Changeset View
Changeset View
Standalone View
Standalone View
head/crypto/openssh/auth.c
Show First 20 Lines • Show All 69 Lines • ▼ Show 20 Lines | |||||
#ifdef GSSAPI | #ifdef GSSAPI | ||||
#include "ssh-gss.h" | #include "ssh-gss.h" | ||||
#endif | #endif | ||||
#include "authfile.h" | #include "authfile.h" | ||||
#include "monitor_wrap.h" | #include "monitor_wrap.h" | ||||
#include "authfile.h" | #include "authfile.h" | ||||
#include "ssherr.h" | #include "ssherr.h" | ||||
#include "compat.h" | #include "compat.h" | ||||
#include "blacklist_client.h" | |||||
/* import */ | /* import */ | ||||
extern ServerOptions options; | extern ServerOptions options; | ||||
extern int use_privsep; | extern int use_privsep; | ||||
extern Buffer loginmsg; | extern Buffer loginmsg; | ||||
extern struct passwd *privsep_pw; | extern struct passwd *privsep_pw; | ||||
/* Debugging messages */ | /* Debugging messages */ | ||||
▲ Show 20 Lines • Show All 201 Lines • ▼ Show 20 Lines | if (authenticated == 1 || | ||||
authctxt->failures >= options.max_authtries / 2 || | authctxt->failures >= options.max_authtries / 2 || | ||||
strcmp(method, "password") == 0) | strcmp(method, "password") == 0) | ||||
authlog = logit; | authlog = logit; | ||||
if (authctxt->postponed) | if (authctxt->postponed) | ||||
authmsg = "Postponed"; | authmsg = "Postponed"; | ||||
else if (partial) | else if (partial) | ||||
authmsg = "Partial"; | authmsg = "Partial"; | ||||
else | else { | ||||
authmsg = authenticated ? "Accepted" : "Failed"; | authmsg = authenticated ? "Accepted" : "Failed"; | ||||
BLACKLIST_NOTIFY(authenticated ? | |||||
BLACKLIST_AUTH_OK : BLACKLIST_AUTH_FAIL); | |||||
} | |||||
authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", | authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", | ||||
authmsg, | authmsg, | ||||
method, | method, | ||||
submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, | ||||
authctxt->valid ? "" : "invalid user ", | authctxt->valid ? "" : "invalid user ", | ||||
authctxt->user, | authctxt->user, | ||||
get_remote_ipaddr(), | get_remote_ipaddr(), | ||||
▲ Show 20 Lines • Show All 330 Lines • ▼ Show 20 Lines | #ifdef HAVE_CYGWIN | ||||
*/ | */ | ||||
if (pw != NULL && strcmp(user, pw->pw_name) != 0) { | if (pw != NULL && strcmp(user, pw->pw_name) != 0) { | ||||
logit("Login name %.100s does not match stored username %.100s", | logit("Login name %.100s does not match stored username %.100s", | ||||
user, pw->pw_name); | user, pw->pw_name); | ||||
pw = NULL; | pw = NULL; | ||||
} | } | ||||
#endif | #endif | ||||
if (pw == NULL) { | if (pw == NULL) { | ||||
BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL); | |||||
logit("Invalid user %.100s from %.100s", | logit("Invalid user %.100s from %.100s", | ||||
user, get_remote_ipaddr()); | user, get_remote_ipaddr()); | ||||
#ifdef CUSTOM_FAILED_LOGIN | #ifdef CUSTOM_FAILED_LOGIN | ||||
record_failed_login(user, | record_failed_login(user, | ||||
get_canonical_hostname(options.use_dns), "ssh"); | get_canonical_hostname(options.use_dns), "ssh"); | ||||
#endif | #endif | ||||
#ifdef SSH_AUDIT_EVENTS | #ifdef SSH_AUDIT_EVENTS | ||||
audit_event(SSH_INVALID_USER); | audit_event(SSH_INVALID_USER); | ||||
▲ Show 20 Lines • Show All 126 Lines • Show Last 20 Lines |