upstream commit
use ssh_packet_set_log_preamble() to include connection
username in packet log messages, e.g.
Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
ok markus@ bz#113
Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
diff --git a/auth2.c b/auth2.c
index 9108b86..97dd2ef 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -212,6 +212,7 @@
static int
input_userauth_request(int type, u_int32_t seq, void *ctxt)
{
+ struct ssh *ssh = active_state; /* XXX */
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
@@ -235,9 +236,10 @@
authctxt->user = xstrdup(user);
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
- debug2("input_userauth_request: setting up authctxt for %s", user);
+ debug2("%s: setting up authctxt for %s",
+ __func__, user);
} else {
- logit("input_userauth_request: invalid user %s", user);
+ /* Invalid user, fake password information */
authctxt->pw = fakepw();
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_INVALID_USER));
@@ -247,6 +249,8 @@
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
+ ssh_packet_set_log_preamble(ssh, "%suser %s",
+ authctxt->valid ? "authenticating " : "invalid ", user);
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service);
@@ -292,6 +296,7 @@
userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
const char *submethod)
{
+ struct ssh *ssh = active_state; /* XXX */
char *methods;
int partial = 0;
@@ -353,6 +358,7 @@
packet_write_wait();
/* now we can break out */
authctxt->success = 1;
+ ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
} else {
/* Allow initial try of "none" auth without failure penalty */