Comment on attachment 781 Optimized Patch Attached
>--- Orginal/openssh/auth.c 2004-08-12 18:10:25.000000000 +0530 >+++ Patched/openssh/auth.c 2005-01-20 15:13:08.281151112 +0530 >@@ -50,6 +50,7 @@ > #include "misc.h" > #include "bufaux.h" > #include "packet.h" >+#include "monitor_wrap.h" > > /* import */ > extern ServerOptions options; >@@ -230,6 +231,18 @@ > else > authmsg = authenticated ? "Accepted" : "Failed"; > >+ if(!authenticated && !authctxt->postponed && (!strcmp(method, "gssapi-with-mic") || !strcmp(method, "publickey") || !strcmp(method, "hostbased"))){ >+ debug("=== calling log_btmp uid %d ===\n", getuid()); >+ PRIVSEP(log_btmp(authctxt->user,get_canonical_hostname(options.use_dns))); >+ } >+ >+ >+ if(!authenticated && !authctxt->postponed && (!strcmp(method, "password") || !strcmp(method, " keyboard-interactive") || !strcmp(method,"challenge-response") || !strcmp(method,"keyboard-interactive/pam"))){ >+ if ( getuid() == 0) { >+ debug("=== calling log_btmp uid %d ===\n", getuid());
These two blocks can be merged. The logging is inconsistent with other debug calls. The long list of strcmp looks fragile, if we add more auth methods.
>+#define _PATH_BTMP "/var/adm/btmp"
Most of the paths are defined in header files.
>+void >+log_btmp(const char *username, const char *hostname) {
here (and elsewhere), you aren't following http://www.openbsd.org/cgi-bin/man.cgi?query=style
Comment on attachment 781
Optimized Patch Attached
>--- Orginal/ openssh/ auth.c 2004-08-12 18:10:25.000000000 +0530 openssh/ auth.c 2005-01-20 15:13:08.281151112 +0530 >postponed && (!strcmp(method, "gssapi-with-mic") || !strcmp(method, "publickey") || !strcmp(method, "hostbased"))){ log_btmp( authctxt- >user,get_ canonical_ hostname( options. use_dns) )); >postponed && (!strcmp(method, "password") || !strcmp(method, " keyboard- interactive" ) || !strcmp( method, "challenge- response" ) || !strcmp( method, "keyboard- interactive/ pam"))) {
>+++ Patched/
>@@ -50,6 +50,7 @@
> #include "misc.h"
> #include "bufaux.h"
> #include "packet.h"
>+#include "monitor_wrap.h"
>
> /* import */
> extern ServerOptions options;
>@@ -230,6 +231,18 @@
> else
> authmsg = authenticated ? "Accepted" : "Failed";
>
>+ if(!authenticated && !authctxt-
>+ debug("=== calling log_btmp uid %d ===\n", getuid());
>+ PRIVSEP(
>+ }
>+
>+
>+ if(!authenticated && !authctxt-
>+ if ( getuid() == 0) {
>+ debug("=== calling log_btmp uid %d ===\n", getuid());
These two blocks can be merged. The logging is inconsistent with other debug
calls. The long list of strcmp looks fragile, if we add more auth methods.
>+#define _PATH_BTMP "/var/adm/btmp"
Most of the paths are defined in header files.
>+void
>+log_btmp(const char *username, const char *hostname) {
here (and elsewhere), you aren't following www.openbsd. org/cgi- bin/man. cgi?query= style
http://