From 2a9bf4b3d3fd0dfef74eed568152b71348fbbda6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 18 Apr 2004 11:00:26 +1000 Subject: [PATCH] - (dtucker) [auth-pam.c] Log username and source host for failed PAM authentication attempts. With & ok djm@ --- ChangeLog | 6 +++++- auth-pam.c | 9 ++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6d2518614..f34b6b381 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040418 + - (dtucker) [auth-pam.c] Log username and source host for failed PAM + authentication attempts. With & ok djm@ + 20040416 - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since FAT/NTFS does not permit quotes in filenames. From vinschen at redhat.com @@ -975,4 +979,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3314 2004/04/17 03:03:07 tim Exp $ +$Id: ChangeLog,v 1.3315 2004/04/18 01:00:26 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 13ada737c..36dbb7e15 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -31,7 +31,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.99 2004/03/30 10:57:57 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.100 2004/04/18 01:00:26 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -58,6 +58,7 @@ RCSID("$Id: auth-pam.c,v 1.99 2004/03/30 10:57:57 dtucker Exp $"); extern ServerOptions options; extern Buffer loginmsg; extern int compat20; +extern u_int utmp_len; #ifdef USE_POSIX_THREADS #include @@ -453,7 +454,6 @@ sshpam_cleanup(void) static int sshpam_init(Authctxt *authctxt) { - extern u_int utmp_len; extern char *__progname; const char *pam_rhost, *pam_user, *user = authctxt->user; @@ -599,7 +599,10 @@ sshpam_query(void *ctx, char **name, char **info, xfree(msg); return (0); } - error("PAM: %s", msg); + error("PAM: %s for %s%.100s from %.100s", msg, + sshpam_authctxt->valid ? "" : "illegal user ", + sshpam_authctxt->user, + get_remote_name_or_ip(utmp_len, options.use_dns)); /* FALLTHROUGH */ default: *num = 0;