From 1ae4237920c3bd7f2fa6958d2a390f6693852285 Mon Sep 17 00:00:00 2001 From: François Perrad Date: Wed, 28 Feb 2018 15:10:14 +0100 Subject: fix #endif (#59) --- svr-auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'svr-auth.c') diff --git a/svr-auth.c b/svr-auth.c index 64d97aa..c19c090 100644 --- a/svr-auth.c +++ b/svr-auth.c @@ -312,7 +312,7 @@ static int checkusername(const char *username, unsigned int userlen) { return DROPBEAR_FAILURE; } } -#endif HAVE_GETGROUPLIST +#endif /* HAVE_GETGROUPLIST */ TRACE(("shell is %s", ses.authstate.pw_shell)) -- cgit v1.2.3 From 52adbb34c32d3e2e1bcdb941e20a6f81138b8248 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 23 Aug 2018 23:43:12 +0800 Subject: Wait to fail invalid usernames --- auth.h | 6 +++--- svr-auth.c | 19 +++++-------------- svr-authpam.c | 26 ++++++++++++++++++++++---- svr-authpasswd.c | 27 ++++++++++++++------------- svr-authpubkey.c | 11 ++++++++++- 5 files changed, 54 insertions(+), 35 deletions(-) (limited to 'svr-auth.c') diff --git a/auth.h b/auth.h index da498f5..98f5468 100644 --- a/auth.h +++ b/auth.h @@ -37,9 +37,9 @@ void recv_msg_userauth_request(void); void send_msg_userauth_failure(int partial, int incrfail); void send_msg_userauth_success(void); void send_msg_userauth_banner(const buffer *msg); -void svr_auth_password(void); -void svr_auth_pubkey(void); -void svr_auth_pam(void); +void svr_auth_password(int valid_user); +void svr_auth_pubkey(int valid_user); +void svr_auth_pam(int valid_user); #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT int svr_pubkey_allows_agentfwd(void); diff --git a/svr-auth.c b/svr-auth.c index c19c090..edde86b 100644 --- a/svr-auth.c +++ b/svr-auth.c @@ -149,10 +149,8 @@ void recv_msg_userauth_request() { if (methodlen == AUTH_METHOD_PASSWORD_LEN && strncmp(methodname, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN) == 0) { - if (valid_user) { - svr_auth_password(); - goto out; - } + svr_auth_password(valid_user); + goto out; } } #endif @@ -164,10 +162,8 @@ void recv_msg_userauth_request() { if (methodlen == AUTH_METHOD_PASSWORD_LEN && strncmp(methodname, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN) == 0) { - if (valid_user) { - svr_auth_pam(); - goto out; - } + svr_auth_pam(valid_user); + goto out; } } #endif @@ -177,12 +173,7 @@ void recv_msg_userauth_request() { if (methodlen == AUTH_METHOD_PUBKEY_LEN && strncmp(methodname, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN) == 0) { - if (valid_user) { - svr_auth_pubkey(); - } else { - /* pubkey has no failure delay */ - send_msg_userauth_failure(0, 0); - } + svr_auth_pubkey(valid_user); goto out; } #endif diff --git a/svr-authpam.c b/svr-authpam.c index 05e4f3e..d201bc9 100644 --- a/svr-authpam.c +++ b/svr-authpam.c @@ -178,13 +178,14 @@ pamConvFunc(int num_msg, * Keyboard interactive would be a lot nicer, but since PAM is synchronous, it * gets very messy trying to send the interactive challenges, and read the * interactive responses, over the network. */ -void svr_auth_pam() { +void svr_auth_pam(int valid_user) { struct UserDataS userData = {NULL, NULL}; struct pam_conv pamConv = { pamConvFunc, &userData /* submitted to pamvConvFunc as appdata_ptr */ }; + const char* printable_user = NULL; pam_handle_t* pamHandlep = NULL; @@ -204,12 +205,23 @@ void svr_auth_pam() { password = buf_getstring(ses.payload, &passwordlen); + /* We run the PAM conversation regardless of whether the username is valid + in case the conversation function has an inherent delay. + Use ses.authstate.username rather than ses.authstate.pw_name. + After PAM succeeds we then check the valid_user flag too */ + /* used to pass data to the PAM conversation function - don't bother with * strdup() etc since these are touched only by our own conversation * function (above) which takes care of it */ - userData.user = ses.authstate.pw_name; + userData.user = ses.authstate.username; userData.passwd = password; + if (ses.authstate.pw_name) { + printable_user = ses.authstate.pw_name; + } else { + printable_user = ""; + } + /* Init pam */ if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", @@ -242,7 +254,7 @@ void svr_auth_pam() { rc, pam_strerror(pamHandlep, rc)); dropbear_log(LOG_WARNING, "Bad PAM password attempt for '%s' from %s", - ses.authstate.pw_name, + printable_user, svr_ses.addrstring); send_msg_userauth_failure(0, 1); goto cleanup; @@ -253,12 +265,18 @@ void svr_auth_pam() { rc, pam_strerror(pamHandlep, rc)); dropbear_log(LOG_WARNING, "Bad PAM password attempt for '%s' from %s", - ses.authstate.pw_name, + printable_user, svr_ses.addrstring); send_msg_userauth_failure(0, 1); goto cleanup; } + if (!valid_user) { + /* PAM auth succeeded but the username isn't allowed in for another reason + (checkusername() failed) */ + send_msg_userauth_failure(0, 1); + } + /* successful authentication */ dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s", ses.authstate.pw_name, diff --git a/svr-authpasswd.c b/svr-authpasswd.c index bdee2aa..69c7d8a 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -48,22 +48,14 @@ static int constant_time_strcmp(const char* a, const char* b) { /* Process a password auth request, sending success or failure messages as * appropriate */ -void svr_auth_password() { +void svr_auth_password(int valid_user) { char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ - char * password; + char * password = NULL; unsigned int passwordlen; - unsigned int changepw; - passwdcrypt = ses.authstate.pw_passwd; - -#ifdef DEBUG_HACKCRYPT - /* debugging crypt for non-root testing with shadows */ - passwdcrypt = DEBUG_HACKCRYPT; -#endif - /* check if client wants to change password */ changepw = buf_getbool(ses.payload); if (changepw) { @@ -73,12 +65,21 @@ void svr_auth_password() { } password = buf_getstring(ses.payload, &passwordlen); - - /* the first bytes of passwdcrypt are the salt */ - testcrypt = crypt(password, passwdcrypt); + if (valid_user) { + /* the first bytes of passwdcrypt are the salt */ + passwdcrypt = ses.authstate.pw_passwd; + testcrypt = crypt(password, passwdcrypt); + } m_burn(password, passwordlen); m_free(password); + /* After we have got the payload contents we can exit if the username + is invalid. Invalid users have already been logged. */ + if (!valid_user) { + send_msg_userauth_failure(0, 1); + return; + } + if (testcrypt == NULL) { /* crypt() with an invalid salt like "!!" */ dropbear_log(LOG_WARNING, "User account '%s' is locked", diff --git a/svr-authpubkey.c b/svr-authpubkey.c index aa6087c..ff481c8 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -79,7 +79,7 @@ static int checkfileperm(char * filename); /* process a pubkey auth request, sending success or failure message as * appropriate */ -void svr_auth_pubkey() { +void svr_auth_pubkey(int valid_user) { unsigned char testkey; /* whether we're just checking if a key is usable */ char* algo = NULL; /* pubkey algo */ @@ -102,6 +102,15 @@ void svr_auth_pubkey() { keybloblen = buf_getint(ses.payload); keyblob = buf_getptr(ses.payload, keybloblen); + if (!valid_user) { + /* Return failure once we have read the contents of the packet + required to validate a public key. + Avoids blind user enumeration though it isn't possible to prevent + testing for user existence if the public key is known */ + send_msg_userauth_failure(0, 0); + goto out; + } + /* check if the key is valid */ if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) { send_msg_userauth_failure(0, 0); -- cgit v1.2.3 From 02ffdd09dc1941f7a924cde8db288fcd64987f59 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 5 Nov 2018 23:36:34 +0800 Subject: - Add adaptive authentication failure delay - Rework monotonic_now/gettime_wrapper and use clock_gettime on more platforms --- auth.h | 3 +++ configure.ac | 6 +++++ dbutil.c | 82 +++++++++++++++++++++++++++++------------------------------- dbutil.h | 2 ++ includes.h | 5 ++++ svr-auth.c | 45 +++++++++++++++++++++++++++++---- 6 files changed, 95 insertions(+), 48 deletions(-) (limited to 'svr-auth.c') diff --git a/auth.h b/auth.h index 98f5468..7126a4a 100644 --- a/auth.h +++ b/auth.h @@ -108,11 +108,14 @@ struct AuthState { unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for client and server (though has differing meanings). */ + unsigned int perm_warn; /* Server only, set if bad permissions on ~/.ssh/authorized_keys have already been logged. */ unsigned int checkusername_failed; /* Server only, set if checkusername has already failed */ + struct timespec auth_starttime; /* Server only, time of receiving current + SSH_MSG_USERAUTH_REQUEST */ /* These are only used for the server */ uid_t pw_uid; diff --git a/configure.ac b/configure.ac index c0bb8a3..7130152 100644 --- a/configure.ac +++ b/configure.ac @@ -497,6 +497,12 @@ AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) AC_CHECK_FUNCS(logout updwtmp logwtmp) +# POSIX monotonic time +OLDCFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=199309L" +AC_CHECK_FUNCS(clock_gettime) +CFLAGS="$OLDCFLAGS" + # OS X monotonic time AC_CHECK_HEADERS([mach/mach_time.h]) AC_CHECK_FUNCS(mach_absolute_time) diff --git a/dbutil.c b/dbutil.c index 9f61a2b..32920f7 100644 --- a/dbutil.c +++ b/dbutil.c @@ -605,71 +605,67 @@ int constant_time_memcmp(const void* a, const void *b, size_t n) return c; } -#if defined(__linux__) && defined(SYS_clock_gettime) -/* CLOCK_MONOTONIC_COARSE was added in Linux 2.6.32 but took a while to -reach userspace include headers */ -#ifndef CLOCK_MONOTONIC_COARSE -#define CLOCK_MONOTONIC_COARSE 6 -#endif -/* Some old toolchains know SYS_clock_gettime but not CLOCK_MONOTONIC */ -#ifndef CLOCK_MONOTONIC -#define CLOCK_MONOTONIC 1 -#endif -static clockid_t get_linux_clock_source() { - struct timespec ts; - if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC_COARSE, &ts) == 0) { - return CLOCK_MONOTONIC_COARSE; - } - - if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC, &ts) == 0) { - return CLOCK_MONOTONIC; - } - return -1; -} -#endif - -time_t monotonic_now() { +/* higher-resolution monotonic timestamp, falls back to gettimeofday */ +void gettime_wrapper(struct timespec *now) { + struct timeval tv; #if DROPBEAR_FUZZ if (fuzz.fuzzing) { /* time stands still when fuzzing */ - return 5; + now->tv_sec = 5; + now->tv_nsec = 0; } #endif -#if defined(__linux__) && defined(SYS_clock_gettime) - { - static clockid_t clock_source = -2; - if (clock_source == -2) { - /* First run, find out which one works. - -1 will fall back to time() */ - clock_source = get_linux_clock_source(); +#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) + /* POSIX monotonic clock. Newer Linux, BSD, MacOSX >10.12 */ + if (clock_gettime(CLOCK_MONOTONIC, now) == 0) { + return; } +#endif - if (clock_source >= 0) { - struct timespec ts; - if (syscall(SYS_clock_gettime, clock_source, &ts) != 0) { - /* Intermittent clock failures should not happen */ - dropbear_exit("Clock broke"); +#if defined(__linux__) && defined(SYS_clock_gettime) + { + /* Old linux toolchain - kernel might support it but not the build headers */ + /* Also glibc <2.17 requires -lrt which we neglect to add */ + static int linux_monotonic_failed = 0; + if (!linux_monotonic_failed) { + /* CLOCK_MONOTONIC isn't in some headers */ + int clock_source_monotonic = 1; + if (syscall(SYS_clock_gettime, clock_source_monotonic, now) == 0) { + return; + } else { + /* Don't try again */ + linux_monotonic_failed = 1; } - return ts.tv_sec; } } -#endif /* linux clock_gettime */ +#endif /* linux fallback clock_gettime */ #if defined(HAVE_MACH_ABSOLUTE_TIME) { - /* OS X, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */ + /* OS X pre 10.12, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */ static mach_timebase_info_data_t timebase_info; + uint64_t