From 0dd6d2cd219a0eb75dc3a498ee5a23973239ca6d Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Thu, 21 Nov 2024 16:42:02 -0500
Subject: [PATCH] username logging fix (#762)

* initial pass at including username from sftp

* initialize user to unknown

* update tests

* fix spacing

* fix test take 2
---
 monitor.c                                      | 6 +++---
 regress/pesterTests/FileBasedLogging.tests.ps1 | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/monitor.c b/monitor.c
index 4726b62be..1f45aef76 100644
--- a/monitor.c
+++ b/monitor.c
@@ -483,14 +483,14 @@ monitor_read_log(struct monitor *pmonitor)
 
 	/*log it*/
 	if (authctxt->authenticated == 0) 
-		sshlogdirect(level, forced, "%s [preauth]", msg);
+		sshlogdirect(level, forced, "user: %s: %s [preauth]", authctxt->user, msg);
 	else {
 		if (strcmp(pname, "sftp-server") == 0) {
 			log_init(pname, sftp_log_level, sftp_log_facility, sftp_log_stderr);
-			sshlogdirect(level, forced, "%s", msg);
+			sshlogdirect(level, forced, "user: %s: %s", authctxt->user, msg);
 			log_init("sshd", options.log_level, options.log_facility, log_stderr);
 		} else  
-			sshlogdirect(level, forced, "%s", msg);
+			sshlogdirect(level, forced, "user: %s: %s", authctxt->user, msg);
 	}
 #else
 	/*log it*/
diff --git a/regress/pesterTests/FileBasedLogging.tests.ps1 b/regress/pesterTests/FileBasedLogging.tests.ps1
index a78254a58..5e4eb87b0 100644
--- a/regress/pesterTests/FileBasedLogging.tests.ps1
+++ b/regress/pesterTests/FileBasedLogging.tests.ps1
@@ -200,9 +200,9 @@ exit"
 
             $sshdlog | Should Contain "Accepted publickey for $nonadminusername"
             $sshdlog | Should Contain "KEX done \[preauth\]"
-            $sshdlog | Should Contain "debug2: subsystem request for sftp by user $nonadminusername"
+            $sshdlog | Should Contain "debug2: user: $nonadminusername`: subsystem request for sftp by user $nonadminusername"
             $sftplog | Should Contain "session opened for local user $nonadminusername"
-            $sftplog | Should Contain "debug3: request 3: opendir"
+            $sftplog | Should Contain "debug3: user: $nonadminusername`: request 3: opendir"
             $sftplog | Should Contain "session closed for local user $nonadminusername"
         }
 
@@ -216,9 +216,9 @@ exit"
   
             $sshdlog | Should Contain "Accepted publickey for $adminusername"
             $sshdlog | Should Contain "KEX done \[preauth\]"
-            $sshdlog | Should Contain "debug2: subsystem request for sftp by user $adminusername"
+            $sshdlog | Should Contain "debug2: user: $adminusername`: subsystem request for sftp by user $adminusername"
             $sftplog | Should Contain "session opened for local user $adminusername"
-            $sftplog | Should Contain "debug3: request 3: opendir"
+            $sftplog | Should Contain "debug3: user: $adminusername`: request 3: opendir"
             $sftplog | Should Contain "session closed for local user $adminusername"
         }
     }