openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: [PATCH] add log= directive to authorized_h

Re: [PATCH] add log= directive to authorized_hosts

From: Alex Bligh <alex_at_nospam>
Date: Sat Oct 08 2011 - 15:52:34 GMT
To: openssh-unix-dev@mindrot.org

--On 8 October 2011 15:05:28 +0100 Alex Bligh <alex@alex.org.uk> wrote:

> Attached is a patch which adds a log= directive to authorized_keys. The
> text
> in the log="text" directive is appended to the log line, so you can easily
> tell which key is matched.

Patch inline below - the list stripped it

-- Alex Bligh diff --git a/auth-options.c b/auth-options.c index 86c2317..334ec87 100644 --- a/auth-options.c +++ b/auth-options.c @@ -56,6 +56,9 @@ int forced_tun_device = -1; /* "principals=" option. */ char *authorized_principals = NULL; +/* "log=" option */ +char *log_auth_option = NULL; + extern ServerOptions options; void @@ -81,6 +84,10 @@ auth_clear_options(void) xfree(authorized_principals); authorized_principals = NULL; } + if (log_auth_option) { + xfree(log_auth_option); + log_auth_option = NULL; + } forced_tun_device = -1; channel_clear_permitted_opens(); } @@ -206,6 +213,35 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) opts++; goto next_option; } + cp = "log=\""; + if (strncasecmp(opts, cp, strlen(cp)) == 0) { + opts += strlen(cp); + log_auth_option = xmalloc(strlen(opts) + 1); + i = 0; + while (*opts) { + if (*opts == '"') + break; + if (*opts == '\\' && opts[1] == '"') { + opts += 2; + log_auth_option[i++] = '"'; + continue; + } + log_auth_option[i++] = *opts++; + } + if (!*opts) { + debug("%.100s, line %lu: missing end quote", + file, linenum); + auth_debug_add("%.100s, line %lu: missing end quote", + file, linenum); + xfree(log_auth_option); + log_auth_option = NULL; + goto bad_option; + } + log_auth_option[i] = '\0'; + auth_debug_add("Log auth option: %.900s", log_auth_option); + opts++; + goto next_option; + } cp = "environment=\""; if (options.permit_user_env && strncasecmp(opts, cp, strlen(cp)) == 0) { diff --git a/auth-options.h b/auth-options.h index 7455c94..d895849 100644 --- a/auth-options.h +++ b/auth-options.h @@ -30,6 +30,7 @@ extern int no_user_rc; extern char *forced_command; extern struct envstring *custom_environment; extern int forced_tun_device; +extern char *log_auth_option; extern int key_is_cert_authority; extern char *authorized_principals; diff --git a/auth.c b/auth.c index d3663a4..9bb20fc 100644 --- a/auth.c +++ b/auth.c @@ -199,14 +199,16 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) else authmsg = authenticated ? "Accepted" : "Failed"; - authlog("%s %s for %s%.100s from %.200s port %d%s", + authlog("%s %s for %s%.100s from %.200s port %d%s%s%s", authmsg, method, authctxt->valid ? "" : "invalid user ", authctxt->user, get_remote_ipaddr(), get_remote_port(), - info); + info, + log_auth_option?" ":"", + log_auth_option?log_auth_option:""); } /* diff --git a/sshd.8 b/sshd.8 index 5c40007..04e0c85 100644 --- a/sshd.8 +++ b/sshd.8 @@ -518,6 +518,8 @@ Also note that this command may be superseded by either a .Xr sshd_config 5 .Cm ForceCommand directive or a command embedded in a certificate. +.It Cm log="text" +Causes the text specified to be appended to authentication log messages. .It Cm environment="NAME=value" Specifies that the string is to be added to the environment when logging in using this key. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev