Added flags -z to have telnetd log unauthenticated logins, such as
when using an old telnet client. Unfortunately in most of these cases, the user name is not known. There should also be a way to tell the difference between bad authentication (such as with expired tickets) and no attempt to provide authentication (such as with an old client). git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@279 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -220,6 +220,8 @@ struct clocks_t{
|
||||
};
|
||||
extern struct clocks_t clocks;
|
||||
|
||||
extern int log_unauth;
|
||||
|
||||
|
||||
#if defined(CRAY2) && defined(UNICOS5)
|
||||
extern int needtermstat;
|
||||
|
@@ -94,17 +94,13 @@ char *unptyip; /* pointer to remaining characters in buffer */
|
||||
int ourpty, net;
|
||||
int SYNCHing; /* we are in TELNET SYNCH mode */
|
||||
|
||||
#ifndef P
|
||||
# ifdef __STDC__
|
||||
# define P(x) x
|
||||
# else
|
||||
# define P(x) ()
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The following are some clocks used to decide how to interpret
|
||||
* the relationship between various variables.
|
||||
*/
|
||||
|
||||
struct clocks_t clocks;
|
||||
|
||||
|
||||
/* whether to log unauthenticated login attempts */
|
||||
int log_unauth;
|
||||
|
@@ -1564,6 +1564,14 @@ void start_login(char *host, int autologin, char *name)
|
||||
if (auth_level < 0 || autologin != AUTH_VALID) {
|
||||
printf("User not authenticated. "
|
||||
"Using plaintext username and password\r\n");
|
||||
if(log_unauth) {
|
||||
char *u;
|
||||
if(name[0]) u = name;
|
||||
else u=getenv("USER");
|
||||
u = u ? u : "unknown user";
|
||||
syslog(LOG_INFO, "unauthenticated access from %s (%s)",
|
||||
host, u);
|
||||
}
|
||||
}
|
||||
if (auth_level >= 0 && autologin == AUTH_VALID) {
|
||||
# if !defined(NO_LOGIN_F)
|
||||
|
@@ -170,6 +170,7 @@ char valid_opts[] = {
|
||||
's',
|
||||
#endif
|
||||
'L', ':',
|
||||
'z',
|
||||
'\0'
|
||||
};
|
||||
|
||||
@@ -367,6 +368,10 @@ int main(int argc, char **argv)
|
||||
*/
|
||||
auth_disable_name(optarg);
|
||||
break;
|
||||
case 'z':
|
||||
log_unauth = 1;
|
||||
break;
|
||||
|
||||
#endif /* AUTHENTICATION */
|
||||
|
||||
case 'L':
|
||||
@@ -577,7 +582,7 @@ usage()
|
||||
fprintf(stderr, " [-S tos]");
|
||||
#endif
|
||||
#ifdef AUTHENTICATION
|
||||
fprintf(stderr, " [-X auth-type]");
|
||||
fprintf(stderr, " [-X auth-type] [-z]");
|
||||
#endif
|
||||
fprintf(stderr, " [-u utmp_hostname_length] [-U]");
|
||||
fprintf(stderr, " [port]\n");
|
||||
|
Reference in New Issue
Block a user