summaryrefslogtreecommitdiff
path: root/debian/patches/auth-log-verbosity.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/auth-log-verbosity.patch')
-rw-r--r--debian/patches/auth-log-verbosity.patch120
1 files changed, 0 insertions, 120 deletions
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
deleted file mode 100644
index ba7642d83..000000000
--- a/debian/patches/auth-log-verbosity.patch
+++ /dev/null
@@ -1,120 +0,0 @@
1From 50e9edb57b6808cbbf63fe3433febb103baac1e8 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:02 +0000
4Subject: Quieten logs when multiple from= restrictions are used
5
6Bug-Debian: http://bugs.debian.org/630606
7Forwarded: no
8Last-Update: 2017-10-04
9
10Patch-Name: auth-log-verbosity.patch
11---
12 auth-options.c | 35 ++++++++++++++++++++++++++---------
13 auth-options.h | 1 +
14 auth2-pubkey.c | 3 +++
15 3 files changed, 30 insertions(+), 9 deletions(-)
16
17diff --git a/auth-options.c b/auth-options.c
18index bed00eef..ccdd0b20 100644
19--- a/auth-options.c
20+++ b/auth-options.c
21@@ -59,10 +59,21 @@ int forced_tun_device = -1;
22 /* "principals=" option. */
23 char *authorized_principals = NULL;
24
25+/* Throttle log messages. */
26+int logged_from_hostip = 0;
27+int logged_cert_hostip = 0;
28+
29 extern ServerOptions options;
30
31 /* XXX refactor to be stateless */
32
33+void
34+auth_start_parse_options(void)
35+{
36+ logged_from_hostip = 0;
37+ logged_cert_hostip = 0;
38+}
39+
40 void
41 auth_clear_options(void)
42 {
43@@ -322,10 +333,13 @@ auth_parse_options(struct passwd *pw, char *opts, const char *file,
44 /* FALLTHROUGH */
45 case 0:
46 free(patterns);
47- logit("Authentication tried for %.100s with "
48- "correct key but not from a permitted "
49- "host (host=%.200s, ip=%.200s).",
50- pw->pw_name, remote_host, remote_ip);
51+ if (!logged_from_hostip) {
52+ logit("Authentication tried for %.100s with "
53+ "correct key but not from a permitted "
54+ "host (host=%.200s, ip=%.200s).",
55+ pw->pw_name, remote_host, remote_ip);
56+ logged_from_hostip = 1;
57+ }
58 auth_debug_add("Your host '%.200s' is not "
59 "permitted to use this key for login.",
60 remote_host);
61@@ -549,11 +563,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
62 break;
63 case 0:
64 /* no match */
65- logit("Authentication tried for %.100s "
66- "with valid certificate but not "
67- "from a permitted host "
68- "(ip=%.200s).", pw->pw_name,
69- remote_ip);
70+ if (!logged_cert_hostip) {
71+ logit("Authentication tried for %.100s "
72+ "with valid certificate but not "
73+ "from a permitted host "
74+ "(ip=%.200s).", pw->pw_name,
75+ remote_ip);
76+ logged_cert_hostip = 1;
77+ }
78 auth_debug_add("Your address '%.200s' "
79 "is not permitted to use this "
80 "certificate for login.",
81diff --git a/auth-options.h b/auth-options.h
82index 547f0163..4de0f14d 100644
83--- a/auth-options.h
84+++ b/auth-options.h
85@@ -33,6 +33,7 @@ extern int forced_tun_device;
86 extern int key_is_cert_authority;
87 extern char *authorized_principals;
88
89+void auth_start_parse_options(void);
90 int auth_parse_options(struct passwd *, char *, const char *, u_long);
91 void auth_clear_options(void);
92 int auth_cert_options(struct sshkey *, struct passwd *, const char **);
93diff --git a/auth2-pubkey.c b/auth2-pubkey.c
94index 169839b0..43f880b6 100644
95--- a/auth2-pubkey.c
96+++ b/auth2-pubkey.c
97@@ -269,6 +269,7 @@ process_principals(FILE *f, const char *file, struct passwd *pw,
98 u_long linenum = 0;
99 u_int i, found_principal = 0;
100
101+ auth_start_parse_options();
102 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
103 /* Always consume entire input */
104 if (found_principal)
105@@ -471,6 +472,7 @@ check_authkeys_file(FILE *f, char *file, struct sshkey *key, struct passwd *pw)
106 u_long linenum = 0;
107 struct sshkey *found = NULL;
108
109+ auth_start_parse_options();
110 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
111 char *cp, *key_options = NULL, *fp = NULL;
112 const char *reason = NULL;
113@@ -624,6 +626,7 @@ user_cert_trusted_ca(struct passwd *pw, struct sshkey *key)
114 if (sshkey_cert_check_authority(key, 0, 1,
115 use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
116 goto fail_reason;
117+ auth_start_parse_options();
118 if (auth_cert_options(key, pw, &reason) != 0)
119 goto fail_reason;
120