From 318e4f8548a4f5c0c913f61e27d4fc21ffb1eaae Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 10 Feb 2019 11:10:57 +0000
Subject: upstream: syslog when connection is dropped for attempting to run a

command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@

OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
---
 session.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'session.c')

diff --git a/session.c b/session.c
index bced1f65a..96167548a 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.313 2019/02/05 11:35:56 dtucker Exp $ */
+/* $OpenBSD: session.c,v 1.314 2019/02/10 11:10:57 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1510,12 +1510,13 @@ void
 do_child(struct ssh *ssh, Session *s, const char *command)
 {
 	extern char **environ;
-	char **env;
-	char *argv[ARGV_MAX];
+	char **env, *argv[ARGV_MAX], remote_id[512];
 	const char *shell, *shell0;
 	struct passwd *pw = s->pw;
 	int r = 0;
 
+	sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
+
 	/* remove hostkey from the child's memory */
 	destroy_sensitive_data();
 	ssh_packet_clear_keys(ssh);
@@ -1638,6 +1639,8 @@ do_child(struct ssh *ssh, Session *s, const char *command)
 	signal(SIGPIPE, SIG_DFL);
 
 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
+		error("Connection from %s: refusing non-sftp session",
+		    remote_id);
 		printf("This service allows sftp connections only.\n");
 		fflush(NULL);
 		exit(1);
-- 
cgit v1.2.3