- djm@cvs.openbsd.org 2014/07/03 11:16:55
[auth.c auth.h auth1.c auth2.c]
make the "Too many authentication failures" message include the
user, source address, port and protocol in a format similar to the
authentication success / failure messages; bz#2199, ok dtucker
diff --git a/ChangeLog b/ChangeLog
index 788d917..48f19a3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -58,6 +58,11 @@
- jmc@cvs.openbsd.org 2014/07/03 07:45:27
[ssh_config.5]
escape %C since groff thinks it part of an Rs/Re block;
+ - djm@cvs.openbsd.org 2014/07/03 11:16:55
+ [auth.c auth.h auth1.c auth2.c]
+ make the "Too many authentication failures" message include the
+ user, source address, port and protocol in a format similar to the
+ authentication success / failure messages; bz#2199, ok dtucker
20140702
- OpenBSD CVS Sync
diff --git a/auth.c b/auth.c
index fcb314c..890dde0 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: auth.c,v 1.105 2014/07/03 11:16:55 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -326,6 +326,20 @@
#endif
}
+
+void
+auth_maxtries_exceeded(Authctxt *authctxt)
+{
+ packet_disconnect("Too many authentication failures for "
+ "%s%.100s from %.200s port %d %s",
+ authctxt->valid ? "" : "invalid user ",
+ authctxt->user,
+ get_remote_ipaddr(),
+ get_remote_port(),
+ compat20 ? "ssh2" : "ssh1");
+ /* NOTREACHED */
+}
+
/*
* Check whether root logins are disallowed.
*/
diff --git a/auth.h b/auth.h
index 124e597..d081c94 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.77 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -154,6 +154,7 @@
__attribute__((__format__ (printf, 2, 3)))
__attribute__((__nonnull__ (2)));
void auth_log(Authctxt *, int, int, const char *, const char *);
+void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
void userauth_finish(Authctxt *, int, const char *, const char *);
int auth_root_allowed(const char *);
@@ -210,8 +211,6 @@
int sys_auth_passwd(Authctxt *, const char *);
-#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
-
#define SKEY_PROMPT "\nS/Key Password: "
#if defined(KRB5) && !defined(HEIMDAL)
diff --git a/auth1.c b/auth1.c
index 0f870b3..d758a3d 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.81 2014/07/03 11:16:55 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -363,7 +363,7 @@
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
- packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ auth_maxtries_exceeded(authctxt);
}
packet_start(SSH_SMSG_FAILURE);
diff --git a/auth2.c b/auth2.c
index a5490c0..6572381 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.130 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.131 2014/07/03 11:16:55 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -362,7 +362,7 @@
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
- packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ auth_maxtries_exceeded(authctxt);
}
methods = authmethods_get(authctxt);
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,