upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
author: djm@openbsd.org <djm@openbsd.org> 2020-10-18 11:32:01 +0000
committer: Damien Miller <djm@mindrot.org> 2020-10-18 23:46:29 +1100
commit: 816036f142ecd284c12bb3685ae316a68d2ef190 (patch)
tree: b964deff7f92305df67c23cc359859101798d629 /auth2-pubkey.c
parent: 9e2c4f64224f68fb84c49b5182e449f94b0dc985 (diff)
1 files changed, 46 insertions, 58 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index c3ecd9af..b331216c 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.100 2020/08/27 01:07:09 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.101 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -104,17 +104,17 @@ userauth_pubkey(struct ssh *ssh)
 	if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
 	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
-		fatal("%s: parse request failed: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
 		char *keystring;
 		struct sshbuf *pkbuf;
 
 		if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
-			fatal("%s: sshbuf_from failed", __func__);
+			fatal_f("sshbuf_from failed");
 		if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
-			fatal("%s: sshbuf_dtob64 failed", __func__);
-		debug2("%s: %s user %s %s public key %s %s", __func__,
+			fatal_f("sshbuf_dtob64 failed");
+		debug2_f("%s user %s %s public key %s %s",
 		    authctxt->valid ? "valid" : "invalid", authctxt->user,
 		    have_sig ? "attempting" : "querying", pkalg, keystring);
 		sshbuf_free(pkbuf);
@@ -124,21 +124,20 @@ userauth_pubkey(struct ssh *ssh)
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
-		verbose("%s: unsupported public key algorithm: %s",
-		    __func__, pkalg);
+		verbose_f("unsupported public key algorithm: %s", pkalg);
 		goto done;
 	}
 	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
-		error("%s: could not parse key: %s", __func__, ssh_err(r));
+		error_fr(r, "parse key");
 		goto done;
 	}
 	if (key == NULL) {
-		error("%s: cannot decode key: %s", __func__, pkalg);
+		error_f("cannot decode key: %s", pkalg);
 		goto done;
 	}
 	if (key->type != pktype) {
-		error("%s: type mismatch for decoded key "
-		    "(received %d, expected %d)", __func__, key->type, pktype);
+		error_f("type mismatch for decoded key "
+		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
 	if (sshkey_type_plain(key->type) == KEY_RSA &&
@@ -152,15 +151,15 @@ userauth_pubkey(struct ssh *ssh)
 		goto done;
 	}
 	if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {
-		logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
-		    __func__, sshkey_ssh_name(key));
+		logit_f("key type %s not in PubkeyAcceptedKeyTypes",
+		    sshkey_ssh_name(key));
 		goto done;
 	}
 	if ((r = sshkey_check_cert_sigtype(key,
 	    options.ca_sign_algorithms)) != 0) {
-		logit("%s: certificate signature algorithm %s: %s", __func__,
+		logit_fr(r, "certificate signature algorithm %s",
 		    (key->cert == NULL || key->cert->signature_type == NULL) ?
-		    "(null)" : key->cert->signature_type, ssh_err(r));
+		    "(null)" : key->cert->signature_type);
 		goto done;
 	}
 	key_s = format_key(key);
@@ -168,29 +167,23 @@ userauth_pubkey(struct ssh *ssh)
 		ca_s = format_key(key->cert->signature_key);
 
 	if (have_sig) {
-		debug3("%s: have %s signature for %s%s%s",
-		    __func__, pkalg, key_s,
-		    ca_s == NULL ? "" : " CA ",
-		    ca_s == NULL ? "" : ca_s);
+		debug3_f("have %s signature for %s%s%s", pkalg, key_s,
+		    ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
 		if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||
 		    (r = sshpkt_get_end(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse signature packet");
 		if ((b = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
+			fatal_f("sshbuf_new failed");
 		if (ssh->compat & SSH_OLD_SESSIONID) {
-			if ((r = sshbuf_put(b, session_id2,
-			    session_id2_len)) != 0)
-				fatal("%s: sshbuf_put session id: %s",
-				    __func__, ssh_err(r));
+			if ((r = sshbuf_put(b, session_id2, session_id2_len)) != 0)
+				fatal_fr(r, "put old session id");
 		} else {
 			if ((r = sshbuf_put_string(b, session_id2,
 			    session_id2_len)) != 0)
-				fatal("%s: sshbuf_put_string session id: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "put session id");
 		}
 		if (!authctxt->valid || authctxt->user == NULL) {
-			debug2("%s: disabled because of invalid user",
-			    __func__);
+			debug2_f("disabled because of invalid user");
 			goto done;
 		}
 		/* reconstruct packet */
@@ -204,8 +197,7 @@ userauth_pubkey(struct ssh *ssh)
 		    (r = sshbuf_put_u8(b, have_sig)) != 0 ||
 		    (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
 		    (r = sshbuf_put_string(b, pkblob, blen)) != 0)
-			fatal("%s: build packet failed: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "reconstruct packet");
 #ifdef DEBUG_PK
 		sshbuf_dump(b, stderr);
 #endif
@@ -221,9 +213,8 @@ userauth_pubkey(struct ssh *ssh)
 		if (authenticated == 1 && sig_details != NULL) {
 			auth2_record_info(authctxt, "signature count = %u",
 			    sig_details->sk_counter);
-			debug("%s: sk_counter = %u, sk_flags = 0x%02x",
-			    __func__, sig_details->sk_counter,
-			    sig_details->sk_flags);
+			debug_f("sk_counter = %u, sk_flags = 0x%02x",
+			    sig_details->sk_counter, sig_details->sk_flags);
 			req_presence = (options.pubkey_auth_options &
 			    PUBKEYAUTH_TOUCH_REQUIRED) ||
 			    !authopts->no_require_user_presence;
@@ -256,17 +247,14 @@ userauth_pubkey(struct ssh *ssh)
 		}
 		auth2_record_key(authctxt, authenticated, key);
 	} else {
-		debug("%s: test pkalg %s pkblob %s%s%s",
-		    __func__, pkalg, key_s,
-		    ca_s == NULL ? "" : " CA ",
-		    ca_s == NULL ? "" : ca_s);
+		debug_f("test pkalg %s pkblob %s%s%s", pkalg, key_s,
+		    ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
 
 		if ((r = sshpkt_get_end(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse packet");
 
 		if (!authctxt->valid || authctxt->user == NULL) {
-			debug2("%s: disabled because of invalid user",
-			    __func__);
+			debug2_f("disabled because of invalid user");
 			goto done;
 		}
 		/* XXX fake reply and always send PK_OK ? */
@@ -284,16 +272,16 @@ userauth_pubkey(struct ssh *ssh)
 			    (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||
 			    (r = sshpkt_send(ssh)) != 0 ||
 			    (r = ssh_packet_write_wait(ssh)) != 0)
-				fatal("%s: %s", __func__, ssh_err(r));
+				fatal_fr(r, "send packet");
 			authctxt->postponed = 1;
 		}
 	}
 done:
 	if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {
-		debug("%s: key options inconsistent with existing", __func__);
+		debug_f("key options inconsistent with existing");
 		authenticated = 0;
 	}
-	debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
+	debug2_f("authenticated %d pkalg %s", authenticated, pkalg);
 
 	sshbuf_free(b);
 	sshauthopt_free(authopts);
@@ -500,20 +488,20 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
 	}
 	if ((ca_fp = sshkey_fingerprint(cert->signature_key,
 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		goto out;
 	}
 	if ((key_fp = sshkey_fingerprint(key,
 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		goto out;
 	}
 	if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
-		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_base64 failed");
 		goto out;
 	}
 	if ((r = sshkey_to_base64(key, &keytext)) != 0) {
-		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_base64 failed");
 		goto out;
 	}
 	snprintf(serial_s, sizeof(serial_s), "%llu",
@@ -535,7 +523,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
 		    "s", serial_s,
 		    (char *)NULL);
 		if (tmp == NULL)
-			fatal("%s: percent_expand failed", __func__);
+			fatal_f("percent_expand failed");
 		free(av[i]);
 		av[i] = tmp;
 	}
@@ -598,7 +586,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
 		*authoptsp = NULL;
 
 	if ((found = sshkey_new(want_keytype)) == NULL) {
-		debug3("%s: keytype %d failed", __func__, want_keytype);
+		debug3_f("keytype %d failed", want_keytype);
 		goto out;
 	}
 
@@ -640,7 +628,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
 	/* We have a candidate key, perform authorisation checks */
 	if ((fp = sshkey_fingerprint(found,
 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-		fatal("%s: fingerprint failed", __func__);
+		fatal_f("fingerprint failed");
 
 	debug("%s: matching %s found: %s %s", loc,
 	    sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp);
@@ -697,7 +685,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
 
  success:
 	if (finalopts == NULL)
-		fatal("%s: internal error: missing options", __func__);
+		fatal_f("internal error: missing options");
 	if (authoptsp != NULL) {
 		*authoptsp = finalopts;
 		finalopts = NULL;
@@ -776,9 +764,9 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
 
 	if ((r = sshkey_in_file(key->cert->signature_key,
 	    options.trusted_user_ca_keys, 1, 0)) != 0) {
-		debug2("%s: CA %s %s is not listed in %s: %s", __func__,
+		debug2_fr(r, "CA %s %s is not listed in %s",
 		    sshkey_type(key->cert->signature_key), ca_fp,
-		    options.trusted_user_ca_keys, ssh_err(r));
+		    options.trusted_user_ca_keys);
 		goto out;
 	}
 	/*
@@ -803,7 +791,7 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
 		goto fail_reason;
 	}
 	if (use_authorized_principals && principals_opts == NULL)
-		fatal("%s: internal error: missing principals_opts", __func__);
+		fatal_f("internal error: missing principals_opts");
 	if (sshkey_cert_check_authority(key, 0, 1,
 	    use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
 		goto fail_reason;
@@ -928,11 +916,11 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
 	/* Prepare AuthorizedKeysCommand */
 	if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
 	    SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		goto out;
 	}
 	if ((r = sshkey_to_base64(key, &keytext)) != 0) {
-		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_base64 failed");
 		goto out;
 	}
 
@@ -959,7 +947,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
 		    "k", keytext,
 		    (char *)NULL);
 		if (tmp == NULL)
-			fatal("%s: percent_expand failed", __func__);
+			fatal_f("percent_expand failed");
 		free(av[i]);
 		av[i] = tmp;
 	}
author	djm@openbsd.org <djm@openbsd.org>	2020-10-18 11:32:01 +0000
committer	Damien Miller <djm@mindrot.org>	2020-10-18 23:46:29 +1100
commit	816036f142ecd284c12bb3685ae316a68d2ef190 (patch)
tree	b964deff7f92305df67c23cc359859101798d629 /auth2-pubkey.c
parent	9e2c4f64224f68fb84c49b5182e449f94b0dc985 (diff)