bmh10 / rpms / openssh

Forked from rpms/openssh 16 days ago
Clone
Zoltan Fridrich 7fedb4
diff --color -ruNp a/audit-linux.c b/audit-linux.c
Zoltan Fridrich 7fedb4
--- a/audit-linux.c	2024-05-09 12:38:08.843017319 +0200
Zoltan Fridrich 7fedb4
+++ b/audit-linux.c	2024-05-09 12:47:05.162267634 +0200
Zoltan Fridrich 7fedb4
@@ -52,7 +52,7 @@ extern u_int utmp_len;
Zoltan Fridrich 7fedb4
 const char *audit_username(void);
Zoltan Fridrich 7fedb4
 
Zoltan Fridrich 7fedb4
 static void
Zoltan Fridrich 7fedb4
-linux_audit_user_logxxx(int uid, const char *username,
Zoltan Fridrich 7fedb4
+linux_audit_user_logxxx(int uid, const char *username, const char *hostname,
Zoltan Fridrich 7fedb4
     const char *ip, const char *ttyn, int success, int event)
Zoltan Fridrich 7fedb4
 {
Zoltan Fridrich 7fedb4
 	int audit_fd, rc, saved_errno;
Zoltan Fridrich 7fedb4
@@ -66,7 +66,7 @@ linux_audit_user_logxxx(int uid, const c
Zoltan Fridrich 7fedb4
 	}
Zoltan Fridrich 7fedb4
 	rc = audit_log_acct_message(audit_fd, event,
Zoltan Fridrich 7fedb4
 	    NULL, "login", username ? username : "(unknown)",
Zoltan Fridrich 7fedb4
-	    username == NULL ? uid : -1, NULL, ip, ttyn, success);
Zoltan Fridrich 7fedb4
+	    username == NULL ? uid : -1, hostname, ip, ttyn, success);
Zoltan Fridrich 7fedb4
 	saved_errno = errno;
Zoltan Fridrich 7fedb4
 	close(audit_fd);
Zoltan Fridrich 7fedb4
 
Zoltan Fridrich 7fedb4
@@ -181,9 +181,11 @@ audit_run_command(struct ssh *ssh, const
Zoltan Fridrich 7fedb4
 {
Zoltan Fridrich 7fedb4
 	if (!user_login_count++)
Zoltan Fridrich 7fedb4
 		linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
Zoltan Fridrich 7fedb4
+		    options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 		    ssh_remote_ipaddr(ssh),
Zoltan Fridrich 7fedb4
 		    "ssh", 1, AUDIT_USER_LOGIN);
Zoltan Fridrich 7fedb4
 	linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
Zoltan Fridrich 7fedb4
+	    options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 	    ssh_remote_ipaddr(ssh),
Zoltan Fridrich 7fedb4
 	    "ssh", 1, AUDIT_USER_START);
Zoltan Fridrich 7fedb4
 	return 0;
Zoltan Fridrich 7fedb4
@@ -193,10 +195,12 @@ void
Zoltan Fridrich 7fedb4
 audit_end_command(struct ssh *ssh, int handle, const char *command)
Zoltan Fridrich 7fedb4
 {
Zoltan Fridrich 7fedb4
 	linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
Zoltan Fridrich 7fedb4
+	    options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 	    ssh_remote_ipaddr(ssh),
Zoltan Fridrich 7fedb4
 	    "ssh", 1, AUDIT_USER_END);
Zoltan Fridrich 7fedb4
 	if (user_login_count && !--user_login_count)
Zoltan Fridrich 7fedb4
 		linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
Zoltan Fridrich 7fedb4
+		    options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 		    ssh_remote_ipaddr(ssh),
Zoltan Fridrich 7fedb4
 		    "ssh", 1, AUDIT_USER_LOGOUT);
Zoltan Fridrich 7fedb4
 }
Zoltan Fridrich 7fedb4
@@ -211,19 +215,27 @@ void
Zoltan Fridrich 7fedb4
 audit_session_open(struct logininfo *li)
Zoltan Fridrich 7fedb4
 {
Zoltan Fridrich 7fedb4
 	if (!user_login_count++)
Zoltan Fridrich 7fedb4
-		linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Zoltan Fridrich 7fedb4
+		linux_audit_user_logxxx(li->uid, NULL,
Zoltan Fridrich 7fedb4
+		    options.use_dns ? li->hostname : NULL,
Zoltan Fridrich 7fedb4
+		    options.use_dns ? NULL : li->hostname,
Zoltan Fridrich 7fedb4
 		    li->line, 1, AUDIT_USER_LOGIN);
Zoltan Fridrich 7fedb4
-	linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Zoltan Fridrich 7fedb4
+	linux_audit_user_logxxx(li->uid, NULL,
Zoltan Fridrich 7fedb4
+	    options.use_dns ? li->hostname : NULL,
Zoltan Fridrich 7fedb4
+	    options.use_dns ? NULL : li->hostname,
Zoltan Fridrich 7fedb4
 	    li->line, 1, AUDIT_USER_START);
Zoltan Fridrich 7fedb4
 }
Zoltan Fridrich 7fedb4
 
