diff options
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 38 |
1 files changed, 2 insertions, 36 deletions
@@ -271,42 +271,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
271 | get_canonical_hostname(options.use_dns), "ssh"); | 271 | get_canonical_hostname(options.use_dns), "ssh"); |
272 | #endif | 272 | #endif |
273 | #ifdef SSH_AUDIT_EVENTS | 273 | #ifdef SSH_AUDIT_EVENTS |
274 | if (authenticated == 0 && !authctxt->postponed) { | 274 | if (authenticated == 0 && !authctxt->postponed) |
275 | ssh_audit_event_t event; | 275 | audit_event(audit_classify_auth(method)); |
276 | |||
277 | debug3("audit failed auth attempt, method %s euid %d", | ||
278 | method, (int)geteuid()); | ||
279 | /* | ||
280 | * Because the auth loop is used in both monitor and slave, | ||
281 | * we must be careful to send each event only once and with | ||
282 | * enough privs to write the event. | ||
283 | */ | ||
284 | event = audit_classify_auth(method); | ||
285 | switch(event) { | ||
286 | case SSH_AUTH_FAIL_NONE: | ||
287 | case SSH_AUTH_FAIL_PASSWD: | ||
288 | case SSH_AUTH_FAIL_KBDINT: | ||
289 | if (geteuid() == 0) | ||
290 | audit_event(event); | ||
291 | break; | ||
292 | case SSH_AUTH_FAIL_PUBKEY: | ||
293 | case SSH_AUTH_FAIL_HOSTBASED: | ||
294 | case SSH_AUTH_FAIL_GSSAPI: | ||
295 | /* | ||
296 | * This is required to handle the case where privsep | ||
297 | * is enabled but it's root logging in, since | ||
298 | * use_privsep won't be cleared until after a | ||
299 | * successful login. | ||
300 | */ | ||
301 | if (geteuid() == 0) | ||
302 | audit_event(event); | ||
303 | else | ||
304 | PRIVSEP(audit_event(event)); | ||
305 | break; | ||
306 | default: | ||
307 | error("unknown authentication audit event %d", event); | ||
308 | } | ||
309 | } | ||
310 | #endif | 276 | #endif |
311 | } | 277 | } |
312 | 278 | ||