diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2014-07-03 11:16:56 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2014-07-03 11:16:56 +0000 |
| commit | f96313b2e43d4c6392e2324b175e92e7eb3686f1 (patch) | |
| tree | 0a19972189a865fdb67b40597d5353a2b74dc7a1 | |
| parent | 9bbaf06cd021b8f130186aba2ab423de1b6ef145 (diff) | |
make the "Too many authentication failures" message include the
user, source address, port and protocol in a format similar to the
authentication success / failure messages; bz#2199, ok dtucker
| -rw-r--r-- | usr.bin/ssh/auth.c | 15 | ||||
| -rw-r--r-- | usr.bin/ssh/auth.h | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/auth1.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/auth2.c | 4 |
4 files changed, 20 insertions, 8 deletions
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 72b88c207da..afde0c7587d 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: auth.c,v 1.105 2014/07/03 11:16:55 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -236,6 +236,19 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, authctxt->info = NULL; } +void +auth_maxtries_exceeded(Authctxt *authctxt) +{ + packet_disconnect("Too many authentication failures for " + "%s%.100s from %.200s port %d %s", + authctxt->valid ? "" : "invalid user ", + authctxt->user, + get_remote_ipaddr(), + get_remote_port(), + compat20 ? "ssh2" : "ssh1"); + /* NOTREACHED */ +} + /* * Check whether root logins are disallowed. */ diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index fc4374bd041..5287635fc3a 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.77 2014/01/29 06:18:35 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -133,6 +133,7 @@ void auth_info(Authctxt *authctxt, const char *, ...) __attribute__((__format__ (printf, 2, 3))) __attribute__((__nonnull__ (2))); void auth_log(Authctxt *, int, int, const char *, const char *); +void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); void userauth_finish(Authctxt *, int, const char *, const char *); int auth_root_allowed(const char *); @@ -184,6 +185,4 @@ void auth_debug_reset(void); struct passwd *fakepw(void); -#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" - #endif diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index 6d01c52e637..0b3615162d4 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.81 2014/07/03 11:16:55 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -297,7 +297,7 @@ do_authloop(Authctxt *authctxt) return; if (++authctxt->failures >= options.max_authtries) - packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + auth_maxtries_exceeded(authctxt); packet_start(SSH_SMSG_FAILURE); packet_send(); diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 72321dc408d..4767e6e6c0d 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.130 2014/01/29 06:18:35 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.131 2014/07/03 11:16:55 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -312,7 +312,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; if (authctxt->failures >= options.max_authtries) - packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + auth_maxtries_exceeded(authctxt); methods = authmethods_get(authctxt); debug3("%s: failure partial=%d next methods=\"%s\"", __func__, partial, methods); |