scaled_time; if (timebase_info.denom == 0) { mach_timebase_info(&timebase_info); } - return mach_absolute_time() * timebase_info.numer / timebase_info.denom - / 1e9; + scaled_time = mach_absolute_time() * timebase_info.numer / timebase_info.denom; + now->tv_sec = scaled_time / 1000000000; + now->tv_nsec = scaled_time % 1000000000; } #endif /* osx mach_absolute_time */ /* Fallback for everything else - this will sometimes go backwards */ - return time(NULL); + gettimeofday(&tv, NULL); + now->tv_sec = tv.tv_sec; + now->tv_nsec = 1000*tv.tv_usec; +} + +/* second-resolution monotonic timestamp */ +time_t monotonic_now() { + struct timespec ts; + gettime_wrapper(&ts); + return ts.tv_sec; } void fsync_parent_dir(const char* fn) { diff --git a/dbutil.h b/dbutil.h index 7cb9d68..2a1c82c 100644 --- a/dbutil.h +++ b/dbutil.h @@ -83,6 +83,8 @@ int constant_time_memcmp(const void* a, const void *b, size_t n); /* Returns a time in seconds that doesn't go backwards - does not correspond to a real-world clock */ time_t monotonic_now(void); +/* Higher resolution clock_gettime(CLOCK_MONOTONIC) wrapper */ +void gettime_wrapper(struct timespec *now); char * expand_homedir_path(const char *inpath); diff --git a/includes.h b/includes.h index 246882b..0f12620 100644 --- a/includes.h +++ b/includes.h @@ -29,6 +29,11 @@ #include "options.h" #include "debug.h" +#if __linux__ +/* For clock_gettime */ +#define _POSIX_C_SOURCE 199309L +#endif + #include #include #include /* required for BSD4_4 define */ diff --git a/svr-auth.c b/svr-auth.c index 10e51b3..f952b0b 100644 --- a/svr-auth.c +++ b/svr-auth.c @@ -79,6 +79,9 @@ void recv_msg_userauth_request() { TRACE(("enter recv_msg_userauth_request")) + /* for compensating failure delay */ + gettime_wrapper(&ses.authstate.auth_starttime); + /* ignore packets if auth is already done */ if (ses.authstate.authdone == 1) { TRACE(("leave recv_msg_userauth_request: authdone already")) @@ -382,16 +385,48 @@ void send_msg_userauth_failure(int partial, int incrfail) { encrypt_packet(); if (incrfail) { - unsigned int delay; - genrandom((unsigned char*)&delay, sizeof(delay)); - /* We delay for 300ms +- 50ms */ - delay = 250000 + (delay % 100000); + /* The SSH_MSG_AUTH_FAILURE response is delayed to attempt to + avoid user enumeration and slow brute force attempts. + The delay is adjusted by the time already spent in processing + authentication (ses.authstate.auth_starttime timestamp). */ + + /* Desired total delay 300ms +-50ms (in nanoseconds). + Beware of integer overflow if increasing these values */ + const unsigned int mindelay = 250000000; + const unsigned int vardelay = 100000000; + unsigned int rand_delay; + struct timespec delay; + + gettime_wrapper(&delay); + delay.tv_sec -= ses.authstate.auth_starttime.tv_sec; + delay.tv_nsec -= ses.authstate.auth_starttime.tv_nsec; + + /* carry */ + if (delay.tv_nsec < 0) { + delay.tv_nsec += 1000000000; + delay.tv_sec -= 1; + } + + genrandom((unsigned char*)&rand_delay, sizeof(rand_delay)); + rand_delay = mindelay + (rand_delay % vardelay); + + if (delay.tv_sec == 0 && delay.tv_nsec <= mindelay) { + /* Compensate for elapsed time */ + delay.tv_nsec = rand_delay - delay.tv_nsec; + } else { + /* No time left or time went backwards, just delay anyway */ + delay.tv_sec = 0; + delay.tv_nsec = rand_delay; + } + + #if DROPBEAR_FUZZ if (!fuzz.fuzzing) #endif { - usleep(delay); + while (nanosleep(&delay, &delay) == -1 && errno == EINTR) { /* Go back to sleep */ } } + ses.authstate.failcount++; } -- cgit v1.2.3 From 0af22aa8e43722082947bb48fa9ec2990f702c49 Mon Sep 17 00:00:00 2001 From: Patrick Stewart Date: Wed, 20 Mar 2019 14:44:49 +0000 Subject: Support servers without multiple user support (#76) --- default_options.h | 3 +++ svr-agentfwd.c | 8 ++++++++ svr-auth.c | 2 +- svr-authpubkey.c | 4 ++++ svr-chansession.c | 2 ++ 5 files changed, 18 insertions(+), 1 deletion(-) (limited to 'svr-auth.c') diff --git