summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth.c')
-rw-r--r--auth.c38
1 files changed, 2 insertions, 36 deletions
diff --git a/auth.c b/auth.c
index e43c81658..ffa94e886 100644
--- a/auth.c
+++ b/auth.c
@@ -271,42 +271,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
271 get_canonical_hostname(options.use_dns), "ssh"); 271 get_canonical_hostname(options.use_dns), "ssh");
272#endif 272#endif
273#ifdef SSH_AUDIT_EVENTS 273#ifdef SSH_AUDIT_EVENTS
274 if (authenticated == 0 && !authctxt->postponed) { 274 if (authenticated == 0 && !authctxt->postponed)
275 ssh_audit_event_t event; 275 audit_event(audit_classify_auth(method));
276
277 debug3("audit failed auth attempt, method %s euid %d",
278 method, (int)geteuid());
279 /*
280 * Because the auth loop is used in both monitor and slave,
281 * we must be careful to send each event only once and with
282 * enough privs to write the event.
283 */
284 event = audit_classify_auth(method);
285 switch(event) {
286 case SSH_AUTH_FAIL_NONE:
287 case SSH_AUTH_FAIL_PASSWD:
288 case SSH_AUTH_FAIL_KBDINT:
289 if (geteuid() == 0)
290 audit_event(event);
291 break;
292 case SSH_AUTH_FAIL_PUBKEY:
293 case SSH_AUTH_FAIL_HOSTBASED:
294 case SSH_AUTH_FAIL_GSSAPI:
295 /*
296 * This is required to handle the case where privsep
297 * is enabled but it's root logging in, since
298 * use_privsep won't be cleared until after a
299 * successful login.
300 */
301 if (geteuid() == 0)
302 audit_event(event);
303 else
304 PRIVSEP(audit_event(event));
305 break;
306 default:
307 error("unknown authentication audit event %d", event);
308 }
309 }
310#endif 276#endif
311} 277}
312 278