[PATCH re-send]: Clean up logging of failed logins
Darren Tucker
dtucker at zip.com.au
Mon Apr 28 22:48:07 EST 2003
Ben Lindstrom wrote:
> Just rename cray_login_failure() and loginfailed() to
> record_failed_login(), and change the #ifdef WITH_AIXAUTHENTICATE to
> #ifdef CUSTOM_LOGIN_FAILURE.
Is the attached patch better? Tested on AIX 4.3.3.
I didn't rename cray_login_failure as it's also used slightly differently
by cray_access_denied(), instead I just added an interface function.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: auth.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v
retrieving revision 1.69
diff -u -r1.69 auth.c
--- auth.c 9 Apr 2003 11:12:00 -0000 1.69
+++ auth.c 28 Apr 2003 12:10:51 -0000
@@ -268,13 +268,10 @@
get_remote_port(),
info);
-#ifdef WITH_AIXAUTHENTICATE
+#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && strcmp(method, "password") == 0)
- loginfailed(authctxt->user,
- get_canonical_hostname(options.verify_reverse_mapping),
- "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
-
+ record_failed_login(authctxt->user, "ssh");
+#endif
}
/*
@@ -496,10 +493,8 @@
if (pw == NULL) {
logit("Illegal user %.100s from %.100s",
user, get_remote_ipaddr());
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(user,
- get_canonical_hostname(options.verify_reverse_mapping),
- "ssh");
+#ifdef CUSTOM_FAILED_LOGIN
+ record_failed_login(user, "ssh");
#endif
return (NULL);
}
Index: auth1.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v
retrieving revision 1.81
diff -u -r1.81 auth1.c
--- auth1.c 27 Apr 2003 18:41:30 -0000 1.81
+++ auth1.c 28 Apr 2003 11:45:11 -0000
@@ -311,8 +311,6 @@
authctxt->user);
#ifdef _UNICOS
- if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
- cray_login_failure(authctxt->user, IA_UDBERR);
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
Index: auth2.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2.c,v
retrieving revision 1.114
diff -u -r1.114 auth2.c
--- auth2.c 27 Apr 2003 18:44:32 -0000 1.114
+++ auth2.c 28 Apr 2003 11:46:10 -0000
@@ -240,10 +240,6 @@
} else {
if (authctxt->failures++ > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
-#ifdef _UNICOS
- if (strcmp(method, "password") == 0)
- cray_login_failure(authctxt->user, IA_UDBERR);
-#endif /* _UNICOS */
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
Index: openbsd-compat/bsd-cray.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/bsd-cray.c,v
retrieving revision 1.8
diff -u -r1.8 bsd-cray.c
--- openbsd-compat/bsd-cray.c 26 Sep 2002 00:38:51 -0000 1.8
+++ openbsd-compat/bsd-cray.c 28 Apr 2003 11:11:42 -0000
@@ -143,6 +143,14 @@
return (errcode);
}
+/*
+ * record_failed_login: generic "login failed" interface function
+ */
+record_failed_login(const char *user, const char *ttyname)
+{
+ cray_login_failure((char *)user, IA_UDBERR);
+}
+
int
cray_setup (uid_t uid, char *username, const char *command)
{
Index: openbsd-compat/bsd-cray.h
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/bsd-cray.h,v
retrieving revision 1.7
diff -u -r1.7 bsd-cray.h
--- openbsd-compat/bsd-cray.h 21 Mar 2003 01:05:38 -0000 1.7
+++ openbsd-compat/bsd-cray.h 28 Apr 2003 12:42:09 -0000
@@ -42,6 +42,8 @@
void cray_job_termination_handler(int); /* process end of job signal */
void cray_login_failure(char *username, int errcode);
int cray_access_denied(char *username);
+#define CUSTOM_FAILED_LOGIN 1
+void record_failed_login(const char *user, const char *ttyname);
extern char cray_tmpdir[]; /* cray tmpdir */
#ifndef IA_SSHD
#define IA_SSHD IA_LOGIN
Index: openbsd-compat/port-aix.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v
retrieving revision 1.6
diff -u -r1.6 port-aix.c
--- openbsd-compat/port-aix.c 7 Jul 2002 02:17:36 -0000 1.6
+++ openbsd-compat/port-aix.c 28 Apr 2003 12:26:22 -0000
@@ -24,12 +24,17 @@
*
*/
#include "includes.h"
+#include "ssh.h"
+#include "log.h"
+#include "servconf.h"
#ifdef _AIX
#include <uinfo.h>
#include <../xmalloc.h>
+extern ServerOptions options;
+
/*
* AIX has a "usrinfo" area where logname and other stuff is stored -
* a few applications actually use this and die if it's not set
@@ -52,5 +57,16 @@
xfree(cp);
}
+# ifdef CUSTOM_FAILED_LOGIN
+/*
+ * record_failed_login: generic "login failed" interface function
+ */
+void
+record_failed_login(const char *user, const char *ttyname)
+{
+ loginfailed(user,
+ get_canonical_hostname(options.verify_reverse_mapping), ttyname);
+}
+# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */
Index: openbsd-compat/port-aix.h
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v
retrieving revision 1.7
diff -u -r1.7 port-aix.h
--- openbsd-compat/port-aix.h 1 Feb 2003 04:43:35 -0000 1.7
+++ openbsd-compat/port-aix.h 28 Apr 2003 12:43:45 -0000
@@ -36,5 +36,10 @@
# include <sys/timers.h>
#endif
+#ifdef WITH_AIXAUTHENTICATE
+# define CUSTOM_FAILED_LOGIN 1
+void record_failed_login(const char *user, const char *ttyname);
+#endif
+
void aix_usrinfo(struct passwd *pw);
#endif /* _AIX */
More information about the openssh-unix-dev
mailing list