X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/91d9cdd3ca06d1809bc05a285dafdea2954850b2..f96b1f670e759a7834f281f437f64550fdfecd97:/openssh/auth.c?ds=sidebyside

diff --git a/openssh/auth.c b/openssh/auth.c
index 3585daa..19253fe 100644
--- a/openssh/auth.c
+++ b/openssh/auth.c
@@ -71,6 +71,9 @@
 #endif
 #include "monitor_wrap.h"
 
+#include "version.h"
+#include "ssh-globus-usage.h"
+
 /* import */
 extern ServerOptions options;
 extern int use_privsep;
@@ -269,7 +272,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
 	    authmsg,
 	    method,
 	    authctxt->valid ? "" : "invalid user ",
-	    authctxt->user,
+	    (authctxt->user && authctxt->user[0]) ?
+		authctxt->user : "unknown",
 	    get_remote_ipaddr(),
 	    get_remote_port(),
 	    info);
@@ -291,6 +295,21 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
 	if (authenticated == 0 && !authctxt->postponed)
 		audit_event(audit_classify_auth(method));
 #endif
+	if (authenticated) {
+		char *userdn = NULL;
+		char *mech_name = NULL;
+		ssh_gssapi_get_client_info(&userdn, &mech_name);
+		debug("REPORTING (%s) (%s) (%s) (%s) (%s) (%s) (%s)",
+			 SSH_RELEASE, SSLeay_version(SSLEAY_VERSION),
+			 method, mech_name?mech_name:"NULL", get_remote_ipaddr(),
+			 (authctxt->user && authctxt->user[0])?
+				authctxt->user : "unknown",
+			userdn?userdn:"NULL");
+		ssh_globus_send_usage_metrics(SSH_RELEASE,
+					SSLeay_version(SSLEAY_VERSION),
+					method, mech_name, get_remote_ipaddr(),
+					authctxt->user, userdn);
+	}
 }
 
 /*
@@ -325,7 +344,7 @@ auth_root_allowed(char *method)
  *
  * This returns a buffer allocated by xmalloc.
  */
-static char *
+char *
 expand_authorized_keys(const char *filename, struct passwd *pw)
 {
 	char *file, ret[MAXPATHLEN];
@@ -526,9 +545,14 @@ getpwnamallow(const char *user)
 	    get_canonical_hostname(options.use_dns), get_remote_ipaddr());
 
 	pw = getpwnam(user);
+#ifdef USE_PAM
+	if (options.use_pam && options.permit_pam_user_change && pw == NULL)
+		pw = sshpam_getpw(user);
+#endif
 	if (pw == NULL) {
 		logit("Invalid user %.100s from %.100s",
-		    user, get_remote_ipaddr());
+		      (user && user[0]) ? user : "unknown",
+		      get_remote_ipaddr());
 #ifdef CUSTOM_FAILED_LOGIN
 		record_failed_login(user,
 		    get_canonical_hostname(options.use_dns), "ssh");