Log the IP along with auth success/fail attempts

7 files changed, 37 insertions, 25 deletions

diff --git a/session.h b/session.h
index 629dc65..1d5ebb4 100644
--- a/session.h
+++ b/session.h
@@ -48,7 +48,7 @@ void session_identification();
 
 
 /* Server */
-void svr_session(int sock, int childpipe, char *remotehost);
+void svr_session(int sock, int childpipe, char *remotehost, char *addrstring);
 void svr_dropbear_exit(int exitcode, const char* format, va_list param);
 void svr_dropbear_log(int priority, const char* format, va_list param);
 
@@ -180,6 +180,9 @@ struct serversession {
 	 * svr-chansession.c for details */
 	struct exitinfo lastexit;
 
+	/* The numeric address they connected from, used for logging */
+	char * addrstring;
+
 };
 
 typedef enum {
diff --git a/svr-auth.c b/svr-auth.c
index 425f94e..5eb3e27 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -205,7 +205,8 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 		strcmp(username, ses.authstate.username) != 0) {
 			/* the username needs resetting */
 			if (ses.authstate.username != NULL) {
-				dropbear_log(LOG_WARNING, "client trying multiple usernames");
+				dropbear_log(LOG_WARNING, "client trying multiple usernames from %s",
+							svr_ses.addrstring);
 				m_free(ses.authstate.username);
 			}
 			authclear();
@@ -218,7 +219,8 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 	if (ses.authstate.pw == NULL) {
 		TRACE(("leave checkusername: user '%s' doesn't exist", username));
 		dropbear_log(LOG_WARNING,
-				"login attempt for nonexistent user");
+				"login attempt for nonexistent user from %s",
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 		return DROPBEAR_FAILURE;
 	}
@@ -336,7 +338,8 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 		} else {
 			userstr = ses.authstate.printableuser;
 		}
-		dropbear_exit("Max auth tries reached - user %s", userstr);
+		dropbear_exit("Max auth tries reached - user '%s' from %s",
+				userstr, svr_ses.addrstring);
 	}
 	
 	TRACE(("leave send_msg_userauth_failure"));
diff --git a/svr-authpam.c b/svr-authpam.c
index e3aa725..4937fa6 100644
--- a/svr-authpam.c
+++ b/svr-authpam.c
@@ -194,8 +194,9 @@ void svr_auth_pam() {
 		dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", 
 				rc, pam_strerror(pamHandlep, rc));
 		dropbear_log(LOG_WARNING,
-				"bad PAM password attempt for '%s'",
-				ses.authstate.printableuser);
+				"bad PAM password attempt for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 		goto cleanup;
 	}
@@ -204,15 +205,17 @@ void svr_auth_pam() {
 		dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", 
 				rc, pam_strerror(pamHandlep, rc));
 		dropbear_log(LOG_WARNING,
-				"bad PAM password attempt for '%s'",
-				ses.authstate.printableuser);
+				"bad PAM password attempt for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 		goto cleanup;
 	}
 
 	/* successful authentication */
-	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s'",
-			ses.authstate.printableuser);
+	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
+			ses.authstate.printableuser,
+			svr_ses.addrstring);
 	send_msg_userauth_success();
 
 cleanup:
diff --git a/svr-authpasswd.c b/svr-authpasswd.c
index 458deef..4348817 100644
--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
@@ -88,13 +88,15 @@ void svr_auth_password() {
 	if (strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */
 		dropbear_log(LOG_NOTICE, 
-				"password auth succeeded for '%s'",
-				ses.authstate.printableuser);
+				"password auth succeeded for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_success();
 	} else {
 		dropbear_log(LOG_WARNING,
-				"bad password attempt for '%s'",
-				ses.authstate.printableuser);
+				"bad password attempt for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 	}
 
diff --git a/svr-authpubkey.c b/svr-authpubkey.c
index 14b5a78..5052b10 100644
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -104,13 +104,13 @@ void svr_auth_pubkey() {
 	if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len),
 				signbuf->len) == DROPBEAR_SUCCESS) {
 		dropbear_log(LOG_NOTICE,
-				"pubkey auth succeeded for '%s' with key %s",
-				ses.authstate.printableuser, fp);
+				"pubkey auth succeeded for '%s' with key %s from %s",
+				ses.authstate.printableuser, fp, svr_ses.addrstring);
 		send_msg_userauth_success();
 	} else {
 		dropbear_log(LOG_WARNING,
-				"pubkey auth bad signature for '%s' with key %s",
-				ses.authstate.printableuser, fp);
+				"pubkey auth bad signature for '%s' with key %s from %s",
+				ses.authstate.printableuser, fp, svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 	}
 	m_free(fp);
@@ -165,8 +165,8 @@ static int checkpubkey(unsigned char* algo, unsigned int algolen,
 	/* check that we can use the algo */
 	if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
 		dropbear_log(LOG_WARNING,
-				"pubkey auth attempt with unknown algo for '%s'",
-				ses.authstate.printableuser);
+				"pubkey auth attempt with unknown algo for '%s' from %s",
+				ses.authstate.printableuser, svr_ses.addrstring);
 		goto out;
 	}
 
diff --git a/svr-main.c b/svr-main.c
index 60ed212..48e6042 100644
--- a/svr-main.c
+++ b/svr-main.c
@@ -94,7 +94,6 @@ static void main_inetd() {
 	/* In case our inetd was lax in logging source addresses */
 	addrstring = getaddrstring(&remoteaddr, 1);
 	dropbear_log(LOG_INFO, "Child connection from %s", addrstring);
-	m_free(addrstring);
 
 	/* Don't check the return value - it may just fail since inetd has
 	 * already done setsid() after forking (xinetd on Darwin appears to do
@@ -104,7 +103,7 @@ static void main_inetd() {
 	/* Start service program 
 	 * -1 is a dummy childpipe, just something we can close() without 
 	 * mattering. */
-	svr_session(0, -1, getaddrhostname(&remoteaddr));
+	svr_session(0, -1, getaddrhostname(&remoteaddr), addrstring);
 
 	/* notreached */
 }
@@ -264,7 +263,6 @@ void main_noinetd() {
 
 				addrstring = getaddrstring(&remoteaddr, 1);
 				dropbear_log(LOG_INFO, "Child connection from %s", addrstring);
-				m_free(addrstring);
 
 				if (setsid() < 0) {
 					dropbear_exit("setsid: %s", strerror(errno));
@@ -283,7 +281,8 @@ void main_noinetd() {
 
 				/* start the session */
 				svr_session(childsock, childpipe[1], 
-								getaddrhostname(&remoteaddr));
+								getaddrhostname(&remoteaddr),
+								addrstring);
 				/* don't return */
 				assert(0);
 			}
diff --git a/svr-session.c b/svr-session.c
index 8dc8a44..408209d 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -74,7 +74,8 @@ static const struct ChanType *svr_chantypes[] = {
 	NULL /* Null termination is mandatory. */
 };
 
-void svr_session(int sock, int childpipe, char* remotehost) {
+void svr_session(int sock, int childpipe, 
+		char* remotehost, char *addrstring) {
 
 	struct timeval timeout;
 	
@@ -83,6 +84,7 @@ void svr_session(int sock, int childpipe, char* remotehost) {
 
 	/* Initialise server specific parts of the session */
 	svr_ses.childpipe = childpipe;
+	svr_ses.addrstring = addrstring;
 	svr_authinitialise();
 	chaninitialise(svr_chantypes);
 	svr_chansessinitialise();