- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
diff --git a/auth1.c b/auth1.c
index 2a9d18b..aeb5d8c 100644
--- a/auth1.c
+++ b/auth1.c
@@ -247,8 +247,12 @@
#else
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
- !auth_root_allowed(get_authname(type)))
+ !auth_root_allowed(get_authname(type))) {
authenticated = 0;
+# ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(LOGIN_ROOT_DENIED));
+# endif
+ }
#endif
#ifdef USE_PAM
@@ -283,8 +287,12 @@
if (authenticated)
return;
- if (authctxt->failures++ > options.max_authtries)
+ if (authctxt->failures++ > options.max_authtries) {
+#ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
+#endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ }
packet_start(SSH_SMSG_FAILURE);
packet_send();