vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh-5.9p1-audit1.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   17eb1038b2b6d7f06934f3cf94cae9804b9ebffc
  2.   openssh-5.9p1-audit1.patch
Blob History Raw
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/audit-bsm.c.audit1 openssh-5.9p0/audit-bsm.c
Jan F. Chadima 69dd72 
--- openssh-5.9p0/audit-bsm.c.audit1	2011-01-17 11:15:29.000000000 +0100
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/audit-bsm.c	2011-08-30 10:46:57.704148875 +0200
Jan F. Chadima 69dd72 
@@ -298,10 +298,23 @@ audit_connection_from(const char *host,
Jan F. Chadima 69dd72 
 #endif
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
-void
Jan F. Chadima 69dd72 
+int
Jan F. Chadima 69dd72 
 audit_run_command(const char *command)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
 	/* not implemented */
Jan F. Chadima 69dd72 
+	return 0;
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+audit_end_command(int handle, const char *command)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	/* not implemented */
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+audit_count_session_open(void)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	/* not necessary */
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 void
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/audit-linux.c.audit1 openssh-5.9p0/audit-linux.c
Jan F. Chadima 69dd72 
--- openssh-5.9p0/audit-linux.c.audit1	2011-01-17 11:15:30.000000000 +0100
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/audit-linux.c	2011-08-30 10:46:58.059024733 +0200
Jan F. Chadima 69dd72 
@@ -35,13 +35,20 @@
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 #include "log.h"
Jan F. Chadima 69dd72 
 #include "audit.h"
Jan F. Chadima 69dd72 
+#include "key.h"
Jan F. Chadima 69dd72 
+#include "hostfile.h"
Jan F. Chadima 69dd72 
+#include "auth.h"
Jan F. Chadima 69dd72 
+#include "servconf.h"
Jan F. Chadima 69dd72 
 #include "canohost.h"
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
+extern ServerOptions options;
Jan F. Chadima 69dd72 
+extern Authctxt *the_authctxt;
Jan F. Chadima 69dd72 
+extern u_int utmp_len;
Jan F. Chadima 69dd72 
 const char* audit_username(void);
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
-int
Jan F. Chadima 69dd72 
-linux_audit_record_event(int uid, const char *username,
Jan F. Chadima 69dd72 
-    const char *hostname, const char *ip, const char *ttyn, int success)
Jan F. Chadima 69dd72 
+static void
Jan F. Chadima 69dd72 
+linux_audit_user_logxxx(int uid, const char *username,
Jan F. Chadima 69dd72 
+    const char *hostname, const char *ip, const char *ttyn, int success, int event)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
 	int audit_fd, rc, saved_errno;
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
@@ -49,11 +56,11 @@ linux_audit_record_event(int uid, const
Jan F. Chadima 69dd72 
 	if (audit_fd < 0) {
Jan F. Chadima 69dd72 
 		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
Jan F. Chadima 69dd72 
 		    errno == EAFNOSUPPORT)
Jan F. Chadima 69dd72 
-			return 1; /* No audit support in kernel */
Jan F. Chadima 69dd72 
+			return; /* No audit support in kernel */
Jan F. Chadima 69dd72 
 		else
Jan F. Chadima 69dd72 
-			return 0; /* Must prevent login */
Jan F. Chadima 69dd72 
+			goto fatal_report; /* Must prevent login */
Jan F. Chadima 69dd72 
 	}
Jan F. Chadima 69dd72 
-	rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
Jan F. Chadima 69dd72 
+	rc = audit_log_acct_message(audit_fd, event,
Jan F. Chadima 69dd72 
 	    NULL, "login", username ? username : "(unknown)",
Jan F. Chadima 69dd72 
 	    username == NULL ? uid : -1, hostname, ip, ttyn, success);
Jan F. Chadima 69dd72 
 	saved_errno = errno;
Jan F. Chadima 69dd72 
@@ -65,35 +72,119 @@ linux_audit_record_event(int uid, const
Jan F. Chadima 69dd72 
 	if ((rc == -EPERM) && (geteuid() != 0))
Jan F. Chadima 69dd72 
 		rc = 0;
Jan F. Chadima 69dd72 
 	errno = saved_errno;
Jan F. Chadima 69dd72 
-	return (rc >= 0);
Jan F. Chadima 69dd72 
+	if (rc < 0) {
Jan F. Chadima 69dd72 
+fatal_report:
Jan F. Chadima 69dd72 
+		fatal("linux_audit_write_entry failed: %s", strerror(errno));
Jan F. Chadima 69dd72 
+	}
