diff options
| -rw-r--r-- | auth2.c | 12 | ||||
| -rw-r--r-- | monitor.c | 7 |
2 files changed, 15 insertions, 4 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) static int input_userauth_request(int type, u_int32_t seq, void *ctxt) { + struct ssh *ssh = active_state; /* XXX */ Authctxt *authctxt = ctxt; Authmethod *m = NULL; char *user, *service, *method, *style = NULL; @@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; - debug2("input_userauth_request: setting up authctxt for %s", user); + debug2("%s: setting up authctxt for %s", + __func__, user); } else { - logit("input_userauth_request: invalid user %s", user); + /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_INVALID_USER)); @@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (options.use_pam) PRIVSEP(start_pam(authctxt)); #endif + ssh_packet_set_log_preamble(ssh, "%suser %s", + authctxt->valid ? "authenticating " : "invalid ", user); setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); @@ -292,6 +296,7 @@ void userauth_finish(Authctxt *authctxt, int authenticated, const char *method, const char *submethod) { + struct ssh *ssh = active_state; /* XXX */ char *methods; int partial = 0; @@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, packet_write_wait(); /* now we can break out */ authctxt->success = 1; + ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); } else { /* Allow initial try of "none" auth without failure penalty */ @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -283,6 +283,7 @@ monitor_permit_authentications(int permit) void monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) { + struct ssh *ssh = active_state; /* XXX */ struct mon_table *ent; int authenticated = 0, partial = 0; @@ -356,6 +357,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) debug("%s: %s has been authenticated by privileged process", __func__, authctxt->user); + ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); mm_get_keystate(pmonitor); @@ -695,6 +697,7 @@ mm_answer_sign(int sock, Buffer *m) int mm_answer_pwnamallow(int sock, Buffer *m) { + struct ssh *ssh = active_state; /* XXX */ char *username; struct passwd *pwent; int allowed = 0; @@ -739,6 +742,8 @@ mm_answer_pwnamallow(int sock, Buffer *m) buffer_put_cstring(m, pwent->pw_shell); out: + ssh_packet_set_log_preamble(ssh, "%suser %s", + authctxt->valid ? "authenticating" : "invalid ", authctxt->user); buffer_put_string(m, &options, sizeof(options)); #define M_CP_STROPT(x) do { \ |