summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:02 +0000
committerColin Watson <cjwatson@debian.org>2015-11-29 17:26:17 +0000
commit1b41ad6426301c5131aa93d0915f6c5e69cff645 (patch)
treed8099d024ba609c2273ff6cb0545d996ff1a660e /auth-options.c
parent460260ae3681984ef9fbc0f19fb5d46668eede4e (diff)
Quieten logs when multiple from= restrictions are used
Bug-Debian: http://bugs.debian.org/630606 Forwarded: no Last-Update: 2013-09-14 Patch-Name: auth-log-verbosity.patch
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c35
1 files changed, 26 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c
index e387697d3..f1e3ddfdf 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -58,9 +58,20 @@ int forced_tun_device = -1;
58/* "principals=" option. */ 58/* "principals=" option. */
59char *authorized_principals = NULL; 59char *authorized_principals = NULL;
60 60
61/* Throttle log messages. */
62int logged_from_hostip = 0;
63int logged_cert_hostip = 0;
64
61extern ServerOptions options; 65extern ServerOptions options;
62 66
63void 67void
68auth_start_parse_options(void)
69{
70 logged_from_hostip = 0;
71 logged_cert_hostip = 0;
72}
73
74void
64auth_clear_options(void) 75auth_clear_options(void)
65{ 76{
66 no_agent_forwarding_flag = 0; 77 no_agent_forwarding_flag = 0;
@@ -293,10 +304,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
293 /* FALLTHROUGH */ 304 /* FALLTHROUGH */
294 case 0: 305 case 0:
295 free(patterns); 306 free(patterns);
296 logit("Authentication tried for %.100s with " 307 if (!logged_from_hostip) {
297 "correct key but not from a permitted " 308 logit("Authentication tried for %.100s with "
298 "host (host=%.200s, ip=%.200s).", 309 "correct key but not from a permitted "
299 pw->pw_name, remote_host, remote_ip); 310 "host (host=%.200s, ip=%.200s).",
311 pw->pw_name, remote_host, remote_ip);
312 logged_from_hostip = 1;
313 }
300 auth_debug_add("Your host '%.200s' is not " 314 auth_debug_add("Your host '%.200s' is not "
301 "permitted to use this key for login.", 315 "permitted to use this key for login.",
302 remote_host); 316 remote_host);
@@ -519,11 +533,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
519 break; 533 break;
520 case 0: 534 case 0:
521 /* no match */ 535 /* no match */
522 logit("Authentication tried for %.100s " 536 if (!logged_cert_hostip) {
523 "with valid certificate but not " 537 logit("Authentication tried for %.100s "
524 "from a permitted host " 538 "with valid certificate but not "
525 "(ip=%.200s).", pw->pw_name, 539 "from a permitted host "
526 remote_ip); 540 "(ip=%.200s).", pw->pw_name,
541 remote_ip);
542 logged_cert_hostip = 1;
543 }
527 auth_debug_add("Your address '%.200s' " 544 auth_debug_add("Your address '%.200s' "
528 "is not permitted to use this " 545 "is not permitted to use this "
529 "certificate for login.", 546 "certificate for login.",