From ff5d2cf4ca373bb4002eef395ed2cbe2ff0826c1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 22 Jan 2019 11:26:16 +0000 Subject: [PATCH] upstream: print the full pubkey being attempted at loglevel >= debug2; bz2939 OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290 --- auth2-pubkey.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 2fb5950ea..0b3975a74 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.87 2019/01/22 11:26:16 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -102,6 +102,22 @@ userauth_pubkey(struct ssh *ssh) (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) fatal("%s: parse request failed: %s", __func__, ssh_err(r)); + + if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) { + char *keystring; + struct sshbuf *pkbuf; + + if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL) + fatal("%s: sshbuf_from failed", __func__); + if ((keystring = sshbuf_dtob64(pkbuf)) == NULL) + fatal("%s: sshbuf_dtob64 failed", __func__); + debug2("%s: %s user %s %s public key %s %s", __func__, + authctxt->valid ? "valid" : "invalid", authctxt->user, + have_sig ? "attempting" : "querying", pkalg, keystring); + sshbuf_free(pkbuf); + free(keystring); + } + pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */