diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 1999-11-22 21:02:40 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 1999-11-22 21:02:40 +0000 |
commit | e635c41f03fe35686ec48598b5ff248c2485d8bb (patch) | |
tree | 8521120e30f644f5a56001e3b3d4bc47b97bdb40 | |
parent | 2632baae61bff755f455a90159bc81cffae148f0 (diff) |
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
-rw-r--r-- | usr.bin/ssh/auth-rh-rsa.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/auth-rsa.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/channels.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/cipher.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/compat.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/log-client.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/log-server.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/log.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/packet.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/scp.c | 28 | ||||
-rw-r--r-- | usr.bin/ssh/serverloop.c | 12 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.h | 16 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.8 | 4 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 166 |
14 files changed, 160 insertions, 116 deletions
diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c index 77d685ebd48..abc7c2d6eeb 100644 --- a/usr.bin/ssh/auth-rh-rsa.c +++ b/usr.bin/ssh/auth-rh-rsa.c @@ -15,7 +15,7 @@ authentication. */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.6 1999/11/15 20:53:24 markus Exp $"); +RCSID("$Id: auth-rh-rsa.c,v 1.7 1999/11/22 21:02:38 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -96,7 +96,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, /* We have authenticated the user using .rhosts or /etc/hosts.equiv, and the host using RSA. We accept the authentication. */ - log("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", + verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", pw->pw_name, client_user, canonical_hostname); packet_send_debug("Rhosts with RSA host authentication accepted."); return 1; diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 382ac71a717..9a59e0ffba7 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -16,7 +16,7 @@ validity of the host key. */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.10 1999/11/18 14:00:48 markus Exp $"); +RCSID("$Id: auth-rsa.c,v 1.11 1999/11/22 21:02:38 markus Exp $"); #include "rsa.h" #include "packet.h" @@ -274,7 +274,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) if (!auth_rsa_challenge_dialog(e, n)) { /* Wrong response. */ - log("Wrong response to RSA authentication challenge."); + verbose("Wrong response to RSA authentication challenge."); packet_send_debug("Wrong response to RSA authentication challenge."); continue; } diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 94d7156b9f9..7f52276acf2 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection. */ #include "includes.h" -RCSID("$Id: channels.c,v 1.23 1999/11/19 19:58:18 markus Exp $"); +RCSID("$Id: channels.c,v 1.24 1999/11/22 21:02:38 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -904,7 +904,7 @@ void channel_request_remote_forwarding(int port, const char *host, int payload_len; /* Record locally that connection to this host/port is permitted. */ if (num_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION) - fatal("channel_request_remote_forwarding: too many forwards"); + fatal("channel_request_remote_forwarding: too many forwards"); /* XXX why panic? -markus */ permitted_opens[num_permitted_opens].host = xstrdup(host); permitted_opens[num_permitted_opens].port = remote_port; num_permitted_opens++; diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index c4283373ee0..b6f04d9a404 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -12,7 +12,7 @@ Created: Wed Apr 19 17:41:39 1995 ylo */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.14 1999/11/15 21:38:53 markus Exp $"); +RCSID("$Id: cipher.c,v 1.15 1999/11/22 21:02:38 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -264,7 +264,7 @@ void cipher_encrypt(CipherContext *context, unsigned char *dest, break; default: - fatal("cipher_encrypt: unknown cipher: %d", context->type); + fatal("cipher_encrypt: unknown cipher: %s", cipher_name(context->type)); } } @@ -299,6 +299,6 @@ void cipher_decrypt(CipherContext *context, unsigned char *dest, break; default: - fatal("cipher_decrypt: unknown cipher: %d", context->type); + fatal("cipher_decrypt: unknown cipher: %s", cipher_name(context->type)); } } diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index fa0579c3107..a0d27a5e3a4 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -1,10 +1,10 @@ #include "includes.h" -RCSID("$Id: compat.c,v 1.2 1999/10/16 22:29:01 markus Exp $"); +RCSID("$Id: compat.c,v 1.3 1999/11/22 21:02:38 markus Exp $"); #include "ssh.h" int compat13=0; void enable_compat13(void){ - log("Enabling compatibility mode for protocol 1.3"); + verbose("Enabling compatibility mode for protocol 1.3"); compat13=1; } diff --git a/usr.bin/ssh/log-client.c b/usr.bin/ssh/log-client.c index 92b47649a38..97e253062e7 100644 --- a/usr.bin/ssh/log-client.c +++ b/usr.bin/ssh/log-client.c @@ -15,7 +15,7 @@ This is a stripped down version of log-server.c. */ #include "includes.h" -RCSID("$Id: log-client.c,v 1.3 1999/11/10 23:36:44 markus Exp $"); +RCSID("$Id: log-client.c,v 1.4 1999/11/22 21:02:38 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -36,7 +36,7 @@ log_init(char *av0, LogLevel level, SyslogFacility ignored1, int ignored2) case SYSLOG_LEVEL_ERROR: case SYSLOG_LEVEL_FATAL: case SYSLOG_LEVEL_INFO: - case SYSLOG_LEVEL_CHAT: + case SYSLOG_LEVEL_VERBOSE: case SYSLOG_LEVEL_DEBUG: log_level = level; break; diff --git a/usr.bin/ssh/log-server.c b/usr.bin/ssh/log-server.c index 67b1062773a..7e37e136dc2 100644 --- a/usr.bin/ssh/log-server.c +++ b/usr.bin/ssh/log-server.c @@ -15,7 +15,7 @@ to the system log. */ #include "includes.h" -RCSID("$Id: log-server.c,v 1.8 1999/11/14 22:28:44 markus Exp $"); +RCSID("$Id: log-server.c,v 1.9 1999/11/22 21:02:38 markus Exp $"); #include <syslog.h> #include "packet.h" @@ -41,7 +41,7 @@ void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) case SYSLOG_LEVEL_ERROR: case SYSLOG_LEVEL_FATAL: case SYSLOG_LEVEL_INFO: - case SYSLOG_LEVEL_CHAT: + case SYSLOG_LEVEL_VERBOSE: case SYSLOG_LEVEL_DEBUG: log_level = level; break; @@ -119,9 +119,7 @@ do_log(LogLevel level, const char *fmt, va_list args) pri = LOG_ERR; break; case SYSLOG_LEVEL_INFO: - pri = LOG_INFO; - break; - case SYSLOG_LEVEL_CHAT: + case SYSLOG_LEVEL_VERBOSE: pri = LOG_INFO; break; case SYSLOG_LEVEL_DEBUG: diff --git a/usr.bin/ssh/log.c b/usr.bin/ssh/log.c index 1ce534ea57d..af5395da8f8 100644 --- a/usr.bin/ssh/log.c +++ b/usr.bin/ssh/log.c @@ -5,7 +5,7 @@ Shared versions of debug(), log(), etc. */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.2 1999/11/19 16:04:17 markus Exp $"); +RCSID("$OpenBSD: log.c,v 1.3 1999/11/22 21:02:38 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -47,11 +47,11 @@ log(const char *fmt, ...) /* More detailed messages (information that does not need to go to the log). */ void -chat(const char *fmt, ...) +verbose(const char *fmt, ...) { va_list args; va_start(args, fmt); - do_log(SYSLOG_LEVEL_CHAT, fmt, args); + do_log(SYSLOG_LEVEL_VERBOSE, fmt, args); va_end(args); } @@ -167,7 +167,7 @@ static struct { "FATAL", SYSLOG_LEVEL_FATAL }, { "ERROR", SYSLOG_LEVEL_ERROR }, { "INFO", SYSLOG_LEVEL_INFO }, - { "CHAT", SYSLOG_LEVEL_CHAT }, + { "VERBOSE", SYSLOG_LEVEL_VERBOSE }, { "DEBUG", SYSLOG_LEVEL_DEBUG }, { NULL, 0 } }; diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 6f0f3f0022d..f392fc4dbe9 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -15,7 +15,7 @@ with the other side. This same code is used both on client and server side. */ #include "includes.h" -RCSID("$Id: packet.c,v 1.12 1999/11/19 19:58:18 markus Exp $"); +RCSID("$Id: packet.c,v 1.13 1999/11/22 21:02:38 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -397,7 +397,7 @@ packet_read(int *payload_len_ptr) /* Read data from the socket. */ len = read(connection_in, buf, sizeof(buf)); if (len == 0) - fatal("Connection closed by remote host."); + fatal("Connection closed by %.200s", get_remote_ipaddr()); if (len < 0) fatal("Read from socket failed: %.100s", strerror(errno)); /* Append it to the buffer. */ @@ -513,7 +513,7 @@ packet_read_poll(int *payload_len_ptr) /* Handle disconnect message. */ if ((unsigned char)buf[0] == SSH_MSG_DISCONNECT) - fatal("%.900s", packet_get_string(NULL)); + fatal("Received disconnect: %.900s", packet_get_string(NULL)); /* Ignore ignore messages. */ if ((unsigned char)buf[0] == SSH_MSG_IGNORE) @@ -636,7 +636,7 @@ packet_disconnect(const char *fmt, ...) packet_close(); /* Display the error locally and exit. */ - fatal("Local: %.100s", buf); + fatal("Disconnecting: %.100s", buf); } /* Checks if there is any buffered output, and tries to write some of the diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index a3b65a9fd7d..b5efaa56cf2 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -42,11 +42,11 @@ and ssh has the necessary privileges.) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: scp.c,v 1.16 1999/11/17 09:20:17 deraadt Exp $ + * $Id: scp.c,v 1.17 1999/11/22 21:02:38 markus Exp $ */ #include "includes.h" -RCSID("$Id: scp.c,v 1.16 1999/11/17 09:20:17 deraadt Exp $"); +RCSID("$Id: scp.c,v 1.17 1999/11/22 21:02:38 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -76,7 +76,7 @@ off_t totalbytes = 0; char *curfile; /* This is set to non-zero to enable verbose mode. */ -int verbose = 0; +int verbose_mode = 0; /* This is set to non-zero if compression is desired. */ int compress = 0; @@ -106,7 +106,7 @@ int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) { int pin[2], pout[2], reserved[2]; - if (verbose) + if (verbose_mode) fprintf(stderr, "Executing: host %s, user %s, command %s\n", host, remuser ? remuser : "(unspecified)", cmd); @@ -142,7 +142,7 @@ int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) args[i++] = SSH_PROGRAM; args[i++] = "-x"; args[i++] = "-oFallBackToRsh no"; - if (verbose) + if (verbose_mode) args[i++] = "-v"; if (compress) args[i++] = "-C"; @@ -272,7 +272,7 @@ main(argc, argv) identity = optarg; break; case 'v': - verbose = 1; + verbose_mode = 1; break; case 'B': batchmode = 1; @@ -317,7 +317,7 @@ main(argc, argv) remin = remout = -1; /* Command to be executed on remote system using "ssh". */ - (void)sprintf(cmd, "scp%s%s%s%s", verbose ? " -v" : "", + (void)sprintf(cmd, "scp%s%s%s%s", verbose_mode ? " -v" : "", iamrecursive ? " -r" : "", pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); @@ -378,18 +378,18 @@ toremote(targ, argc, argv) continue; (void)sprintf(bp, "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", - SSH_PROGRAM, verbose ? " -v" : "", + SSH_PROGRAM, verbose_mode ? " -v" : "", suser, host, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } else (void)sprintf(bp, "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'", - SSH_PROGRAM, verbose ? " -v" : "", + SSH_PROGRAM, verbose_mode ? " -v" : "", argv[i], cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); - if (verbose) + if (verbose_mode) fprintf(stderr, "Executing: %s\n", bp); (void)system(bp); (void)xfree(bp); @@ -427,7 +427,7 @@ tolocal(argc, argv) (void)sprintf(bp, "exec %s%s%s %s %s", _PATH_CP, iamrecursive ? " -r" : "", pflag ? " -p" : "", argv[i], argv[argc - 1]); - if (verbose) + if (verbose_mode) fprintf(stderr, "Executing: %s\n", bp); if (system(bp)) ++errs; @@ -519,7 +519,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); (unsigned int)(stb.st_mode & FILEMODEMASK), (unsigned long)stb.st_size, last); - if (verbose) + if (verbose_mode) { fprintf(stderr, "Sending file modes: %s", buf); fflush(stderr); @@ -600,7 +600,7 @@ rsource(name, statp) (void)sprintf(path, "D%04o %d %.1024s\n", (unsigned int)(statp->st_mode & FILEMODEMASK), 0, last); - if (verbose) + if (verbose_mode) fprintf(stderr, "Entering directory: %s", path); (void)write(remout, path, strlen(path)); if (response() < 0) { @@ -976,7 +976,7 @@ run_err(const char *fmt, ...) