[PATCH] add log= directive to authorized_hosts

Alex Bligh alex at alex.org.uk
Sun Oct 9 02:52:34 EST 2011



--On 8 October 2011 15:05:28 +0100 Alex Bligh <alex at alex.org.uk> wrote:

> Attached is a patch which adds a log= directive to authorized_keys. The
> text
> in the log="text" directive is appended to the log line, so you can easily
> tell which key is matched.

Patch inline below - the list stripped it

-- 
Alex Bligh

diff --git a/auth-options.c b/auth-options.c
index 86c2317..334ec87 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -56,6 +56,9 @@ int forced_tun_device = -1;
 /* "principals=" option. */
 char *authorized_principals = NULL;

+/* "log=" option */
+char *log_auth_option = NULL;
+
 extern ServerOptions options;

 void
@@ -81,6 +84,10 @@ auth_clear_options(void)
 		xfree(authorized_principals);
 		authorized_principals = NULL;
 	}
+	if (log_auth_option) {
+		xfree(log_auth_option);
+		log_auth_option = NULL;
+	}
 	forced_tun_device = -1;
 	channel_clear_permitted_opens();
 }
@@ -206,6 +213,35 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			opts++;
 			goto next_option;
 		}
+		cp = "log=\"";
+		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+			opts += strlen(cp);
+			log_auth_option = xmalloc(strlen(opts) + 1);
+			i = 0;
+			while (*opts) {
+				if (*opts == '"')
+					break;
+				if (*opts == '\\' && opts[1] == '"') {
+					opts += 2;
+					log_auth_option[i++] = '"';
+					continue;
+				}
+				log_auth_option[i++] = *opts++;
+			}
+			if (!*opts) {
+				debug("%.100s, line %lu: missing end quote",
+				    file, linenum);
+				auth_debug_add("%.100s, line %lu: missing end quote",
+				    file, linenum);
+				xfree(log_auth_option);
+				log_auth_option = NULL;
+				goto bad_option;
+			}
+			log_auth_option[i] = '\0';
+			auth_debug_add("Log auth option: %.900s", log_auth_option);
+			opts++;
+			goto next_option;
+		}
 		cp = "environment=\"";
 		if (options.permit_user_env &&
 		    strncasecmp(opts, cp, strlen(cp)) == 0) {
diff --git a/auth-options.h b/auth-options.h
index 7455c94..d895849 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -30,6 +30,7 @@ extern int no_user_rc;
 extern char *forced_command;
 extern struct envstring *custom_environment;
 extern int forced_tun_device;
+extern char *log_auth_option;
 extern int key_is_cert_authority;
 extern char *authorized_principals;

diff --git a/auth.c b/auth.c
index d3663a4..9bb20fc 100644
--- a/auth.c
+++ b/auth.c
@@ -199,14 +199,16 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
 	else
 		authmsg = authenticated ? "Accepted" : "Failed";

-	authlog("%s %s for %s%.100s from %.200s port %d%s",
+	authlog("%s %s for %s%.100s from %.200s port %d%s%s%s",
 	    authmsg,
 	    method,
 	    authctxt->valid ? "" : "invalid user ",
 	    authctxt->user,
 	    get_remote_ipaddr(),
 	    get_remote_port(),
-	    info);
+	    info,
+	    log_auth_option?" ":"",
+	    log_auth_option?log_auth_option:"");
 }

 /*
diff --git a/sshd.8 b/sshd.8
index 5c40007..04e0c85 100644
--- a/sshd.8
+++ b/sshd.8
@@ -518,6 +518,8 @@ Also note that this command may be superseded by either a
 .Xr sshd_config 5
 .Cm ForceCommand
 directive or a command embedded in a certificate.
+.It Cm log="text"
+Causes the text specified to be appended to authentication log messages.
 .It Cm environment="NAME=value"
 Specifies that the string is to be added to the environment when
 logging in using this key.



More information about the openssh-unix-dev mailing list