- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
diff --git a/auth2.c b/auth2.c
index 60e261f..2727e0f 100644
--- a/auth2.c
+++ b/auth2.c
@@ -167,6 +167,9 @@
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
+#ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(INVALID_USER));
+#endif
}
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
@@ -214,8 +217,12 @@
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
- !auth_root_allowed(method))
+ !auth_root_allowed(method)) {
authenticated = 0;
+#ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(LOGIN_ROOT_DENIED));
+#endif
+ }
#ifdef USE_PAM
if (options.use_pam && authenticated) {
@@ -255,8 +262,12 @@
/* now we can break out */
authctxt->success = 1;
} else {
- if (authctxt->failures++ > options.max_authtries)
+ if (authctxt->failures++ > options.max_authtries) {
+#ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
+#endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ }
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);