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: scp.c,v 1.16 1999/11/17 09:20:17 deraadt Exp $ + * $Id: scp.c,v 1.17 1999/11/22 21:02:38 markus Exp $ */ char * diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 9961170a5b3..8294714d328 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -308,16 +308,20 @@ void process_input(fd_set *readset) if (FD_ISSET(connection_in, readset)) { len = read(connection_in, buf, sizeof(buf)); - if (len == 0) - fatal("Connection closed by remote host."); + if (len == 0) { + verbose("Connection closed by remote host."); + fatal_cleanup(); + } /* There is a kernel bug on Solaris that causes select to sometimes wake up even though there is no data available. */ if (len < 0 && errno == EAGAIN) len = 0; - if (len < 0) - fatal("Read error from remote host: %.100s", strerror(errno)); + if (len < 0) { + verbose("Read error from remote host: %.100s", strerror(errno)); + fatal_cleanup(); + } /* Buffer any received data. */ packet_process_incoming(buf, len); diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index b1de3d26564..85923137bbc 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -13,7 +13,7 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.22 1999/11/19 16:04:17 markus Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.23 1999/11/22 21:02:38 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -365,7 +365,7 @@ typedef enum SYSLOG_LEVEL_FATAL, SYSLOG_LEVEL_ERROR, SYSLOG_LEVEL_INFO, - SYSLOG_LEVEL_CHAT, + SYSLOG_LEVEL_VERBOSE, SYSLOG_LEVEL_DEBUG } LogLevel; @@ -380,12 +380,12 @@ SyslogFacility log_facility_number(char *name); LogLevel log_level_number(char *name); /* Output a message to syslog or stderr */ -void fatal(const char *fmt, ...); -void error(const char *fmt, ...); -void log(const char *fmt, ...); -void chat(const char *fmt, ...); -void debug(const char *fmt, ...); - +void fatal(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +void error(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +void log(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +void verbose(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); +void debug(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); + /* same as fatal() but w/o logging */ void fatal_cleanup(void); diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index c2162c0581c..ccdea15097e 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.26 1999/11/22 20:02:45 markus Exp $ +.\" $Id: sshd.8,v 1.27 1999/11/22 21:02:39 markus Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -328,7 +328,7 @@ The default is 600 (seconds). Gives the verbosity level that is used when logging messages from .Nm sshd . The possible values are: -QUIET, FATAL, ERROR, INFO, CHAT and DEBUG. +QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG. The default is INFO. Logging with level DEBUG violates the privacy of users and is not recommended. diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index afa9667058d..eda984b4788 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.61 1999/11/22 20:02:45 markus Exp $"); +RCSID("$Id: sshd.c,v 1.62 1999/11/22 21:02:39 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -190,7 +190,29 @@ void grace_alarm_handler(int sig) packet_close(); /* Log error and exit. */ - fatal("Timeout before authentication."); + fatal("Timeout before authentication for %s.", get_remote_ipaddr()); +} + +/* convert ssh auth msg type into description */ +char * +get_authname(int type) +{ + switch (type) { + case SSH_CMSG_AUTH_PASSWORD: + return "password"; + case SSH_CMSG_AUTH_RSA: + return "rsa"; + case SSH_CMSG_AUTH_RHOSTS_RSA: + return "rhosts-rsa"; + case SSH_CMSG_AUTH_RHOSTS: + return "rhosts"; +#ifdef KRB4 + case SSH_CMSG_AUTH_KERBEROS: + return "kerberos"; +#endif + } + fatal("get_authname: unknown auth %d: internal error", type); + return NULL; } /* Signal handler for the key regeneration alarm. Note that this @@ -242,6 +264,7 @@ main(int ac, char **av) struct sockaddr_in sin; char buf[100]; /* Must not be larger than remote_version. */ char