- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
diff --git a/monitor.c b/monitor.c
index 132f60d..6acb202 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.124 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.125 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -422,8 +422,7 @@
}
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(authctxt, authenticated, partial,
- auth_method, auth_submethod,
- compat20 ? " ssh2" : "");
+ auth_method, auth_submethod);
if (!authenticated)
authctxt->failures++;
}
@@ -1168,6 +1167,7 @@
case MM_USERKEY:
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
+ pubkey_auth_info(authctxt, key);
auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1)
auth_clear_options();
@@ -1207,8 +1207,7 @@
hostbased_chost = chost;
} else {
/* Log failed attempt */
- auth_log(authctxt, 0, 0, auth_method, NULL,
- compat20 ? " ssh2" : "");
+ auth_log(authctxt, 0, 0, auth_method, NULL);
free(blob);
free(cuser);
free(chost);