a/default_options.h b/default_options.h index 86fb25a..7365d2c 100644 --- a/default_options.h +++ b/default_options.h @@ -196,6 +196,9 @@ group1 in Dropbear server too */ * authorized_keys file into account */ #define DROPBEAR_SVR_PUBKEY_OPTIONS 1 +/* Disable if your kernel does not have multiple user support */ +#define DROPBEAR_SVR_MULTIUSER 1 + /* Client authentication options */ #define DROPBEAR_CLI_PASSWORD_AUTH 1 #define DROPBEAR_CLI_PUBKEY_AUTH 1 diff --git a/svr-agentfwd.c b/svr-agentfwd.c index cff80f7..ac9475f 100644 --- a/svr-agentfwd.c +++ b/svr-agentfwd.c @@ -151,6 +151,7 @@ void svr_agentcleanup(struct ChanSess * chansess) { if (chansess->agentfile != NULL && chansess->agentdir != NULL) { +#if DROPBEAR_SVR_MULTIUSER /* Remove the dir as the user. That way they can't cause problems except * for themselves */ uid = getuid(); @@ -159,6 +160,7 @@ void svr_agentcleanup(struct ChanSess * chansess) { (seteuid(ses.authstate.pw_uid)) < 0) { dropbear_exit("Failed to set euid"); } +#endif /* 2 for "/" and "\0" */ len = strlen(chansess->agentdir) + strlen(chansess->agentfile) + 2; @@ -170,10 +172,12 @@ void svr_agentcleanup(struct ChanSess * chansess) { rmdir(chansess->agentdir); +#if DROPBEAR_SVR_MULTIUSER if ((seteuid(uid)) < 0 || (setegid(gid)) < 0) { dropbear_exit("Failed to revert euid"); } +#endif m_free(chansess->agentfile); m_free(chansess->agentdir); @@ -216,6 +220,7 @@ static int bindagent(int fd, struct ChanSess * chansess) { gid_t gid; int ret = DROPBEAR_FAILURE; +#if DROPBEAR_SVR_MULTIUSER /* drop to user privs to make the dir/file */ uid = getuid(); gid = getgid(); @@ -223,6 +228,7 @@ static int bindagent(int fd, struct ChanSess * chansess) { (seteuid(ses.authstate.pw_uid)) < 0) { dropbear_exit("Failed to set euid"); } +#endif memset((void*)&addr, 0x0, sizeof(addr)); addr.sun_family = AF_UNIX; @@ -262,10 +268,12 @@ bindsocket: out: +#if DROPBEAR_SVR_MULTIUSER if ((seteuid(uid)) < 0 || (setegid(gid)) < 0) { dropbear_exit("Failed to revert euid"); } +#endif return ret; } diff --git a/svr-auth.c b/svr-auth.c index f952b0b..7575f90 100644 --- a/svr-auth.c +++ b/svr-auth.c @@ -276,7 +276,7 @@ static int checkusername(const char *username, unsigned int userlen) { /* check if we are running as non-root, and login user is different from the server */ uid = geteuid(); - if (uid != 0 && uid != ses.authstate.pw_uid) { + if (!(DROPBEAR_SVR_MULTIUSER && uid == 0) && uid != ses.authstate.pw_uid) { TRACE(("running as nonroot, only server uid is allowed")) dropbear_log(LOG_WARNING, "Login attempt with wrong user %s from %s", diff --git a/svr-authpubkey.c b/svr-authpubkey.c index dafa99a..4f27986 100644 --- a/svr-authpubkey.c +++ b/svr-authpubkey.c @@ -347,6 +347,7 @@ static int checkpubkey(const char* algo, unsigned int algolen, snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ses.authstate.pw_dir); +#if DROPBEAR_SVR_MULTIUSER /* open the file as the authenticating user. */ origuid = getuid(); origgid = getgid(); @@ -354,13 +355,16 @@ static int checkpubkey(const char* algo, unsigned int algolen, (seteuid(ses.authstate.pw_uid)) < 0) { dropbear_exit("Failed to set euid"); } +#endif authfile = fopen(filename, "r"); +#if DROPBEAR_SVR_MULTIUSER if ((seteuid(origuid)) < 0 || (setegid(origgid)) < 0) { dropbear_exit("Failed to revert euid"); } +#endif if (authfile == NULL) { goto out; diff --git a/svr-chansession.c b/svr-chansession.c index 038a0f2..5a5a8c8 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -949,6 +949,7 @@ static void execchild(const void *user_data) { #endif /* HAVE_CLEARENV */ #endif /* DEBUG_VALGRIND */ +#if DROPBEAR_SVR_MULTIUSER /* We can only change uid/gid as root ... */ if (getuid() == 0) { @@ -972,6 +973,7 @@ static void execchild(const void *user_data) { dropbear_exit("Couldn't change user as non-root"); } } +#endif /* set env vars */ addnewvar("USER", ses.authstate.pw_name); -- cgit v1.2.3 From