remote_version[100]; /* Must be at least as big as buf. */ + const char *remote_ip; int remote_port; char *comment; FILE *f; @@ -610,6 +633,7 @@ main(int ac, char **av) packet_set_connection(sock_in, sock_out); remote_port = get_remote_port(); + remote_ip = get_remote_ipaddr(); /* Check whether logins are denied from this host. */ #ifdef LIBWRAP @@ -624,11 +648,11 @@ main(int ac, char **av) close(sock_out); refuse(&req); } - log("Connection from %.500s port %d", eval_client(&req), remote_port); + verbose("Connection from %.500s port %d", eval_client(&req), remote_port); } #else /* Log the connection. */ - log("Connection from %.100s port %d", get_remote_ipaddr(), remote_port); + verbose("Connection from %.500s port %d", remote_ip, remote_port); #endif /* LIBWRAP */ /* We don\'t want to listen forever unless the other side successfully @@ -648,13 +672,13 @@ main(int ac, char **av) snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); if (write(sock_out, buf, strlen(buf)) != strlen(buf)) - fatal("Could not write ident string."); + fatal("Could not write ident string to %s.", get_remote_ipaddr()); /* Read other side\'s version identification. */ for (i = 0; i < sizeof(buf) - 1; i++) { if (read(sock_in, &buf[i], 1) != 1) - fatal("Did not receive ident string."); + fatal("Did not receive ident string from %s.", get_remote_ipaddr()); if (buf[i] == '\r') { buf[i] = '\n'; @@ -680,7 +704,8 @@ main(int ac, char **av) (void) write(sock_out, s, strlen(s)); close(sock_in); close(sock_out); - fatal("Bad protocol version identification: %.100s", buf); + fatal("Bad protocol version identification '%.100s' from %s", + buf, get_remote_ipaddr()); } debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); @@ -690,7 +715,8 @@ main(int ac, char **av) (void) write(sock_out, s, strlen(s)); close(sock_in); close(sock_out); - fatal("Protocol major versions differ: %d vs. %d", + fatal("Protocol major versions differ for %s: %d vs. %d", + get_remote_ipaddr(), PROTOCOL_MAJOR, remote_major); } @@ -734,7 +760,7 @@ main(int ac, char **av) if (xauthfile) unlink(xauthfile); /* The connection has been terminated. */ - log("Closing connection to %.100s", inet_ntoa(sin.sin_addr)); + verbose("Closing connection to %.100s", remote_ip); packet_close(); exit(0); } @@ -851,7 +877,8 @@ do_connection() /* Private key has bigger modulus. */ if (BN_num_bits(sensitive_data.private_key->n) < BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) { - fatal("do_connection: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", + fatal("do_connection: %s: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", + get_remote_ipaddr(), BN_num_bits(sensitive_data.private_key->n), BN_num_bits(sensitive_data.host_key->n), SSH_KEY_BITS_RESERVED); @@ -867,7 +894,8 @@ do_connection() /* Host key has bigger modulus (or they are equal). */ if (BN_num_bits(sensitive_data.host_key->n) < BN_num_bits(sensitive_data.private_key->n) + SSH_KEY_BITS_RESERVED) { - fatal("do_connection: host_key %d < private_key %d + SSH_KEY_BITS_RESERVED %d", + fatal("do_connection: %s: host_key %d < private_key %d + SSH_KEY_BITS_RESERVED %d", + get_remote_ipaddr(), BN_num_bits(sensitive_data.host_key->n), BN_num_bits(sensitive_data.private_key->n), SSH_KEY_BITS_RESERVED); @@ -889,7 +917,8 @@ do_connection() BN_mask_bits(session_key_int, sizeof(session_key) * 8); len = BN_num_bytes(session_key_int); if (len < 0 || len > sizeof(session_key)) - fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d", + fatal("do_connection: bad len from %s: session_key_int %d > sizeof(session_key) %d", + get_remote_ipaddr(), len, sizeof(session_key)); memset(session_key, 0, sizeof(session_key)); BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len); @@ -1061,15 +1090,14 @@ do_authentication(char *user) auth_password(pw, "")) { /* Authentication with empty password succeeded. */ - debug("Login for user %.100s accepted without authentication.", user); + log("Login for user %s from %.100s, accepted without authentication.", + pw->pw_name, get_remote_ipaddr()); } else { /* Loop until