; >+ >+ extra = NULL; >+ if (fmt != NULL) { >+ va_start(ap, fmt); >+ i = vasprintf(&extra, fmt, ap); >+ va_end(ap); >+ if (i < 0 || extra == NULL) >+ fatal("%s: vasprintf failed", __func__); >+ } > > if (key_is_cert(key)) { > fp = key_fingerprint(key->cert->signature_key, > SSH_FP_MD5, SSH_FP_HEX); >- auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s", >+ auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", > key_type(key), key->cert->key_id, > (unsigned long long)key->cert->serial, >- key_type(key->cert->signature_key), fp); >+ key_type(key->cert->signature_key), fp, >+ extra == NULL ? "" : ", ", extra == NULL ? "" : extra); > free(fp); > } else { > fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); >Index: monitor.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/monitor.c,v >retrieving revision 1.125 >diff -u -p -r1.125 monitor.c >--- monitor.c 19 May 2013 02:42:42 -0000 1.125 >+++ monitor.c 5 Jun 2013 01:40:27 -0000 >@@ -881,7 +883,7 @@ mm_answer_keyallowed(int sock, Buffer *m > case MM_USERKEY: > allowed = options.pubkey_authentication && > user_key_allowed(authctxt->pw, key); >- pubkey_auth_info(authctxt, key); >+ pubkey_auth_info(authctxt, key, NULL); > auth_method = "publickey"; > if (options.pubkey_authentication && allowed != 1) > auth_clear_options(); >@@ -890,6 +892,9 @@ mm_answer_keyallowed(int sock, Buffer *m > allowed = options.hostbased_authentication && > hostbased_key_allowed(authctxt->pw, > cuser, chost, key); >+ pubkey_auth_info(authctxt, key, >+ "client user \"%.100s\", client host \"%.100s\"", >+ cuser, chost); > auth_method = "hostbased"; > break; > case MM_RSAHOSTKEY: >Index: auth2-hostbased.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth2-hostbased.c,v >retrieving revision 1.15 >diff -u -p -r1.15 auth2-hostbased.c >--- auth2-hostbased.c 17 May 2013 00:13:13 -0000 1.15 >+++ auth2-hostbased.c 5 Jun 2013 01:40:27 -0000 >@@ -115,6 +115,10 @@ userauth_hostbased(Authctxt *authctxt) > #ifdef DEBUG_PK > buffer_dump(&b); > #endif >+ >+ pubkey_auth_info(authctxt, key, >+ "client user \"%.100s\", client host \"%.100s\"", cuser, chost); >+ > /* test for allowed key and correct signature */ > authenticated = 0; > if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2295">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2064
: 2295