fa4c4646d860eff52635e19f8c720cdcf6379fdf Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant <6500011+ldir-EDB0@users.noreply.github.com> Date: Wed, 18 Mar 2020 15:28:56 +0000 Subject: Improve address logging on early exit messages (#83) Change 'Early exit' and 'Exit before auth' messages to include the IP address & port as part of the message. This allows log scanning utilities such as 'fail2ban' to obtain the offending IP address as part of the failure event instead of extracting the PID from the message and then scanning the log again for match 'child connection from' messages Signed-off-by: Kevin Darbyshire-Bryant --- svr-auth.c | 18 +++++++----------- svr-session.c | 8 ++++---- 2 files changed, 11 insertions(+), 15 deletions(-) (limited to 'svr-auth.c') diff --git a/svr-auth.c b/svr-auth.c index 7575f90..443de20 100644 --- a/svr-auth.c +++ b/svr-auth.c @@ -241,8 +241,7 @@ static int checkusername(const char *username, unsigned int userlen) { } if (strlen(username) != userlen) { - dropbear_exit("Attempted username with a null byte from %s", - svr_ses.addrstring); + dropbear_exit("Attempted username with a null byte"); } if (ses.authstate.username == NULL) { @@ -252,8 +251,7 @@ static int checkusername(const char *username, unsigned int userlen) { } else { /* check username hasn't changed */ if (strcmp(username, ses.authstate.username) != 0) { - dropbear_exit("Client trying multiple usernames from %s", - svr_ses.addrstring); + dropbear_exit("Client trying multiple usernames"); } } @@ -268,8 +266,7 @@ static int checkusername(const char *username, unsigned int userlen) { if (!ses.authstate.pw_name) { TRACE(("leave checkusername: user '%s' doesn't exist", username)) dropbear_log(LOG_WARNING, - "Login attempt for nonexistent user from %s", - svr_ses.addrstring); + "Login attempt for nonexistent user"); ses.authstate.checkusername_failed = 1; return DROPBEAR_FAILURE; } @@ -279,9 +276,8 @@ static int checkusername(const char *username, unsigned int userlen) { if (!(DROPBEAR_SVR_MULTIUSER && uid == 0) && uid != ses.authstate.pw_uid) { TRACE(("running as nonroot, only server uid is allowed")) dropbear_log(LOG_WARNING, - "Login attempt with wrong user %s from %s", - ses.authstate.pw_name, - svr_ses.addrstring); + "Login attempt with wrong user %s", + ses.authstate.pw_name); ses.authstate.checkusername_failed = 1; return DROPBEAR_FAILURE; } @@ -440,8 +436,8 @@ void send_msg_userauth_failure(int partial, int incrfail) { } else { userstr = ses.authstate.pw_name; } - dropbear_exit("Max auth tries reached - user '%s' from %s", - userstr, svr_ses.addrstring); + dropbear_exit("Max auth tries reached - user '%s'", + userstr); } TRACE(("leave send_msg_userauth_failure")) diff --git a/svr-session.c b/svr-session.c index 47f36b5..163d14f 100644 --- a/svr-session.c +++ b/svr-session.c @@ -222,7 +222,7 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { /* Add the prefix depending on session/auth state */ if (!ses.init_done) { /* before session init */ - snprintf(fullmsg, sizeof(fullmsg), "Early exit: %s", exitmsg); + snprintf(fullmsg, sizeof(fullmsg), "Early exit from <%s> %s", svr_ses.addrstring, exitmsg); } else if (ses.authstate.authdone) { /* user has authenticated */ snprintf(fullmsg, sizeof(fullmsg), @@ -231,11 +231,11 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { } else if (ses.authstate.pw_name) { /* we have a potential user */ snprintf(fullmsg, sizeof(fullmsg), - "Exit before auth (user '%s', %u fails): %s", - ses.authstate.pw_name, ses.authstate.failcount, exitmsg); + "Exit before auth from <%s> (user '%s', %u fails): %s", + svr_ses.addrstring, ses.authstate.pw_name, ses.authstate.failcount, exitmsg); } else { /* before userauth */ - snprintf(fullmsg, sizeof(fullmsg), "Exit before auth: %s", exitmsg); + snprintf(fullmsg, sizeof(fullmsg), "Exit before auth from <%s> %s", svr_ses.addrstring, exitmsg); } dropbear_log(LOG_INFO, "%s", fullmsg); -- cgit v1.2.3