- djm@cvs.openbsd.org 2014/07/03 11:16:55

[auth.c auth.h auth1.c auth2.c]
     make the "Too many authentication failures" message include the
     user, source address, port and protocol in a format similar to the
     authentication success / failure messages; bz#2199, ok dtucker

ChangeLog

@@ -58,6 +58,11 @@
    - jmc@cvs.openbsd.org 2014/07/03 07:45:27
      [ssh_config.5]
      escape %C since groff thinks it part of an Rs/Re block;
+   - djm@cvs.openbsd.org 2014/07/03 11:16:55
+     [auth.c auth.h auth1.c auth2.c]
+     make the "Too many authentication failures" message include the
+     user, source address, port and protocol in a format similar to the
+     authentication success / failure messages; bz#2199, ok dtucker
 
 20140702
  - OpenBSD CVS Sync

auth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.104 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: auth.c,v 1.105 2014/07/03 11:16:55 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -326,6 +326,20 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
 #endif
 }
 
+
+void
+auth_maxtries_exceeded(Authctxt *authctxt)
+{
+	packet_disconnect("Too many authentication failures for "
+	    "%s%.100s from %.200s port %d %s",
+	    authctxt->valid ? "" : "invalid user ",
+	    authctxt->user,
+	    get_remote_ipaddr(),
+	    get_remote_port(),
+	    compat20 ? "ssh2" : "ssh1");
+	/* NOTREACHED */
+}
+
 /*
  * Check whether root logins are disallowed.
  */

auth.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.77 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -154,6 +154,7 @@ void	auth_info(Authctxt *authctxt, const char *, ...)
 	    __attribute__((__format__ (printf, 2, 3)))
 	    __attribute__((__nonnull__ (2)));
 void	auth_log(Authctxt *, int, int, const char *, const char *);
+void	auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
 void	userauth_finish(Authctxt *, int, const char *, const char *);
 int	auth_root_allowed(const char *);
 
@@ -210,8 +211,6 @@ struct passwd *fakepw(void);
 
 int	 sys_auth_passwd(Authctxt *, const char *);
 
-#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
-
 #define SKEY_PROMPT "\nS/Key Password: "
 
 #if defined(KRB5) && !defined(HEIMDAL)

auth1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.81 2014/07/03 11:16:55 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -363,7 +363,7 @@ do_authloop(Authctxt *authctxt)
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
-			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+			auth_maxtries_exceeded(authctxt);
 		}
 
 		packet_start(SSH_SMSG_FAILURE);

auth2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.130 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.131 2014/07/03 11:16:55 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -362,7 +362,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
 #ifdef SSH_AUDIT_EVENTS
 			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
-			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+			auth_maxtries_exceeded(authctxt);
 		}
 		methods = authmethods_get(authctxt);
 		debug3("%s: failure partial=%d next methods=\"%s\"", __func__,