aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/dropbear/patches/010-backport-change-address-logging.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/services/dropbear/patches/010-backport-change-address-logging.patch')
-rw-r--r--package/network/services/dropbear/patches/010-backport-change-address-logging.patch119
1 files changed, 0 insertions, 119 deletions
diff --git a/package/network/services/dropbear/patches/010-backport-change-address-logging.patch b/package/network/services/dropbear/patches/010-backport-change-address-logging.patch
deleted file mode 100644
index 2b99f81ad5..0000000000
--- a/package/network/services/dropbear/patches/010-backport-change-address-logging.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From c153b3612b7c9f24a0f5af43618a646545ed6e22 Mon Sep 17 00:00:00 2001
-From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
-Date: Mon, 30 Sep 2019 12:42:13 +0100
-Subject: [PATCH] Improve address logging on early exit messages
-
-Change 'Early exit' and 'Exit before auth' messages to include the IP
-address & port as part of the message.
-
-This allows log scanning utilities such as 'fail2ban' to obtain the
-offending IP address as part of the failure event instead of extracting
-the PID from the message and then scanning the log again for match
-'child connection from' messages
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- svr-auth.c | 18 +++++++-----------
- svr-session.c | 20 ++++++++++++++------
- 2 files changed, 21 insertions(+), 17 deletions(-)
-
---- a/svr-auth.c
-+++ b/svr-auth.c
-@@ -241,8 +241,7 @@ static int checkusername(const char *use
- }
-
- if (strlen(username) != userlen) {
-- dropbear_exit("Attempted username with a null byte from %s",
-- svr_ses.addrstring);
-+ dropbear_exit("Attempted username with a null byte");
- }
-
- if (ses.authstate.username == NULL) {
-@@ -252,8 +251,7 @@ static int checkusername(const char *use
- } else {
- /* check username hasn't changed */
- if (strcmp(username, ses.authstate.username) != 0) {
-- dropbear_exit("Client trying multiple usernames from %s",
-- svr_ses.addrstring);
-+ dropbear_exit("Client trying multiple usernames");
- }
- }
-
-@@ -268,8 +266,7 @@ static int checkusername(const char *use
- if (!ses.authstate.pw_name) {
- TRACE(("leave checkusername: user '%s' doesn't exist", username))
- dropbear_log(LOG_WARNING,
-- "Login attempt for nonexistent user from %s",
-- svr_ses.addrstring);
-+ "Login attempt for nonexistent user");
- ses.authstate.checkusername_failed = 1;
- return DROPBEAR_FAILURE;
- }
-@@ -279,9 +276,8 @@ static int checkusername(const char *use
- if (!(DROPBEAR_SVR_MULTIUSER && uid == 0) && uid != ses.authstate.pw_uid) {
- TRACE(("running as nonroot, only server uid is allowed"))
- dropbear_log(LOG_WARNING,
-- "Login attempt with wrong user %s from %s",
-- ses.authstate.pw_name,
-- svr_ses.addrstring);
-+ "Login attempt with wrong user %s",
-+ ses.authstate.pw_name);
- ses.authstate.checkusername_failed = 1;
- return DROPBEAR_FAILURE;
- }
-@@ -440,8 +436,8 @@ void send_msg_userauth_failure(int parti
- } else {
- userstr = ses.authstate.pw_name;
- }
-- dropbear_exit("Max auth tries reached - user '%s' from %s",
-- userstr, svr_ses.addrstring);
-+ dropbear_exit("Max auth tries reached - user '%s'",
-+ userstr);
- }
-
- TRACE(("leave send_msg_userauth_failure"))
---- a/svr-session.c
-+++ b/svr-session.c
-@@ -149,28 +149,36 @@ void svr_session(int sock, int childpipe
- void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
- char exitmsg[150];
- char fullmsg[300];
-+ char fromaddr[60];
- int i;
-
- /* Render the formatted exit message */
- vsnprintf(exitmsg, sizeof(exitmsg), format, param);
-
-+ /* svr_ses.addrstring may not be set for some early exits, or for
-+ the listener process */
-+ fromaddr[0] = '\0';
-+ if (svr_ses.addrstring) {
-+ snprintf(fromaddr, sizeof(fromaddr), " from <%s>", svr_ses.addrstring);
-+ }
-+
- /* Add the prefix depending on session/auth state */
- if (!ses.init_done) {
- /* before session init */
-- snprintf(fullmsg, sizeof(fullmsg), "Early exit: %s", exitmsg);
-+ snprintf(fullmsg, sizeof(fullmsg), "Early exit%s: %s", fromaddr, exitmsg);
- } else if (ses.authstate.authdone) {
- /* user has authenticated */
- snprintf(fullmsg, sizeof(fullmsg),
-- "Exit (%s): %s",
-- ses.authstate.pw_name, exitmsg);
-+ "Exit (%s)%s: %s",
-+ ses.authstate.pw_name, fromaddr, exitmsg);
- } else if (ses.authstate.pw_name) {
- /* we have a potential user */
- snprintf(fullmsg, sizeof(fullmsg),
-- "Exit before auth (user '%s', %u fails): %s",
-- ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
-+ "Exit before auth%s: (user '%s', %u fails): %s",
-+ fromaddr, ses.authstate.pw_name, ses.authstate.failcount, exitmsg);
- } else {
- /* before userauth */
-- snprintf(fullmsg, sizeof(fullmsg), "Exit before auth: %s", exitmsg);
-+ snprintf(fullmsg, sizeof(fullmsg), "Exit before auth%s: %s", fromaddr, exitmsg);
- }
-
- dropbear_log(LOG_INFO, "%s", fullmsg);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 11:42:01 +0000