diff options
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c index bed00eef0..ccdd0b20a 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -59,11 +59,22 @@ int forced_tun_device = -1; | |||
59 | /* "principals=" option. */ | 59 | /* "principals=" option. */ |
60 | char *authorized_principals = NULL; | 60 | char *authorized_principals = NULL; |
61 | 61 | ||
62 | /* Throttle log messages. */ | ||
63 | int logged_from_hostip = 0; | ||
64 | int logged_cert_hostip = 0; | ||
65 | |||
62 | extern ServerOptions options; | 66 | extern ServerOptions options; |
63 | 67 | ||
64 | /* XXX refactor to be stateless */ | 68 | /* XXX refactor to be stateless */ |
65 | 69 | ||
66 | void | 70 | void |
71 | auth_start_parse_options(void) | ||
72 | { | ||
73 | logged_from_hostip = 0; | ||
74 | logged_cert_hostip = 0; | ||
75 | } | ||
76 | |||
77 | void | ||
67 | auth_clear_options(void) | 78 | auth_clear_options(void) |
68 | { | 79 | { |
69 | struct ssh *ssh = active_state; /* XXX */ | 80 | struct ssh *ssh = active_state; /* XXX */ |
@@ -322,10 +333,13 @@ auth_parse_options(struct passwd *pw, char *opts, const char *file, | |||
322 | /* FALLTHROUGH */ | 333 | /* FALLTHROUGH */ |
323 | case 0: | 334 | case 0: |
324 | free(patterns); | 335 | free(patterns); |
325 | logit("Authentication tried for %.100s with " | 336 | if (!logged_from_hostip) { |
326 | "correct key but not from a permitted " | 337 | logit("Authentication tried for %.100s with " |
327 | "host (host=%.200s, ip=%.200s).", | 338 | "correct key but not from a permitted " |
328 | pw->pw_name, remote_host, remote_ip); | 339 | "host (host=%.200s, ip=%.200s).", |
340 | pw->pw_name, remote_host, remote_ip); | ||
341 | logged_from_hostip = 1; | ||
342 | } | ||
329 | auth_debug_add("Your host '%.200s' is not " | 343 | auth_debug_add("Your host '%.200s' is not " |
330 | "permitted to use this key for login.", | 344 | "permitted to use this key for login.", |
331 | remote_host); | 345 | remote_host); |
@@ -549,11 +563,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, | |||
549 | break; | 563 | break; |
550 | case 0: | 564 | case 0: |
551 | /* no match */ | 565 | /* no match */ |
552 | logit("Authentication tried for %.100s " | 566 | if (!logged_cert_hostip) { |
553 | "with valid certificate but not " | 567 | logit("Authentication tried for %.100s " |
554 | "from a permitted host " | 568 | "with valid certificate but not " |
555 | "(ip=%.200s).", pw->pw_name, | 569 | "from a permitted host " |
556 | remote_ip); | 570 | "(ip=%.200s).", pw->pw_name, |
571 | remote_ip); | ||
572 | logged_cert_hostip = 1; | ||
573 | } | ||
557 | auth_debug_add("Your address '%.200s' " | 574 | auth_debug_add("Your address '%.200s' " |
558 | "is not permitted to use this " | 575 | "is not permitted to use this " |
559 | "certificate for login.", | 576 | "certificate for login.", |