version 1.132, 2018/07/11 08:19:35 |
version 1.133, 2018/09/12 01:19:12 |
|
|
{ |
{ |
const struct sshkey *key = authctxt->auth_method_key; |
const struct sshkey *key = authctxt->auth_method_key; |
const char *methinfo = authctxt->auth_method_info; |
const char *methinfo = authctxt->auth_method_info; |
char *fp, *ret = NULL; |
char *fp, *cafp, *ret = NULL; |
|
|
if (key == NULL) |
if (key == NULL) |
return NULL; |
return NULL; |
|
|
if (sshkey_is_cert(key)) { |
if (sshkey_is_cert(key)) { |
fp = sshkey_fingerprint(key->cert->signature_key, |
fp = sshkey_fingerprint(key, |
options.fingerprint_hash, SSH_FP_DEFAULT); |
options.fingerprint_hash, SSH_FP_DEFAULT); |
xasprintf(&ret, "%s ID %s (serial %llu) CA %s %s%s%s", |
cafp = sshkey_fingerprint(key->cert->signature_key, |
sshkey_type(key), key->cert->key_id, |
options.fingerprint_hash, SSH_FP_DEFAULT); |
|
xasprintf(&ret, "%s %s ID %s (serial %llu) CA %s %s%s%s", |
|
sshkey_type(key), fp == NULL ? "(null)" : fp, |
|
key->cert->key_id, |
(unsigned long long)key->cert->serial, |
(unsigned long long)key->cert->serial, |
sshkey_type(key->cert->signature_key), |
sshkey_type(key->cert->signature_key), |
fp == NULL ? "(null)" : fp, |
cafp == NULL ? "(null)" : cafp, |
methinfo == NULL ? "" : ", ", |
methinfo == NULL ? "" : ", ", |
methinfo == NULL ? "" : methinfo); |
methinfo == NULL ? "" : methinfo); |
free(fp); |
free(fp); |
|
free(cafp); |
} else { |
} else { |
fp = sshkey_fingerprint(key, options.fingerprint_hash, |
fp = sshkey_fingerprint(key, options.fingerprint_hash, |
SSH_FP_DEFAULT); |
SSH_FP_DEFAULT); |
|
|
const char *method, const char *submethod) |
const char *method, const char *submethod) |
{ |
{ |
struct ssh *ssh = active_state; /* XXX */ |
struct ssh *ssh = active_state; /* XXX */ |
void (*authlog) (const char *fmt,...) = verbose; |
int level = SYSLOG_LEVEL_VERBOSE; |
const char *authmsg; |
const char *authmsg; |
char *extra = NULL; |
char *extra = NULL; |
|
|
|
|
!authctxt->valid || |
!authctxt->valid || |
authctxt->failures >= options.max_authtries / 2 || |
authctxt->failures >= options.max_authtries / 2 || |
strcmp(method, "password") == 0) |
strcmp(method, "password") == 0) |
authlog = logit; |
level = SYSLOG_LEVEL_INFO; |
|
|
if (authctxt->postponed) |
if (authctxt->postponed) |
authmsg = "Postponed"; |
authmsg = "Postponed"; |
|
|
extra = xstrdup(authctxt->auth_method_info); |
extra = xstrdup(authctxt->auth_method_info); |
} |
} |
|
|
authlog("%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", |
do_log2(level, "%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s", |
authmsg, |
authmsg, |
method, |
method, |
submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, |
submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, |