dropbear: svr-session.c comparison

comparison svr-session.c @ 1665:7c17995bcdfb

Improve address logging on early exit messages (#83) Change 'Early exit' and 'Exit before auth' messages to include the IP address & port as part of the message. This allows log scanning utilities such as 'fail2ban' to obtain the offending IP address as part of the failure event instead of extracting the PID from the message and then scanning the log again for match 'child connection from' messages Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>

author	Kevin Darbyshire-Bryant <6500011+ldir-EDB0@users.noreply.github.com>
date	Wed, 18 Mar 2020 15:28:56 +0000
parents	cc0fc5131c5c
children	c148e7afa0d1

comparison

equal deleted inserted replaced

-:871484eac157
+:7c17995bcdfb
 	vsnprintf(exitmsg, sizeof(exitmsg), format, param);
 	/* Add the prefix depending on session/auth state */
 	if (!ses.init_done) {
 		/* before session init */
-		snprintf(fullmsg, sizeof(fullmsg), "Early exit: %s", exitmsg);
+		snprintf(fullmsg, sizeof(fullmsg), "Early exit from <%s> %s", svr_ses.addrstring, exitmsg);
 	} else if (ses.authstate.authdone) {
 		/* user has authenticated */
 		snprintf(fullmsg, sizeof(fullmsg),
 				"Exit (%s): %s",
 				ses.authstate.pw_name, exitmsg);
 	} else if (ses.authstate.pw_name) {
 		/* we have a potential user */
 		snprintf(fullmsg, sizeof(fullmsg),
-				"Exit before auth (user '%s', %u fails): %s",
+				"Exit before auth from <%s> (user '%s', %u fails): %s",
-				ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
+				svr_ses.addrstring, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
 	} else {
 		/* before userauth */
-		snprintf(fullmsg, sizeof(fullmsg), "Exit before auth: %s", exitmsg);
+		snprintf(fullmsg, sizeof(fullmsg), "Exit before auth from <%s> %s", svr_ses.addrstring, exitmsg);
 	}
 	dropbear_log(LOG_INFO, "%s", fullmsg);
 #if DROPBEAR_VFORK

Mercurial > dropbear

comparison svr-session.c @ 1665:7c17995bcdfb