2 files changed, 19 insertions, 12 deletions

diff --git a/ChangeLog b/ChangeLog
index f33f2c242..fa31ec3ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@
      Warn in advance for password and account expiry; initialize loginmsg
      buffer earlier and clear it after privsep fork. ok and help dtucker@
      markus@
+   - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
+     [auth.c]
+     Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
+     DenyGroups.  bz #909, ok djm@
 
 20050120
  - (dtucker) OpenBSD CVS Sync
@@ -2023,4 +2027,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3621 2005/01/24 10:55:49 dtucker Exp $
+$Id: ChangeLog,v 1.3622 2005/01/24 10:56:48 dtucker Exp $
diff --git a/auth.c b/auth.c
index 0956b0b19..4698e3990 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.56 2004/07/28 09:40:29 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -153,8 +153,9 @@ allowed_user(struct passwd * pw)
                 for (i = 0; i < options.num_deny_users; i++)
                         if (match_user(pw->pw_name, hostname, ipaddr,
                             options.deny_users[i])) {
-                                logit("User %.100s not allowed because listed in DenyUsers",
-                                    pw->pw_name);
+                                logit("User %.100s from %.100s not allowed "
+                                    "because listed in DenyUsers",
+                                    pw->pw_name, hostname);
                                 return 0;
                         }
         }
@@ -166,16 +167,16 @@ allowed_user(struct passwd * pw)
                                 break;
                 /* i < options.num_allow_users iff we break for loop */
                 if (i >= options.num_allow_users) {
-                        logit("User %.100s not allowed because not listed in AllowUsers",
-                            pw->pw_name);
+                        logit("User %.100s from %.100s not allowed because "
+                            "not listed in AllowUsers", pw->pw_name, hostname);
                         return 0;
                 }
         }
         if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
                 /* Get the user's group access list (primary and supplementary) */
                 if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
-                        logit("User %.100s not allowed because not in any group",
-                            pw->pw_name);
+                        logit("User %.100s from %.100s not allowed because "
+                            "not in any group", pw->pw_name, hostname);
                         return 0;
                 }
 
@@ -184,8 +185,9 @@ allowed_user(struct passwd * pw)
                         if (ga_match(options.deny_groups,
                             options.num_deny_groups)) {
                                 ga_free();
-                                logit("User %.100s not allowed because a group is listed in DenyGroups",
-                                    pw->pw_name);
+                                logit("User %.100s from %.100s not allowed "
+                                    "because a group is listed in DenyGroups",
+                                    pw->pw_name, hostname);
                                 return 0;
                         }
                 /*
@@ -196,8 +198,9 @@ allowed_user(struct passwd * pw)
                         if (!ga_match(options.allow_groups,
                             options.num_allow_groups)) {
                                 ga_free();
-                                logit("User %.100s not allowed because none of user's groups are listed in AllowGroups",
-                                    pw->pw_name);
+                                logit("User %.100s from %.100s not allowed "
+                                    "because none of user's groups are listed "
+                                    "in AllowGroups", pw->pw_name, hostname);
                                 return 0;
                         }
                 ga_free();