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+static void
Jan F. Chadima 69dd72 
+linux_audit_user_auth(int uid, const char *username,
Jan F. Chadima 69dd72 
+    const char *hostname, const char *ip, const char *ttyn, int success, int event)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	int audit_fd, rc, saved_errno;
Jan F. Chadima 69dd72 
+	static const char *event_name[] = {
Jan F. Chadima 69dd72 
+		"maxtries exceeded",
Jan F. Chadima 69dd72 
+		"root denied",
Jan F. Chadima 69dd72 
+		"success",
Jan F. Chadima 69dd72 
+		"none",
Jan F. Chadima 69dd72 
+		"password",
Jan F. Chadima 69dd72 
+		"challenge-response",
Jan F. Chadima 69dd72 
+		"pubkey",
Jan F. Chadima 69dd72 
+		"hostbased",
Jan F. Chadima 69dd72 
+		"gssapi",
Jan F. Chadima 69dd72 
+		"invalid user",
Jan F. Chadima 69dd72 
+		"nologin",
Jan F. Chadima 69dd72 
+		"connection closed",
Jan F. Chadima 69dd72 
+		"connection abandoned",
Jan F. Chadima 69dd72 
+		"unknown"
Jan F. Chadima 69dd72 
+	};
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	audit_fd = audit_open();
Jan F. Chadima 69dd72 
+	if (audit_fd < 0) {
Jan F. Chadima 69dd72 
+		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
Jan F. Chadima 69dd72 
+		    errno == EAFNOSUPPORT)
Jan F. Chadima 69dd72 
+			return; /* No audit support in kernel */
Jan F. Chadima 69dd72 
+		else
Jan F. Chadima 69dd72 
+			goto fatal_report; /* Must prevent login */
Jan F. Chadima 69dd72 
+	}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	if ((event < 0) || (event > SSH_AUDIT_UNKNOWN))
Jan F. Chadima 69dd72 
+		event = SSH_AUDIT_UNKNOWN;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH,
Jan F. Chadima 69dd72 
+	    NULL, event_name[event], username ? username : "(unknown)",
Jan F. Chadima 69dd72 
+	    username == NULL ? uid : -1, hostname, ip, ttyn, success);
Jan F. Chadima 69dd72 
+	saved_errno = errno;
Jan F. Chadima 69dd72 
+	close(audit_fd);
Jan F. Chadima 69dd72 
+	/*
Jan F. Chadima 69dd72 
+	 * Do not report error if the error is EPERM and sshd is run as non
Jan F. Chadima 69dd72 
+	 * root user.
Jan F. Chadima 69dd72 
+	 */
Jan F. Chadima 69dd72 
+	if ((rc == -EPERM) && (geteuid() != 0))
Jan F. Chadima 69dd72 
+		rc = 0;
Jan F. Chadima 69dd72 
+	errno = saved_errno;
Jan F. Chadima 69dd72 
+	if (rc < 0) {
Jan F. Chadima 69dd72 
+fatal_report:
Jan F. Chadima 69dd72 
+		fatal("linux_audit_write_entry failed: %s", strerror(errno));
Jan F. Chadima 69dd72 
+	}
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
+static int user_login_count = 0;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 /* Below is the sshd audit API code */
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 void
Jan F. Chadima 69dd72 
 audit_connection_from(const char *host, int port)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
-}
Jan F. Chadima 69dd72 
 	/* not implemented */
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
-void
Jan F. Chadima 69dd72 
+int
Jan F. Chadima 69dd72 
 audit_run_command(const char *command)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
-	/* not implemented */
Jan F. Chadima 69dd72 
+	if (!user_login_count++)
Jan F. Chadima 69dd72 
+		linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
Jan F. Chadima 69dd72 
+		    NULL, "ssh", 1, AUDIT_USER_LOGIN);
Jan F. Chadima 69dd72 
+	linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
Jan F. Chadima 69dd72 
+	    NULL, "ssh", 1, AUDIT_USER_START);
Jan F. Chadima 69dd72 
+	return 0;
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+audit_end_command(int handle, const char *command)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
Jan F. Chadima 69dd72 
+	    NULL, "ssh", 1, AUDIT_USER_END);
Jan F. Chadima 69dd72 
+	if (user_login_count && !--user_login_count)
Jan F. Chadima 69dd72 
+		linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
Jan F. Chadima 69dd72 
+		    NULL, "ssh", 1, AUDIT_USER_LOGOUT);
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+audit_count_session_open(void)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	user_login_count++;
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 void
Jan F. Chadima 69dd72 
 audit_session_open(struct logininfo *li)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
