#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
+#endif
+#ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(INVALID_USER));
#endif
}
setproctitle("%s%s", authctxt->valid ? user : "unknown",
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
- !auth_root_allowed(method))
+ !auth_root_allowed(method)) {
authenticated = 0;
+#ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(LOGIN_ROOT_DENIED));
+#endif
+ }
#ifdef USE_PAM
if (options.use_pam && authenticated) {
/* now we can break out */
authctxt->success = 1;
} else {
- if (authctxt->failures++ > options.max_authtries)
+ if (authctxt->failures++ > options.max_authtries) {
+#ifdef AUDIT_EVENTS
+ PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
+#endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ }
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);