Zoltan Fridrich 7fedb4
 void
Zoltan Fridrich 7fedb4
 audit_session_close(struct logininfo *li)
Zoltan Fridrich 7fedb4
 {
Zoltan Fridrich 7fedb4
-	linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Zoltan Fridrich 7fedb4
+	linux_audit_user_logxxx(li->uid, NULL,
Zoltan Fridrich 7fedb4
+	    options.use_dns ? li->hostname : NULL,
Zoltan Fridrich 7fedb4
+	    options.use_dns ? NULL : li->hostname,
Zoltan Fridrich 7fedb4
 	    li->line, 1, AUDIT_USER_END);
Zoltan Fridrich 7fedb4
 	if (user_login_count && !--user_login_count)
Zoltan Fridrich 7fedb4
-		linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Zoltan Fridrich 7fedb4
+		linux_audit_user_logxxx(li->uid, NULL,
Zoltan Fridrich 7fedb4
+		    options.use_dns ? li->hostname : NULL,
Zoltan Fridrich 7fedb4
+		    options.use_dns ? NULL : li->hostname,
Zoltan Fridrich 7fedb4
 		    li->line, 1, AUDIT_USER_LOGOUT);
Zoltan Fridrich 7fedb4
 }
Zoltan Fridrich 7fedb4
 
Zoltan Fridrich 7fedb4
@@ -236,6 +248,7 @@ audit_event(struct ssh *ssh, ssh_audit_e
Zoltan Fridrich 7fedb4
 		linux_audit_user_auth(-1, audit_username(),
Zoltan Fridrich 7fedb4
 			ssh_remote_ipaddr(ssh), "ssh", 0, event);
Zoltan Fridrich 7fedb4
 		linux_audit_user_logxxx(-1, audit_username(),
Zoltan Fridrich 7fedb4
+			options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 			ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
Zoltan Fridrich 7fedb4
 		break;
Zoltan Fridrich 7fedb4
 	case SSH_AUTH_FAIL_PASSWD:
Zoltan Fridrich 7fedb4
@@ -254,9 +267,11 @@ audit_event(struct ssh *ssh, ssh_audit_e
Zoltan Fridrich 7fedb4
 		if (user_login_count) {
Zoltan Fridrich 7fedb4
 			while (user_login_count--)
Zoltan Fridrich 7fedb4
 				linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
Zoltan Fridrich 7fedb4
+				    options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 				    ssh_remote_ipaddr(ssh),
Zoltan Fridrich 7fedb4
 				    "ssh", 1, AUDIT_USER_END);
Zoltan Fridrich 7fedb4
 			linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
Zoltan Fridrich 7fedb4
+			    options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 			    ssh_remote_ipaddr(ssh),
Zoltan Fridrich 7fedb4
 			    "ssh", 1, AUDIT_USER_LOGOUT);
Zoltan Fridrich 7fedb4
 		}
Zoltan Fridrich 7fedb4
@@ -265,6 +280,7 @@ audit_event(struct ssh *ssh, ssh_audit_e
Zoltan Fridrich 7fedb4
 	case SSH_CONNECTION_ABANDON:
Zoltan Fridrich 7fedb4
 	case SSH_INVALID_USER:
Zoltan Fridrich 7fedb4
 		linux_audit_user_logxxx(-1, audit_username(),
Zoltan Fridrich 7fedb4
+			options.use_dns ? remote_hostname(ssh) : NULL,
Zoltan Fridrich 7fedb4
 			ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
Zoltan Fridrich 7fedb4
 		break;
Zoltan Fridrich 7fedb4
 	default: