Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 0acca3797d53d958d240c69a5f222f2aa8444858^! / . / auth.c
commit0acca3797d53d958d240c69a5f222f2aa8444858[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Sun Jun 02 07:41:51 2013 +1000
committerDarren Tucker <dtucker@zip.com.au>Sun Jun 02 07:41:51 2013 +1000
tree0a1e1208f2d9abed88716b9a12e091864e2f8d2d
parent74836ae0fabcc1a76b9d9eacd1629c88a054b2d0 [diff] [blame]
   - djm@cvs.openbsd.org 2013/05/19 02:42:42
     [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
     Standardise logging of supplemental information during userauth. Keys
     and ruser is now logged in the auth success/failure message alongside
     the local username, remote host/port and protocol in use. Certificates
     contents and CA are logged too.
     Pushing all logging onto a single line simplifies log analysis as it is
     no longer necessary to relate information scattered across multiple log
     entries. "I like it" markus@

diff --git a/auth.c b/auth.c
index ac126e6..9a36f1d 100644
--- a/auth.c
+++ b/auth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.102 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -72,6 +72,7 @@
 #include "authfile.h"
 #include "monitor_wrap.h"
 #include "krl.h"
+#include "compat.h"
 
 /* import */
 extern ServerOptions options;
@@ -252,8 +253,25 @@
 }
 
 void
+auth_info(Authctxt *authctxt, const char *fmt, ...)
+{
+	va_list ap;
+        int i;
+
+	free(authctxt->info);
+	authctxt->info = NULL;
+
+	va_start(ap, fmt);
+	i = vasprintf(&authctxt->info, fmt, ap);
+	va_end(ap);
+
+	if (i < 0 || authctxt->info == NULL)
+		fatal("vasprintf failed");
+}
+
+void
 auth_log(Authctxt *authctxt, int authenticated, int partial,
-    const char *method, const char *submethod, const char *info)
+    const char *method, const char *submethod)
 {
 	void (*authlog) (const char *fmt,...) = verbose;
 	char *authmsg;
@@ -275,7 +293,7 @@
 	else
 		authmsg = authenticated ? "Accepted" : "Failed";
 
-	authlog("%s %s%s%s for %s%.100s from %.200s port %d%s",
+	authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
 	    authmsg,
 	    method,
 	    submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
@@ -283,7 +301,11 @@
 	    authctxt->user,
 	    get_remote_ipaddr(),
 	    get_remote_port(),
-	    info);
+	    compat20 ? "ssh2" : "ssh1",
+	    authctxt->info != NULL ? ": " : "",
+	    authctxt->info != NULL ? authctxt->info : "");
+	free(authctxt->info);
+	authctxt->info = NULL;
 
 #ifdef CUSTOM_FAILED_LOGIN
 	if (authenticated == 0 && !authctxt->postponed &&