upstream commit

make the debug messages a bit more useful here

Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index b1b5b747b533b97ecd10af1890f642f215903b7e..41b34aed24178f39baf03a99d976c5e326d47654 100644 (file)
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.54 2015/10/27 01:44:45 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -79,19 +79,19 @@ userauth_pubkey(Authctxt *authctxt)
 {
        Buffer b;
        Key *key = NULL;
-       char *pkalg, *userstyle;
+       char *pkalg, *userstyle, *fp = NULL;
        u_char *pkblob, *sig;
        u_int alen, blen, slen;
        int have_sig, pktype;
        int authenticated = 0;
 
        if (!authctxt->valid) {
-               debug2("userauth_pubkey: disabled because of invalid user");
+               debug2("%s: disabled because of invalid user", __func__);
                return 0;
        }
        have_sig = packet_get_char();
        if (datafellows & SSH_BUG_PKAUTH) {
-               debug2("userauth_pubkey: SSH_BUG_PKAUTH");
+               debug2("%s: SSH_BUG_PKAUTH", __func__);
                /* no explicit pkalg given */
                pkblob = packet_get_string(&blen);
                buffer_init(&b);
@@ -106,18 +106,18 @@ userauth_pubkey(Authctxt *authctxt)
        pktype = key_type_from_name(pkalg);
        if (pktype == KEY_UNSPEC) {
                /* this is perfectly legal */
-               logit("userauth_pubkey: unsupported public key algorithm: %s",
-                   pkalg);
+               logit("%s: unsupported public key algorithm: %s",
+                   __func__, pkalg);
                goto done;
        }
        key = key_from_blob(pkblob, blen);
        if (key == NULL) {
-               error("userauth_pubkey: cannot decode key: %s", pkalg);
+               error("%s: cannot decode key: %s", __func__, pkalg);
                goto done;
        }
        if (key->type != pktype) {
-               error("userauth_pubkey: type mismatch for decoded key "
-                   "(received %d, expected %d)", key->type, pktype);
+               error("%s: type mismatch for decoded key "
+                   "(received %d, expected %d)", __func__, key->type, pktype);
                goto done;
        }
        if (key_type_plain(key->type) == KEY_RSA &&
@@ -126,6 +126,7 @@ userauth_pubkey(Authctxt *authctxt)
                    "signature scheme");
                goto done;
        }
+       fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT);
        if (auth2_userkey_already_used(authctxt, key)) {
                logit("refusing previously-used %s key", key_type(key));
                goto done;
@@ -138,6 +139,8 @@ userauth_pubkey(Authctxt *authctxt)
        }
 
        if (have_sig) {
+               debug3("%s: have signature for %s %s",
+                   __func__, sshkey_type(key), fp);
                sig = packet_get_string(&slen);
                packet_check_eom();
                buffer_init(&b);
@@ -183,7 +186,8 @@ userauth_pubkey(Authctxt *authctxt)
                buffer_free(&b);
                free(sig);
        } else {
-               debug("test whether pkalg/pkblob are acceptable");
+               debug("%s: test whether pkalg/pkblob are acceptable for %s %s",
+                   __func__, sshkey_type(key), fp);
                packet_check_eom();
 
                /* XXX fake reply and always send PK_OK ? */
@@ -206,11 +210,12 @@ userauth_pubkey(Authctxt *authctxt)
        if (authenticated != 1)
                auth_clear_options();
 done:
-       debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
+       debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
        if (key != NULL)
                key_free(key);
        free(pkalg);
        free(pkblob);
+       free(fp);
        return authenticated;
 }