diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-02 07:41:51 +1000 |
| commit | 0acca3797d53d958d240c69a5f222f2aa8444858 (patch) | |
| tree | 0a1e1208f2d9abed88716b9a12e091864e2f8d2d /auth1.c | |
| parent | 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0 (diff) | |
- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
Diffstat (limited to 'auth1.c')
| -rw-r--r-- | auth1.c | 35 |
1 files changed, 16 insertions, 19 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.78 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -45,11 +45,11 @@ extern ServerOptions options; extern Buffer loginmsg; -static int auth1_process_password(Authctxt *, char *, size_t); -static int auth1_process_rsa(Authctxt *, char *, size_t); -static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t); -static int auth1_process_tis_challenge(Authctxt *, char *, size_t); -static int auth1_process_tis_response(Authctxt *, char *, size_t); +static int auth1_process_password(Authctxt *); +static int auth1_process_rsa(Authctxt *); +static int auth1_process_rhosts_rsa(Authctxt *); +static int auth1_process_tis_challenge(Authctxt *); +static int auth1_process_tis_response(Authctxt *); static char *client_user = NULL; /* Used to fill in remote user for PAM */ @@ -57,7 +57,7 @@ struct AuthMethod1 { int type; char *name; int *enabled; - int (*method)(Authctxt *, char *, size_t); ++ int (*method)(Authctxt *); }; const struct AuthMethod1 auth1_methods[] = { @@ -112,7 +112,7 @@ get_authname(int type) /*ARGSUSED*/ static int -auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_password(Authctxt *authctxt) { int authenticated = 0; char *password; @@ -137,7 +137,7 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) /*ARGSUSED*/ static int -auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_rsa(Authctxt *authctxt) { int authenticated = 0; BIGNUM *n; @@ -155,7 +155,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) /*ARGSUSED*/ static int -auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_rhosts_rsa(Authctxt *authctxt) { int keybits, authenticated = 0; u_int bits; @@ -187,14 +187,14 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) client_host_key); key_free(client_host_key); - snprintf(info, infolen, " ruser %.100s", client_user); + auth_info(authctxt, "ruser %.100s", client_user); return (authenticated); } /*ARGSUSED*/ static int -auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_tis_challenge(Authctxt *authctxt) { char *challenge; @@ -213,7 +213,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) /*ARGSUSED*/ static int -auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) +auth1_process_tis_response(Authctxt *authctxt) { int authenticated = 0; char *response; @@ -236,7 +236,6 @@ static void do_authloop(Authctxt *authctxt) { int authenticated = 0; - char info[1024]; int prev = 0, type = 0; const struct AuthMethod1 *meth; @@ -254,7 +253,7 @@ do_authloop(Authctxt *authctxt) #endif { auth_log(authctxt, 1, 0, "without authentication", - NULL, ""); + NULL); return; } } @@ -268,7 +267,6 @@ do_authloop(Authctxt *authctxt) /* default to fail */ authenticated = 0; - info[0] = '\0'; /* Get a packet from the client. */ prev = type; @@ -298,7 +296,7 @@ do_authloop(Authctxt *authctxt) goto skip; } - authenticated = meth->method(authctxt, info, sizeof(info)); + authenticated = meth->method(authctxt); if (authenticated == -1) continue; /* "postponed" */ @@ -353,8 +351,7 @@ do_authloop(Authctxt *authctxt) skip: /* Log before sending the reply */ - auth_log(authctxt, authenticated, 0, get_authname(type), - NULL, info); + auth_log(authctxt, authenticated, 0, get_authname(type), NULL); free(client_user); client_user = NULL; |