Don't log normal login_getpwclass(3) result.

The logging was introduced in r314527 but doesn't appear to be useful
for regular operation, and as the result, for users with no class set
(very common) the administrator would see a message like this in their
auth.log:

  sshd[44251]: user root login class [preauth]

(note that the class was "" because that's what's typically configured
for most users; we would get 'default' if lc->lc_class is chosen)

Remove this log as it can be annoying as the lookup happen before
authentication and repeats, and our code is not acting upon lc_class
or pw_class directly anyways.

Reviewed by:	cem, imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D24997
This commit is contained in:
Xin LI 2020-06-26 04:46:45 +00:00
parent a9813b6bb1
commit 8d8b292321

View File

@ -317,8 +317,6 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
if (authctxt->pw != NULL && if (authctxt->pw != NULL &&
(lc = PRIVSEP(login_getpwclass(authctxt->pw))) != NULL) { (lc = PRIVSEP(login_getpwclass(authctxt->pw))) != NULL) {
logit("user %s login class %s", authctxt->pw->pw_name,
authctxt->pw->pw_class);
from_host = auth_get_canonical_hostname(ssh, options.use_dns); from_host = auth_get_canonical_hostname(ssh, options.use_dns);
from_ip = ssh_remote_ipaddr(ssh); from_ip = ssh_remote_ipaddr(ssh);
if (!auth_hostok(lc, from_host, from_ip)) { if (!auth_hostok(lc, from_host, from_ip)) {