- djm@cvs.openbsd.org 2010/06/22 04:49:47

     [auth.c]
     queue auth debug messages for bad ownership or permissions on the user's
     keyfiles. These messages will be sent after the user has successfully
     authenticated (where our client will display them with LogLevel=debug).

2 files changed, 9 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index fc7ac30c..556e29fe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,11 @@
      standardise error messages when attempting to open private key
      files to include "progname: filename: error reason"
      bz#1783; ok dtucker@
+   - djm@cvs.openbsd.org 2010/06/22 04:49:47
+     [auth.c]
+     queue auth debug messages for bad ownership or permissions on the user's
+     keyfiles. These messages will be sent after the user has successfully
+     authenticated (where our client will display them with LogLevel=debug).
 
 20100622
  - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
diff --git a/auth.c b/auth.c
index bec191a5..d1727a4a 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.87 2010/05/07 11:30:29 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.88 2010/06/22 04:49:47 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -397,6 +397,8 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
 			logit("Authentication refused for %.100s: "
 			    "bad owner or modes for %.200s",
 			    pw->pw_name, user_hostfile);
+			auth_debug_add("Ignored %.200s: bad ownership or modes",
+			    user_hostfile);
 		} else {
 			temporarily_use_uid(pw);
 			host_status = check_host_in_hostfile(user_hostfile,
@@ -520,6 +522,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
 		fclose(f);
 		logit("Authentication refused: %s", line);
+		auth_debug_add("Ignored %s: %s", file_type, line);
 		return NULL;
 	}