===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2-pubkey.c,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- src/usr.bin/ssh/auth2-pubkey.c	2015/10/27 01:44:45	1.54
+++ src/usr.bin/ssh/auth2-pubkey.c	2016/01/27 00:53:12	1.55
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.54 2015/10/27 01:44:45 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -76,19 +76,19 @@
 {
 	Buffer b;
 	Key *key = NULL;
-	char *pkalg, *userstyle;
+	char *pkalg, *userstyle, *fp = NULL;
 	u_char *pkblob, *sig;
 	u_int alen, blen, slen;
 	int have_sig, pktype;
 	int authenticated = 0;
 
 	if (!authctxt->valid) {
-		debug2("userauth_pubkey: disabled because of invalid user");
+		debug2("%s: disabled because of invalid user", __func__);
 		return 0;
 	}
 	have_sig = packet_get_char();
 	if (datafellows & SSH_BUG_PKAUTH) {
-		debug2("userauth_pubkey: SSH_BUG_PKAUTH");
+		debug2("%s: SSH_BUG_PKAUTH", __func__);
 		/* no explicit pkalg given */
 		pkblob = packet_get_string(&blen);
 		buffer_init(&b);
@@ -103,18 +103,18 @@
 	pktype = key_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
-		logit("userauth_pubkey: unsupported public key algorithm: %s",
-		    pkalg);
+		logit("%s: unsupported public key algorithm: %s",
+		    __func__, pkalg);
 		goto done;
 	}
 	key = key_from_blob(pkblob, blen);
 	if (key == NULL) {
-		error("userauth_pubkey: cannot decode key: %s", pkalg);
+		error("%s: cannot decode key: %s", __func__, pkalg);
 		goto done;
 	}
 	if (key->type != pktype) {
-		error("userauth_pubkey: type mismatch for decoded key "
-		    "(received %d, expected %d)", key->type, pktype);
+		error("%s: type mismatch for decoded key "
+		    "(received %d, expected %d)", __func__, key->type, pktype);
 		goto done;
 	}
 	if (key_type_plain(key->type) == KEY_RSA &&
@@ -123,6 +123,7 @@
 		    "signature scheme");
 		goto done;
 	}
+	fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT);
 	if (auth2_userkey_already_used(authctxt, key)) {
 		logit("refusing previously-used %s key", key_type(key));
 		goto done;
@@ -135,6 +136,8 @@
 	}
 
 	if (have_sig) {
+		debug3("%s: have signature for %s %s",
+		    __func__, sshkey_type(key), fp);
 		sig = packet_get_string(&slen);
 		packet_check_eom();
 		buffer_init(&b);
@@ -180,7 +183,8 @@
 		buffer_free(&b);
 		free(sig);
 	} else {
-		debug("test whether pkalg/pkblob are acceptable");
+		debug("%s: test whether pkalg/pkblob are acceptable for %s %s",
+		    __func__, sshkey_type(key), fp);
 		packet_check_eom();
 
 		/* XXX fake reply and always send PK_OK ? */
@@ -203,11 +207,12 @@
 	if (authenticated != 1)
 		auth_clear_options();
 done:
-	debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
+	debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
 	if (key != NULL)
 		key_free(key);
 	free(pkalg);
 	free(pkblob);
+	free(fp);
 	return authenticated;
 }