summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2017-02-03 23:05:57 +0000
committerDamien Miller <djm@mindrot.org>2017-02-04 10:09:43 +1100
commitf1a193464a7b77646f0d0cedc929068e4a413ab4 (patch)
tree27a13d64537438a863c5eddc1b72d0e729800f49 /auth2.c
parent07edd7e9537ab32aa52abb5fb2a915c350fcf441 (diff)
upstream commit
use ssh_packet_set_log_preamble() to include connection username in packet log messages, e.g. Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] ok markus@ bz#113 Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/auth2.c b/auth2.c
index 9108b8612..97dd2ef0a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
212static int 212static int
213input_userauth_request(int type, u_int32_t seq, void *ctxt) 213input_userauth_request(int type, u_int32_t seq, void *ctxt)
214{ 214{
215 struct ssh *ssh = active_state; /* XXX */
215 Authctxt *authctxt = ctxt; 216 Authctxt *authctxt = ctxt;
216 Authmethod *m = NULL; 217 Authmethod *m = NULL;
217 char *user, *service, *method, *style = NULL; 218 char *user, *service, *method, *style = NULL;
@@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
235 authctxt->user = xstrdup(user); 236 authctxt->user = xstrdup(user);
236 if (authctxt->pw && strcmp(service, "ssh-connection")==0) { 237 if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
237 authctxt->valid = 1; 238 authctxt->valid = 1;
238 debug2("input_userauth_request: setting up authctxt for %s", user); 239 debug2("%s: setting up authctxt for %s",
240 __func__, user);
239 } else { 241 } else {
240 logit("input_userauth_request: invalid user %s", user); 242 /* Invalid user, fake password information */
241 authctxt->pw = fakepw(); 243 authctxt->pw = fakepw();
242#ifdef SSH_AUDIT_EVENTS 244#ifdef SSH_AUDIT_EVENTS
243 PRIVSEP(audit_event(SSH_INVALID_USER)); 245 PRIVSEP(audit_event(SSH_INVALID_USER));
@@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
247 if (options.use_pam) 249 if (options.use_pam)
248 PRIVSEP(start_pam(authctxt)); 250 PRIVSEP(start_pam(authctxt));
249#endif 251#endif
252 ssh_packet_set_log_preamble(ssh, "%suser %s",
253 authctxt->valid ? "authenticating " : "invalid ", user);
250 setproctitle("%s%s", authctxt->valid ? user : "unknown", 254 setproctitle("%s%s", authctxt->valid ? user : "unknown",
251 use_privsep ? " [net]" : ""); 255 use_privsep ? " [net]" : "");
252 authctxt->service = xstrdup(service); 256 authctxt->service = xstrdup(service);
@@ -292,6 +296,7 @@ void
292userauth_finish(Authctxt *authctxt, int authenticated, const char *method, 296userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
293 const char *submethod) 297 const char *submethod)
294{ 298{
299 struct ssh *ssh = active_state; /* XXX */
295 char *methods; 300 char *methods;
296 int partial = 0; 301 int partial = 0;
297 302
@@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
353 packet_write_wait(); 358 packet_write_wait();
354 /* now we can break out */ 359 /* now we can break out */
355 authctxt->success = 1; 360 authctxt->success = 1;
361 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
356 } else { 362 } else {
357 363
358 /* Allow initial try of "none" auth without failure penalty */ 364 /* Allow initial try of "none" auth without failure penalty */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 09:26:42 +0000