- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
diff --git a/auth1.c b/auth1.c
index 238b3c9..3518fb1 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.78 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -45,11 +45,11 @@
extern ServerOptions options;
extern Buffer loginmsg;
-static int auth1_process_password(Authctxt *, char *, size_t);
-static int auth1_process_rsa(Authctxt *, char *, size_t);
-static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t);
-static int auth1_process_tis_challenge(Authctxt *, char *, size_t);
-static int auth1_process_tis_response(Authctxt *, char *, size_t);
+static int auth1_process_password(Authctxt *);
+static int auth1_process_rsa(Authctxt *);
+static int auth1_process_rhosts_rsa(Authctxt *);
+static int auth1_process_tis_challenge(Authctxt *);
+static int auth1_process_tis_response(Authctxt *);
static char *client_user = NULL; /* Used to fill in remote user for PAM */
@@ -57,7 +57,7 @@
int type;
char *name;
int *enabled;
- int (*method)(Authctxt *, char *, size_t);
++ int (*method)(Authctxt *);
};
const struct AuthMethod1 auth1_methods[] = {
@@ -112,7 +112,7 @@
/*ARGSUSED*/
static int
-auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_password(Authctxt *authctxt)
{
int authenticated = 0;
char *password;
@@ -137,7 +137,7 @@
/*ARGSUSED*/
static int
-auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_rsa(Authctxt *authctxt)
{
int authenticated = 0;
BIGNUM *n;
@@ -155,7 +155,7 @@
/*ARGSUSED*/
static int
-auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_rhosts_rsa(Authctxt *authctxt)
{
int keybits, authenticated = 0;
u_int bits;
@@ -187,14 +187,14 @@
client_host_key);
key_free(client_host_key);
- snprintf(info, infolen, " ruser %.100s", client_user);
+ auth_info(authctxt, "ruser %.100s", client_user);
return (authenticated);
}
/*ARGSUSED*/
static int
-auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_tis_challenge(Authctxt *authctxt)
{
char *challenge;
@@ -213,7 +213,7 @@
/*ARGSUSED*/
static int
-auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_tis_response(Authctxt *authctxt)
{
int authenticated = 0;
char *response;
@@ -236,7 +236,6 @@
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
- char info[1024];
int prev = 0, type = 0;
const struct AuthMethod1 *meth;
@@ -254,7 +253,7 @@
#endif
{
auth_log(authctxt, 1, 0, "without authentication",
- NULL, "");
+ NULL);
return;
}
}
@@ -268,7 +267,6 @@
/* default to fail */
authenticated = 0;
- info[0] = '\0';
/* Get a packet from the client. */
prev = type;
@@ -298,7 +296,7 @@
goto skip;
}
- authenticated = meth->method(authctxt, info, sizeof(info));
+ authenticated = meth->method(authctxt);
if (authenticated == -1)
continue; /* "postponed" */
@@ -353,8 +351,7 @@
skip:
/* Log before sending the reply */
- auth_log(authctxt, authenticated, 0, get_authname(type),
- NULL, info);
+ auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
free(client_user);
client_user = NULL;