comparison svr-session.c @ 1665:7c17995bcdfb

Improve address logging on early exit messages (#83) Change 'Early exit' and 'Exit before auth' messages to include the IP address & port as part of the message. This allows log scanning utilities such as 'fail2ban' to obtain the offending IP address as part of the failure event instead of extracting the PID from the message and then scanning the log again for match 'child connection from' messages Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
author Kevin Darbyshire-Bryant <6500011+ldir-EDB0@users.noreply.github.com>
date Wed, 18 Mar 2020 15:28:56 +0000
parents cc0fc5131c5c
children c148e7afa0d1
comparison
equal deleted inserted replaced
1664:871484eac157 1665:7c17995bcdfb
220 vsnprintf(exitmsg, sizeof(exitmsg), format, param); 220 vsnprintf(exitmsg, sizeof(exitmsg), format, param);
221 221
222 /* Add the prefix depending on session/auth state */ 222 /* Add the prefix depending on session/auth state */
223 if (!ses.init_done) { 223 if (!ses.init_done) {
224 /* before session init */ 224 /* before session init */
225 snprintf(fullmsg, sizeof(fullmsg), "Early exit: %s", exitmsg); 225 snprintf(fullmsg, sizeof(fullmsg), "Early exit from <%s> %s", svr_ses.addrstring, exitmsg);
226 } else if (ses.authstate.authdone) { 226 } else if (ses.authstate.authdone) {
227 /* user has authenticated */ 227 /* user has authenticated */
228 snprintf(fullmsg, sizeof(fullmsg), 228 snprintf(fullmsg, sizeof(fullmsg),
229 "Exit (%s): %s", 229 "Exit (%s): %s",
230 ses.authstate.pw_name, exitmsg); 230 ses.authstate.pw_name, exitmsg);
231 } else if (ses.authstate.pw_name) { 231 } else if (ses.authstate.pw_name) {
232 /* we have a potential user */ 232 /* we have a potential user */
233 snprintf(fullmsg, sizeof(fullmsg), 233 snprintf(fullmsg, sizeof(fullmsg),
234 "Exit before auth (user '%s', %u fails): %s", 234 "Exit before auth from <%s> (user '%s', %u fails): %s",
235 ses.authstate.pw_name, ses.authstate.failcount, exitmsg); 235 svr_ses.addrstring, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
236 } else { 236 } else {
237 /* before userauth */ 237 /* before userauth */
238 snprintf(fullmsg, sizeof(fullmsg), "Exit before auth: %s", exitmsg); 238 snprintf(fullmsg, sizeof(fullmsg), "Exit before auth from <%s> %s", svr_ses.addrstring, exitmsg);
239 } 239 }
240 240
241 dropbear_log(LOG_INFO, "%s", fullmsg); 241 dropbear_log(LOG_INFO, "%s", fullmsg);
242 242
243 #if DROPBEAR_VFORK 243 #if DROPBEAR_VFORK