summaryrefslogtreecommitdiffstats
path: root/auth-rsa.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-06-01 23:41:51 +0200
committerDarren Tucker <dtucker@zip.com.au>2013-06-01 23:41:51 +0200
commit0acca3797d53d958d240c69a5f222f2aa8444858 (patch)
tree0a1e1208f2d9abed88716b9a12e091864e2f8d2d /auth-rsa.c
parent - djm@cvs.openbsd.org 2013/05/19 02:38:28 (diff)
downloadopenssh-0acca3797d53d958d240c69a5f222f2aa8444858.tar.xz
openssh-0acca3797d53d958d240c69a5f222f2aa8444858.zip
- djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] Standardise logging of supplemental information during userauth. Keys and ruser is now logged in the auth success/failure message alongside the local username, remote host/port and protocol in use. Certificates contents and CA are logged too. Pushing all logging onto a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. "I like it" markus@
Diffstat (limited to 'auth-rsa.c')
-rw-r--r--auth-rsa.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index 748eaae09..92f0ad75c 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.82 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.83 2013/05/19 02:42:42 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -164,7 +164,7 @@ static int
rsa_key_allowed_in_file(struct passwd *pw, char *file,
const BIGNUM *client_n, Key **rkey)
{
- char line[SSH_MAX_PUBKEY_BYTES];
+ char *fp, line[SSH_MAX_PUBKEY_BYTES];
int allowed = 0;
u_int bits;
FILE *f;
@@ -232,6 +232,11 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ debug("matching key found: file %s, line %lu %s %s",
+ file, linenum, key_type(key), fp);
+ free(fp);
+
/* Never accept a revoked key */
if (auth_key_is_revoked(key))
break;
@@ -298,7 +303,6 @@ int
auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
{
Key *key;
- char *fp;
struct passwd *pw = authctxt->pw;
/* no user given */
@@ -328,11 +332,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
* options; this will be reset if the options cause the
* authentication to be rejected.
*/
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- verbose("Found matching %s key: %s",
- key_type(key), fp);
- free(fp);
- key_free(key);
+ pubkey_auth_info(authctxt, key);
packet_send_debug("RSA authentication accepted.");
return (1);