2 files changed, 15 insertions, 4 deletions
diff --git a/auth2.c b/auth2.c
index 9108b8612..97dd2ef0a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
 static int
 input_userauth_request(int type, u_int32_t seq, void *ctxt)
 {
+        struct ssh *ssh = active_state; /* XXX */
        Authctxt *authctxt = ctxt;
        Authmethod *m = NULL;
        char *user, *service, *method, *style = NULL;
@@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                authctxt->user = xstrdup(user);
                if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
                        authctxt->valid = 1;
-                        debug2("input_userauth_request: setting up authctxt for %s", user);
+                        debug2("%s: setting up authctxt for %s",
+                            __func__, user);
                } else {
-                        logit("input_userauth_request: invalid user %s", user);
+                        /* Invalid user, fake password information */
                        authctxt->pw = fakepw();
 #ifdef SSH_AUDIT_EVENTS
                        PRIVSEP(audit_event(SSH_INVALID_USER));
@@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                if (options.use_pam)
                        PRIVSEP(start_pam(authctxt));
 #endif
+                ssh_packet_set_log_preamble(ssh, "%suser %s",
+                    authctxt->valid ? "authenticating " : "invalid ", user);
                setproctitle("%s%s", authctxt->valid ? user : "unknown",
                    use_privsep ? " [net]" : "");
                authctxt->service = xstrdup(service);
@@ -292,6 +296,7 @@ void
 userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
    const char *submethod)
 {
+        struct ssh *ssh = active_state; /* XXX */
        char *methods;
        int partial = 0;
@@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
                packet_write_wait();
                /* now we can break out */
                authctxt->success = 1;
+                ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
        } else {
                /* Allow initial try of "none" auth without failure penalty */
diff --git a/monitor.c b/monitor.c
index 43f484709..96d22b7e4 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -283,6 +283,7 @@ monitor_permit_authentications(int permit)
 void
 monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 {
+        struct ssh *ssh = active_state; /* XXX */
        struct mon_table *ent;
        int authenticated = 0, partial = 0;
@@ -356,6 +357,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
        debug("%s: %s has been authenticated by privileged process",
            __func__, authctxt->user);
+        ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
        mm_get_keystate(pmonitor);
@@ -695,6 +697,7 @@ mm_answer_sign(int sock, Buffer *m)
 int
 mm_answer_pwnamallow(int sock, Buffer *m)
 {
+        struct ssh *ssh = active_state; /* XXX */
        char *username;
        struct passwd *pwent;
        int allowed = 0;
@@ -739,6 +742,8 @@ mm_answer_pwnamallow(int sock, Buffer *m)
        buffer_put_cstring(m, pwent->pw_shell);
 out:
+        ssh_packet_set_log_preamble(ssh, "%suser %s",
+            authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
        buffer_put_string(m, &options, sizeof(options));
 #define M_CP_STROPT(x) do { \