-	if (linux_audit_record_event(li->uid, NULL, li->hostname,
Jan F. Chadima 69dd72 
-	    NULL, li->line, 1) == 0)
Jan F. Chadima 69dd72 
-		fatal("linux_audit_write_entry failed: %s", strerror(errno));
Jan F. Chadima 69dd72 
+	if (!user_login_count++)
Jan F. Chadima 69dd72 
+		linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Jan F. Chadima 69dd72 
+		    NULL, li->line, 1, AUDIT_USER_LOGIN);
Jan F. Chadima 69dd72 
+	linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Jan F. Chadima 69dd72 
+	    NULL, li->line, 1, AUDIT_USER_START);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 void
Jan F. Chadima 69dd72 
 audit_session_close(struct logininfo *li)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
-	/* not implemented */
Jan F. Chadima 69dd72 
+	linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Jan F. Chadima 69dd72 
+	    NULL, li->line, 1, AUDIT_USER_END);
Jan F. Chadima 69dd72 
+	if (user_login_count && !--user_login_count)
Jan F. Chadima 69dd72 
+		linux_audit_user_logxxx(li->uid, NULL, li->hostname,
Jan F. Chadima 69dd72 
+		    NULL, li->line, 1, AUDIT_USER_LOGOUT);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 void
Jan F. Chadima 69dd72 
@@ -101,21 +192,43 @@ audit_event(ssh_audit_event_t event)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
 	switch(event) {
Jan F. Chadima 69dd72 
 	case SSH_AUTH_SUCCESS:
Jan F. Chadima 69dd72 
-	case SSH_CONNECTION_CLOSE:
Jan F. Chadima 69dd72 
+		linux_audit_user_auth(-1, audit_username(), NULL,
Jan F. Chadima 69dd72 
+			get_remote_ipaddr(), "ssh", 1, event);
Jan F. Chadima 69dd72 
+		break;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 	case SSH_NOLOGIN:
Jan F. Chadima 69dd72 
-	case SSH_LOGIN_EXCEED_MAXTRIES:
Jan F. Chadima 69dd72 
 	case SSH_LOGIN_ROOT_DENIED:
Jan F. Chadima 69dd72 
+		linux_audit_user_auth(-1, audit_username(), NULL,
Jan F. Chadima 69dd72 
+			get_remote_ipaddr(), "ssh", 0, event);
Jan F. Chadima 69dd72 
+		linux_audit_user_logxxx(-1, audit_username(), NULL,
Jan F. Chadima 69dd72 
+			get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN);
Jan F. Chadima 69dd72 
 		break;
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
+	case SSH_LOGIN_EXCEED_MAXTRIES:
Jan F. Chadima 69dd72 
 	case SSH_AUTH_FAIL_NONE:
Jan F. Chadima 69dd72 
 	case SSH_AUTH_FAIL_PASSWD:
Jan F. Chadima 69dd72 
 	case SSH_AUTH_FAIL_KBDINT:
Jan F. Chadima 69dd72 
 	case SSH_AUTH_FAIL_PUBKEY:
Jan F. Chadima 69dd72 
 	case SSH_AUTH_FAIL_HOSTBASED:
Jan F. Chadima 69dd72 
 	case SSH_AUTH_FAIL_GSSAPI:
Jan F. Chadima 69dd72 
+		linux_audit_user_auth(-1, audit_username(), NULL,
Jan F. Chadima 69dd72 
+			get_remote_ipaddr(), "ssh", 0, event);
Jan F. Chadima 69dd72 
+		break;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	case SSH_CONNECTION_CLOSE:
Jan F. Chadima 69dd72 
+		if (user_login_count) {
Jan F. Chadima 69dd72 
+			while (user_login_count--)
Jan F. Chadima 69dd72 
+				linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
Jan F. Chadima 69dd72 
+				    NULL, "ssh", 1, AUDIT_USER_END);
Jan F. Chadima 69dd72 
+			linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
Jan F. Chadima 69dd72 
+			    NULL, "ssh", 1, AUDIT_USER_LOGOUT);
Jan F. Chadima 69dd72 
+		}
Jan F. Chadima 69dd72 
+		break;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	case SSH_CONNECTION_ABANDON:
Jan F. Chadima 69dd72 
 	case SSH_INVALID_USER:
Jan F. Chadima 69dd72 
-		linux_audit_record_event(-1, audit_username(), NULL,
Jan F. Chadima 69dd72 
-			get_remote_ipaddr(), "sshd", 0);
Jan F. Chadima 69dd72 
+		linux_audit_user_logxxx(-1, audit_username(), NULL,
Jan F. Chadima 69dd72 
+			get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN);
Jan F. Chadima 69dd72 
 		break;
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 	default:
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/audit.c.audit1 openssh-5.9p0/audit.c
Jan F. Chadima 69dd72 
--- openssh-5.9p0/audit.c.audit1	2011-01-17 11:15:30.000000000 +0100
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/audit.c	2011-08-30 10:46:57.822025769 +0200
Jan F. Chadima 69dd72 
@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 /*
Jan F. Chadima 69dd72 
+ * Called when a child process has called, or will soon call,
Jan F. Chadima 69dd72 
+ * audit_session_open.
