summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-07-03 21:29:38 +1000
committerDamien Miller <djm@mindrot.org>2014-07-03 21:29:38 +1000
commit686feb560ec43a06ba04da82b50f3c183c947309 (patch)
tree2eb2828a5c6c16d2fdede3f4644c811d98e06b57
parent0f12341402e18fd9996ec23189b9418d2722453f (diff)
- djm@cvs.openbsd.org 2014/07/03 11:16:55
[auth.c auth.h auth1.c auth2.c] make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199, ok dtucker
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--auth.c16
-rw-r--r--auth.h5
-rw-r--r--auth1.c4
-rw-r--r--auth2.c4
5 files changed, 26 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 788d91729..48f19a385 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -58,6 +58,11 @@
58 - jmc@cvs.openbsd.org 2014/07/03 07:45:27 58 - jmc@cvs.openbsd.org 2014/07/03 07:45:27
59 [ssh_config.5] 59 [ssh_config.5]
60 escape %C since groff thinks it part of an Rs/Re block; 60 escape %C since groff thinks it part of an Rs/Re block;
61 - djm@cvs.openbsd.org 2014/07/03 11:16:55
62 [auth.c auth.h auth1.c auth2.c]
63 make the "Too many authentication failures" message include the
64 user, source address, port and protocol in a format similar to the
65 authentication success / failure messages; bz#2199, ok dtucker
61 66
6220140702 6720140702
63 - OpenBSD CVS Sync 68 - OpenBSD CVS Sync
diff --git a/auth.c b/auth.c
index fcb314cbd..890dde046 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */ 1/* $OpenBSD: auth.c,v 1.105 2014/07/03 11:16:55 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -326,6 +326,20 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
326#endif 326#endif
327} 327}
328 328
329
330void
331auth_maxtries_exceeded(Authctxt *authctxt)
332{
333 packet_disconnect("Too many authentication failures for "
334 "%s%.100s from %.200s port %d %s",
335 authctxt->valid ? "" : "invalid user ",
336 authctxt->user,
337 get_remote_ipaddr(),
338 get_remote_port(),
339 compat20 ? "ssh2" : "ssh1");
340 /* NOTREACHED */
341}
342
329/* 343/*
330 * Check whether root logins are disallowed. 344 * Check whether root logins are disallowed.
331 */ 345 */
diff --git a/auth.h b/auth.h
index 124e59743..d081c94a6 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.77 2014/01/29 06:18:35 djm Exp $ */ 1/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -154,6 +154,7 @@ void auth_info(Authctxt *authctxt, const char *, ...)
154 __attribute__((__format__ (printf, 2, 3))) 154 __attribute__((__format__ (printf, 2, 3)))
155 __attribute__((__nonnull__ (2))); 155 __attribute__((__nonnull__ (2)));
156void auth_log(Authctxt *, int, int, const char *, const char *); 156void auth_log(Authctxt *, int, int, const char *, const char *);
157void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
157void userauth_finish(Authctxt *, int, const char *, const char *); 158void userauth_finish(Authctxt *, int, const char *, const char *);
158int auth_root_allowed(const char *); 159int auth_root_allowed(const char *);
159 160
@@ -210,8 +211,6 @@ struct passwd *fakepw(void);
210 211
211int sys_auth_passwd(Authctxt *, const char *); 212int sys_auth_passwd(Authctxt *, const char *);
212 213
213#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
214
215#define SKEY_PROMPT "\nS/Key Password: " 214#define SKEY_PROMPT "\nS/Key Password: "
216 215
217#if defined(KRB5) && !defined(HEIMDAL) 216#if defined(KRB5) && !defined(HEIMDAL)
diff --git a/auth1.c b/auth1.c
index 0f870b3b6..d758a3d69 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: auth1.c,v 1.81 2014/07/03 11:16:55 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -363,7 +363,7 @@ do_authloop(Authctxt *authctxt)
363#ifdef SSH_AUDIT_EVENTS 363#ifdef SSH_AUDIT_EVENTS
364 PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); 364 PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
365#endif 365#endif
366 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 366 auth_maxtries_exceeded(authctxt);
367 } 367 }
368 368
369 packet_start(SSH_SMSG_FAILURE); 369 packet_start(SSH_SMSG_FAILURE);
diff --git a/auth2.c b/auth2.c
index a5490c009..6572381cb 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.130 2014/01/29 06:18:35 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.131 2014/07/03 11:16:55 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -362,7 +362,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
362#ifdef SSH_AUDIT_EVENTS 362#ifdef SSH_AUDIT_EVENTS
363 PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); 363 PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
364#endif 364#endif
365 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 365 auth_maxtries_exceeded(authctxt);
366 } 366 }
367 methods = authmethods_get(authctxt); 367 methods = authmethods_get(authctxt);
368 debug3("%s: failure partial=%d next methods=\"%s\"", __func__, 368 debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 21:56:08 +0000