[Bug 974] Record Badlogins for all supported Authentication methods
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jan 21 23:26:10 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=974
------- Additional Comments From djm at mindrot.org 2005-01-21 23:26 -------
(From update of attachment 781)
>--- Orginal/openssh/auth.c 2004-08-12 18:10:25.000000000 +0530
>+++ Patched/openssh/auth.c 2005-01-20 15:13:08.281151112 +0530
>@@ -50,6 +50,7 @@
> #include "misc.h"
> #include "bufaux.h"
> #include "packet.h"
>+#include "monitor_wrap.h"
>
> /* import */
> extern ServerOptions options;
>@@ -230,6 +231,18 @@
> else
> authmsg = authenticated ? "Accepted" : "Failed";
>
>+ if(!authenticated && !authctxt->postponed && (!strcmp(method, "gssapi-with-mic") || !strcmp(method, "publickey") || !strcmp(method, "hostbased"))){
>+ debug("=== calling log_btmp uid %d ===\n", getuid());
>+ PRIVSEP(log_btmp(authctxt->user,get_canonical_hostname(options.use_dns)));
>+ }
>+
>+
>+ if(!authenticated && !authctxt->postponed && (!strcmp(method, "password") || !strcmp(method, " keyboard-interactive") || !strcmp(method,"challenge-response") || !strcmp(method,"keyboard-interactive/pam"))){
>+ if ( getuid() == 0) {
>+ debug("=== calling log_btmp uid %d ===\n", getuid());
These two blocks can be merged. The logging is inconsistent with other debug
calls. The long list of strcmp looks fragile, if we add more auth methods.
>+#define _PATH_BTMP "/var/adm/btmp"
Most of the paths are defined in header files.
>+void
>+log_btmp(const char *username, const char *hostname) {
here (and elsewhere), you aren't following
http://www.openbsd.org/cgi-bin/man.cgi?query=style
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list