- djm@cvs.openbsd.org 2010/06/22 04:49:47

[auth.c]
     queue auth debug messages for bad ownership or permissions on the user's
     keyfiles. These messages will be sent after the user has successfully
     authenticated (where our client will display them with LogLevel=debug).

ChangeLog

@@ -36,6 +36,11 @@
      standardise error messages when attempting to open private key
      files to include "progname: filename: error reason"
      bz#1783; ok dtucker@
+   - djm@cvs.openbsd.org 2010/06/22 04:49:47
+     [auth.c]
+     queue auth debug messages for bad ownership or permissions on the user's
+     keyfiles. These messages will be sent after the user has successfully
+     authenticated (where our client will display them with LogLevel=debug).
 
 20100622
  - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512

auth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.87 2010/05/07 11:30:29 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.88 2010/06/22 04:49:47 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -397,6 +397,8 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
 			logit("Authentication refused for %.100s: "
 			    "bad owner or modes for %.200s",
 			    pw->pw_name, user_hostfile);
+			auth_debug_add("Ignored %.200s: bad ownership or modes",
+			    user_hostfile);
 		} else {
 			temporarily_use_uid(pw);
 			host_status = check_host_in_hostfile(user_hostfile,
@@ -520,6 +522,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
 	    secure_filename(f, file, pw, line, sizeof(line)) != 0) {
 		fclose(f);
 		logit("Authentication refused: %s", line);
+		auth_debug_add("Ignored %s: %s", file_type, line);
 		return NULL;
 	}