From: Allison Karlitskaya <allison.karlitskaya@redhat.com>
Date: Wed, 3 Sep 2025 18:07:55 +0000 (+0200)
Subject: Don't log audit messages with UNKNOWN hostname
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e5055ef26abcffd3f99669e411ea6b35ca166111;p=thirdparty%2Fopenssh-portable.git

Don't log audit messages with UNKNOWN hostname

The `host` parameter to audit_log_acct_message() is documented as
follows:

      host - The hostname if known. If not available pass a NULL.

but we pass the string "UNKNOWN" in case we don't know the hostname.
Make sure we pass NULL instead.

This avoids having the audit system attempt to perform a DNS lookup on
the hostname "UNKNOWN", which tends to result in long delays when
attempting to login.
---

diff --git a/audit-linux.c b/audit-linux.c
index 8b9854f73..954eabe27 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -51,6 +51,8 @@ linux_audit_record_event(int uid, const char *username, const char *hostname,
 		else
 			return 0; /* Must prevent login */
 	}
+        if (hostname != NULL && strcmp(hostname, "UNKNOWN") == 0)
+                hostname = NULL;
 	rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
 	    NULL, "login", username ? username : "(unknown)",
 	    username == NULL ? uid : -1, hostname, ip, ttyn, success);