diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth.c | 16 | ||||
-rw-r--r-- | auth.h | 5 | ||||
-rw-r--r-- | auth1.c | 4 | ||||
-rw-r--r-- | auth2.c | 4 |
5 files changed, 26 insertions, 8 deletions
@@ -58,6 +58,11 @@ | |||
58 | - jmc@cvs.openbsd.org 2014/07/03 07:45:27 | 58 | - jmc@cvs.openbsd.org 2014/07/03 07:45:27 |
59 | [ssh_config.5] | 59 | [ssh_config.5] |
60 | escape %C since groff thinks it part of an Rs/Re block; | 60 | escape %C since groff thinks it part of an Rs/Re block; |
61 | - djm@cvs.openbsd.org 2014/07/03 11:16:55 | ||
62 | [auth.c auth.h auth1.c auth2.c] | ||
63 | make the "Too many authentication failures" message include the | ||
64 | user, source address, port and protocol in a format similar to the | ||
65 | authentication success / failure messages; bz#2199, ok dtucker | ||
61 | 66 | ||
62 | 20140702 | 67 | 20140702 |
63 | - OpenBSD CVS Sync | 68 | - OpenBSD CVS Sync |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.105 2014/07/03 11:16:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -326,6 +326,20 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
326 | #endif | 326 | #endif |
327 | } | 327 | } |
328 | 328 | ||
329 | |||
330 | void | ||
331 | auth_maxtries_exceeded(Authctxt *authctxt) | ||
332 | { | ||
333 | packet_disconnect("Too many authentication failures for " | ||
334 | "%s%.100s from %.200s port %d %s", | ||
335 | authctxt->valid ? "" : "invalid user ", | ||
336 | authctxt->user, | ||
337 | get_remote_ipaddr(), | ||
338 | get_remote_port(), | ||
339 | compat20 ? "ssh2" : "ssh1"); | ||
340 | /* NOTREACHED */ | ||
341 | } | ||
342 | |||
329 | /* | 343 | /* |
330 | * Check whether root logins are disallowed. | 344 | * Check whether root logins are disallowed. |
331 | */ | 345 | */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.77 2014/01/29 06:18:35 djm Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -154,6 +154,7 @@ void auth_info(Authctxt *authctxt, const char *, ...) | |||
154 | __attribute__((__format__ (printf, 2, 3))) | 154 | __attribute__((__format__ (printf, 2, 3))) |
155 | __attribute__((__nonnull__ (2))); | 155 | __attribute__((__nonnull__ (2))); |
156 | void auth_log(Authctxt *, int, int, const char *, const char *); | 156 | void auth_log(Authctxt *, int, int, const char *, const char *); |
157 | void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); | ||
157 | void userauth_finish(Authctxt *, int, const char *, const char *); | 158 | void userauth_finish(Authctxt *, int, const char *, const char *); |
158 | int auth_root_allowed(const char *); | 159 | int auth_root_allowed(const char *); |
159 | 160 | ||
@@ -210,8 +211,6 @@ struct passwd *fakepw(void); | |||
210 | 211 | ||
211 | int sys_auth_passwd(Authctxt *, const char *); | 212 | int sys_auth_passwd(Authctxt *, const char *); |
212 | 213 | ||
213 | #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" | ||
214 | |||
215 | #define SKEY_PROMPT "\nS/Key Password: " | 214 | #define SKEY_PROMPT "\nS/Key Password: " |
216 | 215 | ||
217 | #if defined(KRB5) && !defined(HEIMDAL) | 216 | #if defined(KRB5) && !defined(HEIMDAL) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */ | 1 | /* $OpenBSD: auth1.c,v 1.81 2014/07/03 11:16:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -363,7 +363,7 @@ do_authloop(Authctxt *authctxt) | |||
363 | #ifdef SSH_AUDIT_EVENTS | 363 | #ifdef SSH_AUDIT_EVENTS |
364 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); | 364 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); |
365 | #endif | 365 | #endif |
366 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 366 | auth_maxtries_exceeded(authctxt); |
367 | } | 367 | } |
368 | 368 | ||
369 | packet_start(SSH_SMSG_FAILURE); | 369 | packet_start(SSH_SMSG_FAILURE); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.130 2014/01/29 06:18:35 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.131 2014/07/03 11:16:55 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -362,7 +362,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, | |||
362 | #ifdef SSH_AUDIT_EVENTS | 362 | #ifdef SSH_AUDIT_EVENTS |
363 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); | 363 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); |
364 | #endif | 364 | #endif |
365 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 365 | auth_maxtries_exceeded(authctxt); |
366 | } | 366 | } |
367 | methods = authmethods_get(authctxt); | 367 | methods = authmethods_get(authctxt); |
368 | debug3("%s: failure partial=%d next methods=\"%s\"", __func__, | 368 | debug3("%s: failure partial=%d next methods=\"%s\"", __func__, |