diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:20:53 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:20:53 +1100 |
| commit | 269a1ea1c80a855d1eb74fccba6dd5c75947c5d2 (patch) | |
| tree | 2c3ece8547de7552c4c78337607a1a387decd797 /auth2.c | |
| parent | 2fba993080eba14e339d6a6666ee79580ee20f97 (diff) | |
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
Diffstat (limited to 'auth2.c')
| -rw-r--r-- | auth2.c | 15 |
1 files changed, 13 insertions, 2 deletions
| @@ -167,6 +167,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
| 167 | if (options.use_pam) | 167 | if (options.use_pam) |
| 168 | PRIVSEP(start_pam(authctxt)); | 168 | PRIVSEP(start_pam(authctxt)); |
| 169 | #endif | 169 | #endif |
| 170 | #ifdef AUDIT_EVENTS | ||
| 171 | PRIVSEP(audit_event(INVALID_USER)); | ||
| 172 | #endif | ||
| 170 | } | 173 | } |
| 171 | setproctitle("%s%s", authctxt->valid ? user : "unknown", | 174 | setproctitle("%s%s", authctxt->valid ? user : "unknown", |
| 172 | use_privsep ? " [net]" : ""); | 175 | use_privsep ? " [net]" : ""); |
| @@ -214,8 +217,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
| 214 | 217 | ||
| 215 | /* Special handling for root */ | 218 | /* Special handling for root */ |
| 216 | if (authenticated && authctxt->pw->pw_uid == 0 && | 219 | if (authenticated && authctxt->pw->pw_uid == 0 && |
| 217 | !auth_root_allowed(method)) | 220 | !auth_root_allowed(method)) { |
| 218 | authenticated = 0; | 221 | authenticated = 0; |
| 222 | #ifdef AUDIT_EVENTS | ||
| 223 | PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); | ||
| 224 | #endif | ||
| 225 | } | ||
| 219 | 226 | ||
| 220 | #ifdef USE_PAM | 227 | #ifdef USE_PAM |
| 221 | if (options.use_pam && authenticated) { | 228 | if (options.use_pam && authenticated) { |
| @@ -255,8 +262,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
| 255 | /* now we can break out */ | 262 | /* now we can break out */ |
| 256 | authctxt->success = 1; | 263 | authctxt->success = 1; |
| 257 | } else { | 264 | } else { |
| 258 | if (authctxt->failures++ > options.max_authtries) | 265 | if (authctxt->failures++ > options.max_authtries) { |
| 266 | #ifdef AUDIT_EVENTS | ||
| 267 | PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); | ||
| 268 | #endif | ||
| 259 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 269 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
| 270 | } | ||
| 260 | methods = authmethods_get(); | 271 | methods = authmethods_get(); |
| 261 | packet_start(SSH2_MSG_USERAUTH_FAILURE); | 272 | packet_start(SSH2_MSG_USERAUTH_FAILURE); |
| 262 | packet_put_cstring(methods); | 273 | packet_put_cstring(methods); |