diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:20:53 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:20:53 +1100 |
commit | 269a1ea1c80a855d1eb74fccba6dd5c75947c5d2 (patch) | |
tree | 2c3ece8547de7552c4c78337607a1a387decd797 /auth1.c | |
parent | 2fba993080eba14e339d6a6666ee79580ee20f97 (diff) |
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
Diffstat (limited to 'auth1.c')
-rw-r--r-- | auth1.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -247,8 +247,12 @@ do_authloop(Authctxt *authctxt) | |||
247 | #else | 247 | #else |
248 | /* Special handling for root */ | 248 | /* Special handling for root */ |
249 | if (authenticated && authctxt->pw->pw_uid == 0 && | 249 | if (authenticated && authctxt->pw->pw_uid == 0 && |
250 | !auth_root_allowed(get_authname(type))) | 250 | !auth_root_allowed(get_authname(type))) { |
251 | authenticated = 0; | 251 | authenticated = 0; |
252 | # ifdef AUDIT_EVENTS | ||
253 | PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); | ||
254 | # endif | ||
255 | } | ||
252 | #endif | 256 | #endif |
253 | 257 | ||
254 | #ifdef USE_PAM | 258 | #ifdef USE_PAM |
@@ -283,8 +287,12 @@ do_authloop(Authctxt *authctxt) | |||
283 | if (authenticated) | 287 | if (authenticated) |
284 | return; | 288 | return; |
285 | 289 | ||
286 | if (authctxt->failures++ > options.max_authtries) | 290 | if (authctxt->failures++ > options.max_authtries) { |
291 | #ifdef AUDIT_EVENTS | ||
292 | PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); | ||
293 | #endif | ||
287 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 294 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
295 | } | ||
288 | 296 | ||
289 | packet_start(SSH_SMSG_FAILURE); | 297 | packet_start(SSH_SMSG_FAILURE); |
290 | packet_send(); | 298 | packet_send(); |