- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c

[openssh.git] / auth2.c

diff --git a/auth2.c b/auth2.c
index 60e261f7f452caa55fe3a2086ff91e5337a92607..2727e0ff56290643dd7ca39502f825bae19f2706 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -166,6 +166,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 #ifdef USE_PAM
                        if (options.use_pam)
                                PRIVSEP(start_pam(authctxt));
+#endif
+#ifdef AUDIT_EVENTS
+                       PRIVSEP(audit_event(INVALID_USER));
 #endif
                }
                setproctitle("%s%s", authctxt->valid ? user : "unknown",
@@ -214,8 +217,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 
        /* Special handling for root */
        if (authenticated && authctxt->pw->pw_uid == 0 &&
-           !auth_root_allowed(method))
+           !auth_root_allowed(method)) {
                authenticated = 0;
+#ifdef AUDIT_EVENTS
+               PRIVSEP(audit_event(LOGIN_ROOT_DENIED));
+#endif
+       }
 
 #ifdef USE_PAM
        if (options.use_pam && authenticated) {
@@ -255,8 +262,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
                /* now we can break out */
                authctxt->success = 1;
        } else {
-               if (authctxt->failures++ > options.max_authtries)
+               if (authctxt->failures++ > options.max_authtries) {
+#ifdef AUDIT_EVENTS
+                       PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
+#endif
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+               }
                methods = authmethods_get();
                packet_start(SSH2_MSG_USERAUTH_FAILURE);
                packet_put_cstring(methods);