[Bug 974] Record Badlogins for all supported Authentication methods

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 20 17:17:08 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=974





------- Additional Comments From dtucker at zip.com.au  2005-01-20 17:17 -------
(From update of attachment 774)

>+  if ( getuid() != 0 ){
>+       debug("=== calling log_btmp uid %d ===\n", getuid());
>+       mm_log_btmp(authctxt->user,get_canonical_hostname(options.use_dns));
>+  } else {
>+       debug("=== calling log_btmp uid %d ===\n", getuid());
>+       og_btmp(authctxt->user,get_canonical_hostname(options.use_dns));
>+  }

This bit is unnecessary, the PRIVSEP macro is for this purpose, ie:

    debug("=== calling log_btmp uid %d ===\n", getuid());
    PRIVSEP(log_btmp(authctxt->user,get_canonical_hostname(options.use_dns)));

>+int mm_answer_log_btmp(int socket, Buffer *m){
[...]
>+        buffer_get(m, user ,1024);
>+        buffer_get(m, hostname ,1024);

Sending the username is unecessary as the monitor already knows it (ie
authctxt->user).  Hostname can be determined too (see mm_record_login).  As a
general rule, as little as possible should be sent from slave to monitor.

It's out of the scope of this bug but I'd prefer to see a generalized
audit_event like in bug #125 in both OpenBSD and Portable, which could be
easily extended to handle cases like this.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list