# Don't audit SSH_INVALID_USER twice. # PRIVSEP(getpwnamallow()) a few lines above already did this. # # based on: # https://bugzilla.mindrot.org/show_bug.cgi?id=1402 # https://bugzilla.mindrot.org/attachment.cgi?id=2010 # by jchadima@redhat.com # # PRIVSEP(getpwnamallow()) a few lines above already did this. diff --git a/openssh-6.4p1/auth2.c b/openssh-6.4p1/auth2.c --- a/openssh-6.4p1/auth2.c +++ b/openssh-6.4p1/auth2.c @@ -242,19 +242,16 @@ input_userauth_request(int type, u_int32 authctxt->pw = PRIVSEP(getpwnamallow(user)); authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); } else { logit("input_userauth_request: invalid user %s", user); authctxt->pw = fakepw(); -#ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_INVALID_USER)); -#endif } #ifdef USE_PAM if (options.use_pam) PRIVSEP(start_pam(authctxt)); #endif setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service);