diff options
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/auth-options.c b/auth-options.c index 57b49f7fd..7eb87b352 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -59,9 +59,20 @@ int forced_tun_device = -1; | |||
| 59 | /* "principals=" option. */ | 59 | /* "principals=" option. */ |
| 60 | char *authorized_principals = NULL; | 60 | char *authorized_principals = NULL; |
| 61 | 61 | ||
| 62 | /* Throttle log messages. */ | ||
| 63 | int logged_from_hostip = 0; | ||
| 64 | int logged_cert_hostip = 0; | ||
| 65 | |||
| 62 | extern ServerOptions options; | 66 | extern ServerOptions options; |
| 63 | 67 | ||
| 64 | void | 68 | void |
| 69 | auth_start_parse_options(void) | ||
| 70 | { | ||
| 71 | logged_from_hostip = 0; | ||
| 72 | logged_cert_hostip = 0; | ||
| 73 | } | ||
| 74 | |||
| 75 | void | ||
| 65 | auth_clear_options(void) | 76 | auth_clear_options(void) |
| 66 | { | 77 | { |
| 67 | no_agent_forwarding_flag = 0; | 78 | no_agent_forwarding_flag = 0; |
| @@ -316,10 +327,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 316 | /* FALLTHROUGH */ | 327 | /* FALLTHROUGH */ |
| 317 | case 0: | 328 | case 0: |
| 318 | free(patterns); | 329 | free(patterns); |
| 319 | logit("Authentication tried for %.100s with " | 330 | if (!logged_from_hostip) { |
| 320 | "correct key but not from a permitted " | 331 | logit("Authentication tried for %.100s with " |
| 321 | "host (host=%.200s, ip=%.200s).", | 332 | "correct key but not from a permitted " |
| 322 | pw->pw_name, remote_host, remote_ip); | 333 | "host (host=%.200s, ip=%.200s).", |
| 334 | pw->pw_name, remote_host, remote_ip); | ||
| 335 | logged_from_hostip = 1; | ||
| 336 | } | ||
| 323 | auth_debug_add("Your host '%.200s' is not " | 337 | auth_debug_add("Your host '%.200s' is not " |
| 324 | "permitted to use this key for login.", | 338 | "permitted to use this key for login.", |
| 325 | remote_host); | 339 | remote_host); |
| @@ -543,11 +557,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, | |||
| 543 | break; | 557 | break; |
| 544 | case 0: | 558 | case 0: |
| 545 | /* no match */ | 559 | /* no match */ |
| 546 | logit("Authentication tried for %.100s " | 560 | if (!logged_cert_hostip) { |
| 547 | "with valid certificate but not " | 561 | logit("Authentication tried for %.100s " |
| 548 | "from a permitted host " | 562 | "with valid certificate but not " |
| 549 | "(ip=%.200s).", pw->pw_name, | 563 | "from a permitted host " |
| 550 | remote_ip); | 564 | "(ip=%.200s).", pw->pw_name, |
| 565 | remote_ip); | ||
| 566 | logged_cert_hostip = 1; | ||
| 567 | } | ||
| 551 | auth_debug_add("Your address '%.200s' " | 568 | auth_debug_add("Your address '%.200s' " |
| 552 | "is not permitted to use this " | 569 | "is not permitted to use this " |
| 553 | "certificate for login.", | 570 | "certificate for login.", |