Use LOG_AUTHPRIV to hide the username attempted during an invalid login

from everyone but sysadmins. PR: bin/29487 MFC after: 3 days
2003-02-11 11:58:33 +00:00 · 2003-02-11 11:58:33 +00:00 · b8939f6fa6
commit b8939f6fa6
parent 83333d4569
1 changed files with 5 additions and 1 deletions
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@ -1401,10 +1401,14 @@ skip:
 		 */
 		if (rval) {
 			reply(530, "Login incorrect.");
-			if (logging)
+			if (logging) {
 				syslog(LOG_NOTICE,
+				    "FTP LOGIN FAILED FROM %s",
+				    remotehost);
+				syslog(LOG_AUTHPRIV | LOG_NOTICE,
 				    "FTP LOGIN FAILED FROM %s, %s",
 				    remotehost, curname);
+			}
 			pw = NULL;
 			if (login_attempts++ >= 5) {
 				syslog(LOG_NOTICE,