Mercurial > dropbear
changeset 158:364a75cfebab
Log the IP along with auth success/fail attempts
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 23 Dec 2004 17:00:15 +0000 |
parents | 8c2b3506f112 |
children | 4bd4fc8023bd |
files | session.h svr-auth.c svr-authpam.c svr-authpasswd.c svr-authpubkey.c svr-main.c svr-session.c |
diffstat | 7 files changed, 37 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
--- a/session.h Wed Dec 22 15:37:50 2004 +0000 +++ b/session.h Thu Dec 23 17:00:15 2004 +0000 @@ -48,7 +48,7 @@ /* Server */ -void svr_session(int sock, int childpipe, char *remotehost); +void svr_session(int sock, int childpipe, char *remotehost, char *addrstring); void svr_dropbear_exit(int exitcode, const char* format, va_list param); void svr_dropbear_log(int priority, const char* format, va_list param); @@ -180,6 +180,9 @@ * svr-chansession.c for details */ struct exitinfo lastexit; + /* The numeric address they connected from, used for logging */ + char * addrstring; + }; typedef enum {
--- a/svr-auth.c Wed Dec 22 15:37:50 2004 +0000 +++ b/svr-auth.c Thu Dec 23 17:00:15 2004 +0000 @@ -205,7 +205,8 @@ strcmp(username, ses.authstate.username) != 0) { /* the username needs resetting */ if (ses.authstate.username != NULL) { - dropbear_log(LOG_WARNING, "client trying multiple usernames"); + dropbear_log(LOG_WARNING, "client trying multiple usernames from %s", + svr_ses.addrstring); m_free(ses.authstate.username); } authclear(); @@ -218,7 +219,8 @@ if (ses.authstate.pw == NULL) { TRACE(("leave checkusername: user '%s' doesn't exist", username)); dropbear_log(LOG_WARNING, - "login attempt for nonexistent user"); + "login attempt for nonexistent user from %s", + svr_ses.addrstring); send_msg_userauth_failure(0, 1); return DROPBEAR_FAILURE; } @@ -336,7 +338,8 @@ } else { userstr = ses.authstate.printableuser; } - dropbear_exit("Max auth tries reached - user %s", userstr); + dropbear_exit("Max auth tries reached - user '%s' from %s", + userstr, svr_ses.addrstring); } TRACE(("leave send_msg_userauth_failure"));
--- a/svr-authpam.c Wed Dec 22 15:37:50 2004 +0000 +++ b/svr-authpam.c Thu Dec 23 17:00:15 2004 +0000 @@ -194,8 +194,9 @@ dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", rc, pam_strerror(pamHandlep, rc)); dropbear_log(LOG_WARNING, - "bad PAM password attempt for '%s'", - ses.authstate.printableuser); + "bad PAM password attempt for '%s' from %s", + ses.authstate.printableuser, + svr_ses.addrstring); send_msg_userauth_failure(0, 1); goto cleanup; } @@ -204,15 +205,17 @@ dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", rc, pam_strerror(pamHandlep, rc)); dropbear_log(LOG_WARNING, - "bad PAM password attempt for '%s'", - ses.authstate.printableuser); + "bad PAM password attempt for '%s' from %s", + ses.authstate.printableuser, + svr_ses.addrstring); send_msg_userauth_failure(0, 1); goto cleanup; } /* successful authentication */ - dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s'", - ses.authstate.printableuser); + dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s", + ses.authstate.printableuser, + svr_ses.addrstring); send_msg_userauth_success(); cleanup:
--- a/svr-authpasswd.c Wed Dec 22 15:37:50 2004 +0000 +++ b/svr-authpasswd.c Thu Dec 23 17:00:15 2004 +0000 @@ -88,13 +88,15 @@ if (strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, - "password auth succeeded for '%s'", - ses.authstate.printableuser); + "password auth succeeded for '%s' from %s", + ses.authstate.printableuser, + svr_ses.addrstring); send_msg_userauth_success(); } else { dropbear_log(LOG_WARNING, - "bad password attempt for '%s'", - ses.authstate.printableuser); + "bad password attempt for '%s' from %s", + ses.authstate.printableuser, + svr_ses.addrstring); send_msg_userauth_failure(0, 1); }
--- a/svr-authpubkey.c Wed Dec 22 15:37:50 2004 +0000 +++ b/svr-authpubkey.c Thu Dec 23 17:00:15 2004 +0000 @@ -104,13 +104,13 @@ if (buf_verify(ses.payload, key, buf_getptr(signbuf, signbuf->len), signbuf->len) == DROPBEAR_SUCCESS) { dropbear_log(LOG_NOTICE, - "pubkey auth succeeded for '%s' with key %s", - ses.authstate.printableuser, fp); + "pubkey auth succeeded for '%s' with key %s from %s", + ses.authstate.printableuser, fp, svr_ses.addrstring); send_msg_userauth_success(); } else { dropbear_log(LOG_WARNING, - "pubkey auth bad signature for '%s' with key %s", - ses.authstate.printableuser, fp); + "pubkey auth bad signature for '%s' with key %s from %s", + ses.authstate.printableuser, fp, svr_ses.addrstring); send_msg_userauth_failure(0, 1); } m_free(fp); @@ -165,8 +165,8 @@ /* check that we can use the algo */ if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { dropbear_log(LOG_WARNING, - "pubkey auth attempt with unknown algo for '%s'", - ses.authstate.printableuser); + "pubkey auth attempt with unknown algo for '%s' from %s", + ses.authstate.printableuser, svr_ses.addrstring); goto out; }
--- a/svr-main.c Wed Dec 22 15:37:50 2004 +0000 +++ b/svr-main.c Thu Dec 23 17:00:15 2004 +0000 @@ -94,7 +94,6 @@ /* In case our inetd was lax in logging source addresses */ addrstring = getaddrstring(&remoteaddr, 1); dropbear_log(LOG_INFO, "Child connection from %s", addrstring); - m_free(addrstring); /* Don't check the return value - it may just fail since inetd has * already done setsid() after forking (xinetd on Darwin appears to do @@ -104,7 +103,7 @@ /* Start service program * -1 is a dummy childpipe, just something we can close() without * mattering. */ - svr_session(0, -1, getaddrhostname(&remoteaddr)); + svr_session(0, -1, getaddrhostname(&remoteaddr), addrstring); /* notreached */ } @@ -264,7 +263,6 @@ addrstring = getaddrstring(&remoteaddr, 1); dropbear_log(LOG_INFO, "Child connection from %s", addrstring); - m_free(addrstring); if (setsid() < 0) { dropbear_exit("setsid: %s", strerror(errno)); @@ -283,7 +281,8 @@ /* start the session */ svr_session(childsock, childpipe[1], - getaddrhostname(&remoteaddr)); + getaddrhostname(&remoteaddr), + addrstring); /* don't return */ assert(0); }
--- a/svr-session.c Wed Dec 22 15:37:50 2004 +0000 +++ b/svr-session.c Thu Dec 23 17:00:15 2004 +0000 @@ -74,7 +74,8 @@ NULL /* Null termination is mandatory. */ }; -void svr_session(int sock, int childpipe, char* remotehost) { +void svr_session(int sock, int childpipe, + char* remotehost, char *addrstring) { struct timeval timeout; @@ -83,6 +84,7 @@ /* Initialise server specific parts of the session */ svr_ses.childpipe = childpipe; + svr_ses.addrstring = addrstring; svr_authinitialise(); chaninitialise(svr_chantypes); svr_chansessinitialise();