changeset 158:364a75cfebab

Log the IP along with auth success/fail attempts
author Matt Johnston <matt@ucc.asn.au>
date Thu, 23 Dec 2004 17:00:15 +0000
parents 8c2b3506f112
children 4bd4fc8023bd
files session.h svr-auth.c svr-authpam.c svr-authpasswd.c svr-authpubkey.c svr-main.c svr-session.c
diffstat 7 files changed, 37 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/session.h	Wed Dec 22 15:37:50 2004 +0000
+++ b/session.h	Thu Dec 23 17:00:15 2004 +0000
@@ -48,7 +48,7 @@
 
 
 /* Server */
-void svr_session(int sock, int childpipe, char *remotehost);
+void svr_session(int sock, int childpipe, char *remotehost, char *addrstring);
 void svr_dropbear_exit(int exitcode, const char* format, va_list param);
 void svr_dropbear_log(int priority, const char* format, va_list param);
 
@@ -180,6 +180,9 @@
 	 * svr-chansession.c for details */
 	struct exitinfo lastexit;
 
+	/* The numeric address they connected from, used for logging */
+	char * addrstring;
+
 };
 
 typedef enum {
--- a/svr-auth.c	Wed Dec 22 15:37:50 2004 +0000
+++ b/svr-auth.c	Thu Dec 23 17:00:15 2004 +0000
@@ -205,7 +205,8 @@
 		strcmp(username, ses.authstate.username) != 0) {
 			/* the username needs resetting */
 			if (ses.authstate.username != NULL) {
-				dropbear_log(LOG_WARNING, "client trying multiple usernames");
+				dropbear_log(LOG_WARNING, "client trying multiple usernames from %s",
+							svr_ses.addrstring);
 				m_free(ses.authstate.username);
 			}
 			authclear();
@@ -218,7 +219,8 @@
 	if (ses.authstate.pw == NULL) {
 		TRACE(("leave checkusername: user '%s' doesn't exist", username));
 		dropbear_log(LOG_WARNING,
-				"login attempt for nonexistent user");
+				"login attempt for nonexistent user from %s",
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 		return DROPBEAR_FAILURE;
 	}
@@ -336,7 +338,8 @@
 		} else {
 			userstr = ses.authstate.printableuser;
 		}
-		dropbear_exit("Max auth tries reached - user %s", userstr);
+		dropbear_exit("Max auth tries reached - user '%s' from %s",
+				userstr, svr_ses.addrstring);
 	}
 	
 	TRACE(("leave send_msg_userauth_failure"));
--- a/svr-authpam.c	Wed Dec 22 15:37:50 2004 +0000
+++ b/svr-authpam.c	Thu Dec 23 17:00:15 2004 +0000
@@ -194,8 +194,9 @@
 		dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", 
 				rc, pam_strerror(pamHandlep, rc));
 		dropbear_log(LOG_WARNING,
-				"bad PAM password attempt for '%s'",
-				ses.authstate.printableuser);
+				"bad PAM password attempt for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 		goto cleanup;
 	}
@@ -204,15 +205,17 @@
 		dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", 
 				rc, pam_strerror(pamHandlep, rc));
 		dropbear_log(LOG_WARNING,
-				"bad PAM password attempt for '%s'",
-				ses.authstate.printableuser);
+				"bad PAM password attempt for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 		goto cleanup;
 	}
 
 	/* successful authentication */
-	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s'",
-			ses.authstate.printableuser);
+	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
+			ses.authstate.printableuser,
+			svr_ses.addrstring);
 	send_msg_userauth_success();
 
 cleanup:
--- a/svr-authpasswd.c	Wed Dec 22 15:37:50 2004 +0000
+++ b/svr-authpasswd.c	Thu Dec 23 17:00:15 2004 +0000
@@ -88,13 +88,15 @@
 	if (strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */
 		dropbear_log(LOG_NOTICE, 
-				"password auth succeeded for '%s'",
-				ses.authstate.printableuser);
+				"password auth succeeded for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_success();
 	} else {
 		dropbear_log(LOG_WARNING,
-				"bad password attempt for '%s'",
-				ses.authstate.printableuser);
+				"bad password attempt for '%s' from %s",
+				ses.authstate.printableuser,
+				svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 	}
 
