- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c

[openssh.git] / auth1.c

diff --git a/auth1.c b/auth1.c
index 2a9d18b9a23982b5fefc5082eefddd3ffb45d5a2..aeb5d8cb95e891ece76e329a0c8876a2fa2ede7d 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -247,8 +247,12 @@ do_authloop(Authctxt *authctxt)
 #else
                /* Special handling for root */
                if (authenticated && authctxt->pw->pw_uid == 0 &&
-                   !auth_root_allowed(get_authname(type)))
+                   !auth_root_allowed(get_authname(type))) {
                        authenticated = 0;
+# ifdef AUDIT_EVENTS
+                       PRIVSEP(audit_event(LOGIN_ROOT_DENIED));
+# endif
+               }
 #endif
 
 #ifdef USE_PAM
@@ -283,8 +287,12 @@ do_authloop(Authctxt *authctxt)
                if (authenticated)
                        return;
 
-               if (authctxt->failures++ > options.max_authtries)
+               if (authctxt->failures++ > options.max_authtries) {
+#ifdef AUDIT_EVENTS
+                       PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
+#endif
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+               }
 
                packet_start(SSH_SMSG_FAILURE);
                packet_send();