diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-02-03 23:05:57 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-02-04 10:09:43 +1100 |
| commit | f1a193464a7b77646f0d0cedc929068e4a413ab4 (patch) | |
| tree | 27a13d64537438a863c5eddc1b72d0e729800f49 /auth2.c | |
| parent | 07edd7e9537ab32aa52abb5fb2a915c350fcf441 (diff) | |
| download | openssh-git-f1a193464a7b77646f0d0cedc929068e4a413ab4.tar.gz | |
upstream commit
use ssh_packet_set_log_preamble() to include connection
username in packet log messages, e.g.
Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
ok markus@ bz#113
Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
Diffstat (limited to 'auth2.c')
| -rw-r--r-- | auth2.c | 12 |
1 files changed, 9 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) static int input_userauth_request(int type, u_int32_t seq, void *ctxt) { + struct ssh *ssh = active_state; /* XXX */ Authctxt *authctxt = ctxt; Authmethod *m = NULL; char *user, *service, *method, *style = NULL; @@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; - debug2("input_userauth_request: setting up authctxt for %s", user); + debug2("%s: setting up authctxt for %s", + __func__, user); } else { - logit("input_userauth_request: invalid user %s", user); + /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_INVALID_USER)); @@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (options.use_pam) PRIVSEP(start_pam(authctxt)); #endif + ssh_packet_set_log_preamble(ssh, "%suser %s", + authctxt->valid ? "authenticating " : "invalid ", user); setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); @@ -292,6 +296,7 @@ void userauth_finish(Authctxt *authctxt, int authenticated, const char *method, const char *submethod) { + struct ssh *ssh = active_state; /* XXX */ char *methods; int partial = 0; @@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, packet_write_wait(); /* now we can break out */ authctxt->success = 1; + ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); } else { /* Allow initial try of "none" auth without failure penalty */ |