--- a/svr-authpubkey.c	Wed Dec 22 15:37:50 2004 +0000
+++ b/svr-authpubkey.c	Thu Dec 23 17:00:15 2004 +0000
@@ -104,13 +104,13 @@
 	if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len),
 				signbuf->len) == DROPBEAR_SUCCESS) {
 		dropbear_log(LOG_NOTICE,
-				"pubkey auth succeeded for '%s' with key %s",
-				ses.authstate.printableuser, fp);
+				"pubkey auth succeeded for '%s' with key %s from %s",
+				ses.authstate.printableuser, fp, svr_ses.addrstring);
 		send_msg_userauth_success();
 	} else {
 		dropbear_log(LOG_WARNING,
-				"pubkey auth bad signature for '%s' with key %s",
-				ses.authstate.printableuser, fp);
+				"pubkey auth bad signature for '%s' with key %s from %s",
+				ses.authstate.printableuser, fp, svr_ses.addrstring);
 		send_msg_userauth_failure(0, 1);
 	}
 	m_free(fp);
@@ -165,8 +165,8 @@
 	/* check that we can use the algo */
 	if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
 		dropbear_log(LOG_WARNING,
-				"pubkey auth attempt with unknown algo for '%s'",
-				ses.authstate.printableuser);
+				"pubkey auth attempt with unknown algo for '%s' from %s",
+				ses.authstate.printableuser, svr_ses.addrstring);
 		goto out;
 	}
 
--- a/svr-main.c	Wed Dec 22 15:37:50 2004 +0000
+++ b/svr-main.c	Thu Dec 23 17:00:15 2004 +0000
@@ -94,7 +94,6 @@
 	/* In case our inetd was lax in logging source addresses */
 	addrstring = getaddrstring(&remoteaddr, 1);
 	dropbear_log(LOG_INFO, "Child connection from %s", addrstring);
-	m_free(addrstring);
 
 	/* Don't check the return value - it may just fail since inetd has
 	 * already done setsid() after forking (xinetd on Darwin appears to do
@@ -104,7 +103,7 @@
 	/* Start service program 
 	 * -1 is a dummy childpipe, just something we can close() without 
 	 * mattering. */
-	svr_session(0, -1, getaddrhostname(&remoteaddr));
+	svr_session(0, -1, getaddrhostname(&remoteaddr), addrstring);
 
 	/* notreached */
 }
@@ -264,7 +263,6 @@
 
 				addrstring = getaddrstring(&remoteaddr, 1);
 				dropbear_log(LOG_INFO, "Child connection from %s", addrstring);
-				m_free(addrstring);
 
 				if (setsid() < 0) {
 					dropbear_exit("setsid: %s", strerror(errno));
@@ -283,7 +281,8 @@
 
 				/* start the session */
 				svr_session(childsock, childpipe[1], 
-								getaddrhostname(&remoteaddr));
+								getaddrhostname(&remoteaddr),
+								addrstring);
 				/* don't return */
 				assert(0);
 			}
--- a/svr-session.c	Wed Dec 22 15:37:50 2004 +0000
+++ b/svr-session.c	Thu Dec 23 17:00:15 2004 +0000
@@ -74,7 +74,8 @@
 	NULL /* Null termination is mandatory. */
 };
 
-void svr_session(int sock, int childpipe, char* remotehost) {
+void svr_session(int sock, int childpipe, 
+		char* remotehost, char *addrstring) {
 
 	struct timeval timeout;
 	
@@ -83,6 +84,7 @@
 
 	/* Initialise server specific parts of the session */
 	svr_ses.childpipe = childpipe;
+	svr_ses.addrstring = addrstring;
 	svr_authinitialise();
 	chaninitialise(svr_chantypes);
 	svr_chansessinitialise();