diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:02 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2015-11-29 17:26:17 +0000 |
commit | 1b41ad6426301c5131aa93d0915f6c5e69cff645 (patch) | |
tree | d8099d024ba609c2273ff6cb0545d996ff1a660e /auth-options.c | |
parent | 460260ae3681984ef9fbc0f19fb5d46668eede4e (diff) |
Quieten logs when multiple from= restrictions are used
Bug-Debian: http://bugs.debian.org/630606
Forwarded: no
Last-Update: 2013-09-14
Patch-Name: auth-log-verbosity.patch
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c index e387697d3..f1e3ddfdf 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -58,9 +58,20 @@ int forced_tun_device = -1; | |||
58 | /* "principals=" option. */ | 58 | /* "principals=" option. */ |
59 | char *authorized_principals = NULL; | 59 | char *authorized_principals = NULL; |
60 | 60 | ||
61 | /* Throttle log messages. */ | ||
62 | int logged_from_hostip = 0; | ||
63 | int logged_cert_hostip = 0; | ||
64 | |||
61 | extern ServerOptions options; | 65 | extern ServerOptions options; |
62 | 66 | ||
63 | void | 67 | void |
68 | auth_start_parse_options(void) | ||
69 | { | ||
70 | logged_from_hostip = 0; | ||
71 | logged_cert_hostip = 0; | ||
72 | } | ||
73 | |||
74 | void | ||
64 | auth_clear_options(void) | 75 | auth_clear_options(void) |
65 | { | 76 | { |
66 | no_agent_forwarding_flag = 0; | 77 | no_agent_forwarding_flag = 0; |
@@ -293,10 +304,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
293 | /* FALLTHROUGH */ | 304 | /* FALLTHROUGH */ |
294 | case 0: | 305 | case 0: |
295 | free(patterns); | 306 | free(patterns); |
296 | logit("Authentication tried for %.100s with " | 307 | if (!logged_from_hostip) { |
297 | "correct key but not from a permitted " | 308 | logit("Authentication tried for %.100s with " |
298 | "host (host=%.200s, ip=%.200s).", | 309 | "correct key but not from a permitted " |
299 | pw->pw_name, remote_host, remote_ip); | 310 | "host (host=%.200s, ip=%.200s).", |
311 | pw->pw_name, remote_host, remote_ip); | ||
312 | logged_from_hostip = 1; | ||
313 | } | ||
300 | auth_debug_add("Your host '%.200s' is not " | 314 | auth_debug_add("Your host '%.200s' is not " |
301 | "permitted to use this key for login.", | 315 | "permitted to use this key for login.", |
302 | remote_host); | 316 | remote_host); |
@@ -519,11 +533,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, | |||
519 | break; | 533 | break; |
520 | case 0: | 534 | case 0: |
521 | /* no match */ | 535 | /* no match */ |
522 | logit("Authentication tried for %.100s " | 536 | if (!logged_cert_hostip) { |
523 | "with valid certificate but not " | 537 | logit("Authentication tried for %.100s " |
524 | "from a permitted host " | 538 | "with valid certificate but not " |
525 | "(ip=%.200s).", pw->pw_name, | 539 | "from a permitted host " |
526 | remote_ip); | 540 | "(ip=%.200s).", pw->pw_name, |
541 | remote_ip); | ||
542 | logged_cert_hostip = 1; | ||
543 | } | ||
527 | auth_debug_add("Your address '%.200s' " | 544 | auth_debug_add("Your address '%.200s' " |
528 | "is not permitted to use this " | 545 | "is not permitted to use this " |
529 | "certificate for login.", | 546 | "certificate for login.", |