[Bug 1388] New: Parts of auth2-pubkey. c are completely devoid of debug logging

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Nov 4 11:42:14 EST 2007


https://bugzilla.mindrot.org/show_bug.cgi?id=1388

           Summary: Parts of auth2-pubkey.c are completely devoid of debug
                    logging
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: mvolaski at aecom.yu.edu


Consider this small section of code from the user_key_allowed2 function
in auth2-pubkey.c


/* Fail quietly if file does not exist */
        if (stat(file, &st) < 0) {
                /* Restore the privileged uid. */
                restore_uid();
                return 0;
        }
        /* Open the file containing the authorized keys. */
        f = fopen(file, "r");
        if (!f) {
                /* Restore the privileged uid. */
                restore_uid();
                return 0;
        }

Fail quietly? Why? And what about debugging? Someone trying to figure
out why authentication has failed is merely left with a statement from
later in the code sequence that just says the "key was disallowed".
That's not helpful, for it's not technically true.

(I haven't explored other sections of code, but in general, I think any
return statement in the middle of function is a failure of that
function should probably have an explanatory debug statement at some
level associated with it.)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list