diff options
| author | Colin Watson <cjwatson@debian.org> | 2014-02-09 16:10:02 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 02:40:16 +0000 |
| commit | 493e37552aa05b38cf69b5f1bc4b717fd4a1a285 (patch) | |
| tree | 55a5069fc3f592a2fc4d256af6e23303e73dc340 /auth-options.c | |
| parent | a3e8cef2bae563fe8c87cf9f32511a0808dd47eb (diff) | |
Quieten logs when multiple from= restrictions are used
Bug-Debian: http://bugs.debian.org/630606
Forwarded: no
Last-Update: 2013-09-14
Patch-Name: auth-log-verbosity.patch
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c index fa209eaab..df6133037 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -54,9 +54,20 @@ int forced_tun_device = -1; | |||
| 54 | /* "principals=" option. */ | 54 | /* "principals=" option. */ |
| 55 | char *authorized_principals = NULL; | 55 | char *authorized_principals = NULL; |
| 56 | 56 | ||
| 57 | /* Throttle log messages. */ | ||
| 58 | int logged_from_hostip = 0; | ||
| 59 | int logged_cert_hostip = 0; | ||
| 60 | |||
| 57 | extern ServerOptions options; | 61 | extern ServerOptions options; |
| 58 | 62 | ||
| 59 | void | 63 | void |
| 64 | auth_start_parse_options(void) | ||
| 65 | { | ||
| 66 | logged_from_hostip = 0; | ||
| 67 | logged_cert_hostip = 0; | ||
| 68 | } | ||
| 69 | |||
| 70 | void | ||
| 60 | auth_clear_options(void) | 71 | auth_clear_options(void) |
| 61 | { | 72 | { |
| 62 | no_agent_forwarding_flag = 0; | 73 | no_agent_forwarding_flag = 0; |
| @@ -284,10 +295,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 284 | /* FALLTHROUGH */ | 295 | /* FALLTHROUGH */ |
| 285 | case 0: | 296 | case 0: |
| 286 | free(patterns); | 297 | free(patterns); |
| 287 | logit("Authentication tried for %.100s with " | 298 | if (!logged_from_hostip) { |
| 288 | "correct key but not from a permitted " | 299 | logit("Authentication tried for %.100s with " |
| 289 | "host (host=%.200s, ip=%.200s).", | 300 | "correct key but not from a permitted " |
| 290 | pw->pw_name, remote_host, remote_ip); | 301 | "host (host=%.200s, ip=%.200s).", |
| 302 | pw->pw_name, remote_host, remote_ip); | ||
| 303 | logged_from_hostip = 1; | ||
| 304 | } | ||
| 291 | auth_debug_add("Your host '%.200s' is not " | 305 | auth_debug_add("Your host '%.200s' is not " |
| 292 | "permitted to use this key for login.", | 306 | "permitted to use this key for login.", |
| 293 | remote_host); | 307 | remote_host); |
| @@ -510,11 +524,14 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
| 510 | break; | 524 | break; |
| 511 | case 0: | 525 | case 0: |
| 512 | /* no match */ | 526 | /* no match */ |
| 513 | logit("Authentication tried for %.100s " | 527 | if (!logged_cert_hostip) { |
| 514 | "with valid certificate but not " | 528 | logit("Authentication tried for %.100s " |
| 515 | "from a permitted host " | 529 | "with valid certificate but not " |
| 516 | "(ip=%.200s).", pw->pw_name, | 530 | "from a permitted host " |
| 517 | remote_ip); | 531 | "(ip=%.200s).", pw->pw_name, |
| 532 | remote_ip); | ||
| 533 | logged_cert_hostip = 1; | ||
| 534 | } | ||
| 518 | auth_debug_add("Your address '%.200s' " | 535 | auth_debug_add("Your address '%.200s' " |
| 519 | "is not permitted to use this " | 536 | "is not permitted to use this " |
| 520 | "certificate for login.", | 537 | "certificate for login.", |