the user has been authenticated or the connection is closed, do_authloop() returns only if authentication is successfull */ do_authloop(pw); } - /* XXX log unified auth message */ - /* Check if the user is logging in as root and root logins are disallowed. */ if (pw->pw_uid == 0 && !options.permit_root_login) { @@ -1089,30 +1117,36 @@ do_authentication(char *user) do_authenticated(pw); } -#define MAX_AUTH_FAILURES 5 +#define AUTH_FAIL_MAX 6 +#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) +#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" /* read packets and try to authenticate local user *pw. return if authentication is successfull */ void do_authloop(struct passwd *pw) { - int authentication_failures = 0; + int attempt = 0; unsigned int bits; BIGNUM *client_host_key_e, *client_host_key_n; BIGNUM *n; char *client_user, *password; + char user[1024]; int plen, dlen, nlen, ulen, elen; + int type = 0; + void (*authlog)(const char *fmt, ...) = verbose; /* Indicate that authentication is needed. */ packet_start(SSH_SMSG_FAILURE); packet_send(); packet_write_wait(); - for (;;) { + for (attempt = 1; ; attempt++) { int authenticated = 0; + strlcpy(user, "", sizeof user); /* Get a packet from the client. */ - int type = packet_read(&plen); + type = packet_read(&plen); /* Process the packet. */ switch (type) @@ -1122,7 +1156,7 @@ do_authloop(struct passwd *pw) if (!options.kerberos_tgt_passing) { /* packet_get_all(); */ - log("Kerberos tgt passing disabled."); + verbose("Kerberos tgt passing disabled."); break; } else { @@ -1130,7 +1164,7 @@ do_authloop(struct passwd *pw) char *tgt = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); if (!auth_kerberos_tgt(pw, tgt)) - debug("Kerberos tgt REFUSED for %s", pw->pw_name); + verbose("Kerberos tgt REFUSED for %s", pw->pw_name); xfree(tgt); } continue; @@ -1138,7 +1172,7 @@ do_authloop(struct passwd *pw) case SSH_CMSG_HAVE_AFS_TOKEN: if (!options.afs_token_passing || !k_hasafs()) { /* packet_get_all(); */ - log("AFS token passing disabled."); + verbose("AFS token passing disabled."); break; } else { @@ -1146,7 +1180,7 @@ do_authloop(struct passwd *pw) char *token_string = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); if (!auth_afs_token(pw, token_string)) - debug("AFS token REFUSED for %s", pw->pw_name); + verbose("AFS token REFUSED for %s", pw->pw_name); xfree(token_string); } continue; @@ -1157,7 +1191,7 @@ do_authloop(struct passwd *pw) if (!options.kerberos_authentication) { /* packet_get_all(); */ - log("Kerberos authentication disabled."); + verbose("Kerberos authentication disabled."); break; } else { @@ -1173,12 +1207,10 @@ do_authloop(struct passwd *pw) authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user); - log("Kerberos authentication %s%s for account %s from %s", - authenticated ? "accepted " : "failed", - tkt_user != NULL ? tkt_user : "", - pw->pw_name, get_canonical_hostname()); - if (authenticated) + if (authenticated) { + snprintf(user, sizeof user, " tktuser %s", tkt_user); xfree(tkt_user); + } } break; #endif /* KRB4 */ @@ -1186,29 +1218,27 @@ do_authloop(struct passwd *pw) case SSH_CMSG_AUTH_RHOSTS: if (!options.rhosts_authentication) { - log("Rhosts authentication disabled."); + verbose("Rhosts authentication disabled."); break; } /* Get client user name. Note that we just have to trust the client; this is one reason why rhosts authentication is insecure. (Another is IP-spoofing on a local network.) */ - client_user = packet_get_string(&dlen); - packet_integrity_check(plen, 4 + dlen, type); + client_user = packet_get_string(&ulen); + packet_integrity_check(plen, 4 + ulen, type); /* Try to authenticate using /etc/hosts.equiv and .rhosts. */ authenticated = auth_rhosts(pw, client_user); - log("Rhosts authentication %s for %.100s, remote %.100s on %.700s.", - authenticated ? "accepted" : "failed", - pw->pw_name, client_user, get_canonical_hostname()); + snprintf(user, sizeof user, " ruser %s", client_user); xfree(client_user); break; case SSH_CMSG_AUTH_RHOSTS_RSA: if (!options.rhosts_rsa_authentication) { - log("Rhosts with RSA authentication disabled."); + verbose("Rhosts with RSA authentication disabled."); break; } @@ -1231,18 +1261,17 @@ do_authloop(struct passwd *pw) authenticated = auth_rhosts_rsa(pw, client_user, client_host_key_e, client_host_key_n); - log("Rhosts authentication %s for %.100s, remote %.100s.", - authenticated ? "accepted" : "failed", - pw->pw_name, client_user); - xfree(client_user); BN_clear_free(client_host_key_e); BN_clear_free(client_host_key_n); + + snprintf(user, sizeof user, " ruser %s", client_user); + xfree(client_user); break; case SSH_CMSG_AUTH_RSA: if (!options.rsa_authentication) { - log("RSA authentication disabled."); + verbose("RSA authentication disabled."); break; } @@ -1250,18 +1279,14 @@ do_authloop(struct passwd *pw) n = BN_new(); packet_get_bignum(n, &nlen); packet_integrity_check(plen, nlen, type); - authenticated = auth_rsa(pw, n); - log("RSA authentication %s for %.100s.", - authenticated ? "accepted" : "failed", - pw->pw_name); BN_clear_free(n); break; case SSH_CMSG_AUTH_PASSWORD: if (!options.password_authentication) { - log("Password authentication disabled."); + verbose("Password authentication disabled."); break; } @@ -1273,9 +1298,6 @@ do_authloop(struct passwd *pw) /* Try authentication with the password. */ authenticated = auth_password(pw, password); - log("Password authentication %s for %.100s.", - authenticated ? "accepted" : "failed", - pw->pw_name); memset(password, 0, strlen(password)); xfree(password); @@ -1290,14 +1312,29 @@ do_authloop(struct passwd *pw) /* Any unknown messages will be ignored (and failure returned) during authentication. */ log("Unknown message during authentication: type %d", type); - break; /* Respond with a failure message. */ + break; } + /* Raise logging level */ + if (authenticated || + attempt == AUTH_FAIL_LOG || + type == SSH_CMSG_AUTH_PASSWORD) + authlog = log; + + authlog("%s %s for %.200s from %.200s port %d%s", + authenticated ? "Accepted" : "Failed", + get_authname(type), + pw->pw_uid == 0 ? "ROOT" : pw->pw_name, + get_remote_ipaddr(), + get_remote_port(), + user); + if (authenticated) - break; - if (++authentication_failures >= MAX_AUTH_FAILURES) - packet_disconnect("Too many authentication failures for %.100s from %.200s", - pw->pw_name, get_canonical_hostname()); + return; + + if (attempt > AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); + /* Send a message indicating that the authentication attempt failed. */ packet_start(SSH_SMSG_FAILURE); packet_send(); @@ -1310,7 +1347,12 @@ do_authloop(struct passwd *pw) void do_fake_authloop(char *user) { - int authentication_failures = 0; + int attempt = 0; + + log("Faking authloop for illegal user %.200s from %.200s port %d", + user, + get_remote_ipaddr(), + get_remote_port()); /* Indicate that authentication is needed. */ packet_start(SSH_SMSG_FAILURE); @@ -1319,28 +1361,28 @@ do_fake_authloop(char *user) /* Keep reading packets, and always respond with a failure. This is to avoid disclosing whether such a user really exists. */ - for (;;) + for (attempt = 1; ; attempt++) { /* Read a packet. This will not return if the client disconnects. */ int plen; int type = packet_read(&plen); #ifdef SKEY - int passw_len; + int dlen; char *password, *skeyinfo; if (options.password_authentication && options.skey_authentication == 1 && type == SSH_CMSG_AUTH_PASSWORD && - (password = packet_get_string(&passw_len)) != NULL && - passw_len == 5 && + (password = packet_get_string(&dlen)) != NULL && + dlen == 5 && strncasecmp(password, "s/key", 5) == 0 && (skeyinfo = skey_fake_keyinfo(user)) != NULL ){ /* Send a fake s/key challenge. */ packet_send_debug(skeyinfo); } #endif - if (++authentication_failures >= MAX_AUTH_FAILURES) - packet_disconnect("Too many authentication failures for %.100s from %.200s", - user, get_canonical_hostname()); + if (attempt > AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, user); + /* Send failure. This should be indistinguishable from a failed authentication. */ packet_start(SSH_SMSG_FAILURE); |