summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:02 +0000
committerColin Watson <cjwatson@debian.org>2016-12-23 11:25:03 +0000
commit69e0307a3bc73d5d360c19aeb61133c126cf63bf (patch)
treea3d962cb76a4751a44b7e72bdbb9e1cc2b66efd6 /auth-options.c
parentcb15899de8dc5d2e8b3869d743307d252af69643 (diff)
Quieten logs when multiple from= restrictions are used
Bug-Debian: http://bugs.debian.org/630606 Forwarded: no Last-Update: 2013-09-14 Patch-Name: auth-log-verbosity.patch
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c35
1 files changed, 26 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c
index 57b49f7fd..7eb87b352 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -59,9 +59,20 @@ int forced_tun_device = -1;
59/* "principals=" option. */ 59/* "principals=" option. */
60char *authorized_principals = NULL; 60char *authorized_principals = NULL;
61 61
62/* Throttle log messages. */
63int logged_from_hostip = 0;
64int logged_cert_hostip = 0;
65
62extern ServerOptions options; 66extern ServerOptions options;
63 67
64void 68void
69auth_start_parse_options(void)
70{
71 logged_from_hostip = 0;
72 logged_cert_hostip = 0;
73}
74
75void
65auth_clear_options(void) 76auth_clear_options(void)
66{ 77{
67 no_agent_forwarding_flag = 0; 78 no_agent_forwarding_flag = 0;
@@ -316,10 +327,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
316 /* FALLTHROUGH */ 327 /* FALLTHROUGH */
317 case 0: 328 case 0:
318 free(patterns); 329 free(patterns);
319 logit("Authentication tried for %.100s with " 330 if (!logged_from_hostip) {
320 "correct key but not from a permitted " 331 logit("Authentication tried for %.100s with "
321 "host (host=%.200s, ip=%.200s).", 332 "correct key but not from a permitted "
322 pw->pw_name, remote_host, remote_ip); 333 "host (host=%.200s, ip=%.200s).",
334 pw->pw_name, remote_host, remote_ip);
335 logged_from_hostip = 1;
336 }
323 auth_debug_add("Your host '%.200s' is not " 337 auth_debug_add("Your host '%.200s' is not "
324 "permitted to use this key for login.", 338 "permitted to use this key for login.",
325 remote_host); 339 remote_host);
@@ -543,11 +557,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
543 break; 557 break;
544 case 0: 558 case 0:
545 /* no match */ 559 /* no match */
546 logit("Authentication tried for %.100s " 560 if (!logged_cert_hostip) {
547 "with valid certificate but not " 561 logit("Authentication tried for %.100s "
548 "from a permitted host " 562 "with valid certificate but not "
549 "(ip=%.200s).", pw->pw_name, 563 "from a permitted host "
550 remote_ip); 564 "(ip=%.200s).", pw->pw_name,
565 remote_ip);
566 logged_cert_hostip = 1;
567 }
551 auth_debug_add("Your address '%.200s' " 568 auth_debug_add("Your address '%.200s' "
552 "is not permitted to use this " 569 "is not permitted to use this "
553 "certificate for login.", 570 "certificate for login.",