summaryrefslogtreecommitdiff
path: root/auth-options.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-09 16:10:02 +0000
committerColin Watson <cjwatson@debian.org>2015-08-19 16:33:32 +0100
commitc9c2ebb4680ea6872218b1e4519fe31a2043a27a (patch)
treec69410030e0bdf2684c6ed17b46b42f54f9aca77 /auth-options.c
parent5cbcc7353649b84b5a7528e583458ee9473fd527 (diff)
Quieten logs when multiple from= restrictions are used
Bug-Debian: http://bugs.debian.org/630606 Forwarded: no Last-Update: 2013-09-14 Patch-Name: auth-log-verbosity.patch
Diffstat (limited to 'auth-options.c')
-rw-r--r--auth-options.c35
1 files changed, 26 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c
index 4f0da9c04..3fa236eb8 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -58,9 +58,20 @@ int forced_tun_device = -1;
58/* "principals=" option. */ 58/* "principals=" option. */
59char *authorized_principals = NULL; 59char *authorized_principals = NULL;
60 60
61/* Throttle log messages. */
62int logged_from_hostip = 0;
63int logged_cert_hostip = 0;
64
61extern ServerOptions options; 65extern ServerOptions options;
62 66
63void 67void
68auth_start_parse_options(void)
69{
70 logged_from_hostip = 0;
71 logged_cert_hostip = 0;
72}
73
74void
64auth_clear_options(void) 75auth_clear_options(void)
65{ 76{
66 no_agent_forwarding_flag = 0; 77 no_agent_forwarding_flag = 0;
@@ -288,10 +299,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
288 /* FALLTHROUGH */ 299 /* FALLTHROUGH */
289 case 0: 300 case 0:
290 free(patterns); 301 free(patterns);
291 logit("Authentication tried for %.100s with " 302 if (!logged_from_hostip) {
292 "correct key but not from a permitted " 303 logit("Authentication tried for %.100s with "
293 "host (host=%.200s, ip=%.200s).", 304 "correct key but not from a permitted "
294 pw->pw_name, remote_host, remote_ip); 305 "host (host=%.200s, ip=%.200s).",
306 pw->pw_name, remote_host, remote_ip);
307 logged_from_hostip = 1;
308 }
295 auth_debug_add("Your host '%.200s' is not " 309 auth_debug_add("Your host '%.200s' is not "
296 "permitted to use this key for login.", 310 "permitted to use this key for login.",
297 remote_host); 311 remote_host);
@@ -514,11 +528,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
514 break; 528 break;
515 case 0: 529 case 0:
516 /* no match */ 530 /* no match */
517 logit("Authentication tried for %.100s " 531 if (!logged_cert_hostip) {
518 "with valid certificate but not " 532 logit("Authentication tried for %.100s "
519 "from a permitted host " 533 "with valid certificate but not "
520 "(ip=%.200s).", pw->pw_name, 534 "from a permitted host "
521 remote_ip); 535 "(ip=%.200s).", pw->pw_name,
536 remote_ip);
537 logged_cert_hostip = 1;
538 }
522 auth_debug_add("Your address '%.200s' " 539 auth_debug_add("Your address '%.200s' "
523 "is not permitted to use this " 540 "is not permitted to use this "
524 "certificate for login.", 541 "certificate for login.",