summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-02-03 23:05:57 +0000
committerDamien Miller <djm@mindrot.org>2017-02-04 10:09:43 +1100
commitf1a193464a7b77646f0d0cedc929068e4a413ab4 (patch)
tree27a13d64537438a863c5eddc1b72d0e729800f49
parent07edd7e9537ab32aa52abb5fb2a915c350fcf441 (diff)
upstream commit
use ssh_packet_set_log_preamble() to include connection username in packet log messages, e.g. Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] ok markus@ bz#113 Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
Diffstat
-rw-r--r--auth2.c12
-rw-r--r--monitor.c7
2 files changed, 15 insertions, 4 deletions
diff --git a/auth2.c b/auth2.c
index 9108b8612..97dd2ef0a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
212static int 212static int
213input_userauth_request(int type, u_int32_t seq, void *ctxt) 213input_userauth_request(int type, u_int32_t seq, void *ctxt)
214{ 214{
215 struct ssh *ssh = active_state; /* XXX */
215 Authctxt *authctxt = ctxt; 216 Authctxt *authctxt = ctxt;
216 Authmethod *m = NULL; 217 Authmethod *m = NULL;
217 char *user, *service, *method, *style = NULL; 218 char *user, *service, *method, *style = NULL;
@@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
235 authctxt->user = xstrdup(user); 236 authctxt->user = xstrdup(user);
236 if (authctxt->pw && strcmp(service, "ssh-connection")==0) { 237 if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
237 authctxt->valid = 1; 238 authctxt->valid = 1;
238 debug2("input_userauth_request: setting up authctxt for %s", user); 239 debug2("%s: setting up authctxt for %s",
240 __func__, user);
239 } else { 241 } else {
240 logit("input_userauth_request: invalid user %s", user); 242 /* Invalid user, fake password information */
241 authctxt->pw = fakepw(); 243 authctxt->pw = fakepw();
242#ifdef SSH_AUDIT_EVENTS 244#ifdef SSH_AUDIT_EVENTS
243 PRIVSEP(audit_event(SSH_INVALID_USER)); 245 PRIVSEP(audit_event(SSH_INVALID_USER));
@@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
247 if (options.use_pam) 249 if (options.use_pam)
248 PRIVSEP(start_pam(authctxt)); 250 PRIVSEP(start_pam(authctxt));
249#endif 251#endif
252 ssh_packet_set_log_preamble(ssh, "%suser %s",
253 authctxt->valid ? "authenticating " : "invalid ", user);
250 setproctitle("%s%s", authctxt->valid ? user : "unknown", 254 setproctitle("%s%s", authctxt->valid ? user : "unknown",
251 use_privsep ? " [net]" : ""); 255 use_privsep ? " [net]" : "");
252 authctxt->service = xstrdup(service); 256 authctxt->service = xstrdup(service);
@@ -292,6 +296,7 @@ void
292userauth_finish(Authctxt *authctxt, int authenticated, const char *method, 296userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
293 const char *submethod) 297 const char *submethod)
294{ 298{
299 struct ssh *ssh = active_state; /* XXX */
295 char *methods; 300 char *methods;
296 int partial = 0; 301 int partial = 0;
297 302
@@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
353 packet_write_wait(); 358 packet_write_wait();
354 /* now we can break out */ 359 /* now we can break out */
355 authctxt->success = 1; 360 authctxt->success = 1;
361 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
356 } else { 362 } else {
357 363
358 /* Allow initial try of "none" auth without failure penalty */ 364 /* Allow initial try of "none" auth without failure penalty */
diff --git a/monitor.c b/monitor.c
index 43f484709..96d22b7e4 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -283,6 +283,7 @@ monitor_permit_authentications(int permit)
283void 283void
284monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 284monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
285{ 285{
286 struct ssh *ssh = active_state; /* XXX */
286 struct mon_table *ent; 287 struct mon_table *ent;
287 int authenticated = 0, partial = 0; 288 int authenticated = 0, partial = 0;
288 289
@@ -356,6 +357,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
356 357
357 debug("%s: %s has been authenticated by privileged process", 358 debug("%s: %s has been authenticated by privileged process",
358 __func__, authctxt->user); 359 __func__, authctxt->user);
360 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
359 361
360 mm_get_keystate(pmonitor); 362 mm_get_keystate(pmonitor);
361 363
@@ -695,6 +697,7 @@ mm_answer_sign(int sock, Buffer *m)
695int 697int
696mm_answer_pwnamallow(int sock, Buffer *m) 698mm_answer_pwnamallow(int sock, Buffer *m)
697{ 699{
700 struct ssh *ssh = active_state; /* XXX */
698 char *username; 701 char *username;
699 struct passwd *pwent; 702 struct passwd *pwent;
700 int allowed = 0; 703 int allowed = 0;
@@ -739,6 +742,8 @@ mm_answer_pwnamallow(int sock, Buffer *m)
739 buffer_put_cstring(m, pwent->pw_shell); 742 buffer_put_cstring(m, pwent->pw_shell);
740 743
741 out: 744 out:
745 ssh_packet_set_log_preamble(ssh, "%suser %s",
746 authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
742 buffer_put_string(m, &options, sizeof(options)); 747 buffer_put_string(m, &options, sizeof(options));
743 748
744#define M_CP_STROPT(x) do { \ 749#define M_CP_STROPT(x) do { \
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 12:50:31 +0000