Jan F. Chadima 69dd72 
+ */
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+audit_count_session_open(void)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	debug("audit count session open euid %d user %s", geteuid(),
Jan F. Chadima 69dd72 
+	      audit_username());
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+/*
Jan F. Chadima 69dd72 
  * Called when a user session is started.  Argument is the tty allocated to
Jan F. Chadima 69dd72 
  * the session, or NULL if no tty was allocated.
Jan F. Chadima 69dd72 
  *
Jan F. Chadima 69dd72 
@@ -174,13 +185,29 @@ audit_session_close(struct logininfo *li
Jan F. Chadima 69dd72 
 /*
Jan F. Chadima 69dd72 
  * This will be called when a user runs a non-interactive command.  Note that
Jan F. Chadima 69dd72 
  * it may be called multiple times for a single connection since SSH2 allows
Jan F. Chadima 69dd72 
- * multiple sessions within a single connection.
Jan F. Chadima 69dd72 
+ * multiple sessions within a single connection.  Returns a "handle" for
Jan F. Chadima 69dd72 
+ * audit_end_command.
Jan F. Chadima 69dd72 
  */
Jan F. Chadima 69dd72 
-void
Jan F. Chadima 69dd72 
+int
Jan F. Chadima 69dd72 
 audit_run_command(const char *command)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
 	debug("audit run command euid %d user %s command '%.200s'", geteuid(),
Jan F. Chadima 69dd72 
 	    audit_username(), command);
Jan F. Chadima 69dd72 
+	return 0;
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+/*
Jan F. Chadima 69dd72 
+ * This will be called when the non-interactive command finishes.  Note that
Jan F. Chadima 69dd72 
+ * it may be called multiple times for a single connection since SSH2 allows
Jan F. Chadima 69dd72 
+ * multiple sessions within a single connection.  "handle" should come from
Jan F. Chadima 69dd72 
+ * the corresponding audit_run_command.
Jan F. Chadima 69dd72 
+ */
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+audit_end_command(int handle, const char *command)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	debug("audit end nopty exec  euid %d user %s command '%.200s'", geteuid(),
Jan F. Chadima 69dd72 
+	    audit_username(), command);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
Jan F. Chadima 69dd72 
 #endif /* SSH_AUDIT_EVENTS */
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/audit.h.audit1 openssh-5.9p0/audit.h
Jan F. Chadima 69dd72 
--- openssh-5.9p0/audit.h.audit1	2011-01-17 11:15:30.000000000 +0100
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/audit.h	2011-08-30 10:46:57.952035525 +0200
Jan F. Chadima 69dd72 
@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 void	audit_connection_from(const char *, int);
Jan F. Chadima 69dd72 
 void	audit_event(ssh_audit_event_t);
Jan F. Chadima 69dd72 
+void	audit_count_session_open(void);
Jan F. Chadima 69dd72 
 void	audit_session_open(struct logininfo *);
Jan F. Chadima 69dd72 
 void	audit_session_close(struct logininfo *);
Jan F. Chadima 69dd72 
-void	audit_run_command(const char *);
Jan F. Chadima 69dd72 
+int	audit_run_command(const char *);
Jan F. Chadima 69dd72 
+void 	audit_end_command(int, const char *);
Jan F. Chadima 69dd72 
 ssh_audit_event_t audit_classify_auth(const char *);
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 #endif /* _SSH_AUDIT_H */
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
Jan F. Chadima 69dd72 
--- openssh-5.9p0/monitor.c.audit1	2011-08-05 22:15:18.000000000 +0200
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/monitor.c	2011-08-30 10:50:47.074038891 +0200
Jan F. Chadima 69dd72 
@@ -185,6 +185,7 @@ int mm_answer_gss_checkmic(int, Buffer *
Jan F. Chadima 69dd72 
 #ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
 int mm_answer_audit_event(int, Buffer *);
Jan F. Chadima 69dd72 
 int mm_answer_audit_command(int, Buffer *);
Jan F. Chadima 69dd72 
+int mm_answer_audit_end_command(int, Buffer *);
Jan F. Chadima 69dd72 
 #endif
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 static int monitor_read_log(struct monitor *);
Jan F. Chadima 69dd72 
@@ -271,6 +272,7 @@ struct mon_table mon_dispatch_postauth20
Jan F. Chadima 69dd72 
 #ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
Jan F. Chadima 69dd72 
     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
Jan F. Chadima 69dd72 
+    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
Jan F. Chadima 69dd72 
 #endif
Jan F. Chadima 69dd72 
     {0, 0, NULL}
Jan F. Chadima 69dd72 
 };
Jan F. Chadima 69dd72 
@@ -313,6 +315,7 @@ struct mon_table mon_dispatch_postauth15
Jan F. Chadima 69dd72 
 #ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
Jan F. Chadima 69dd72 
     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
Jan F. Chadima 69dd72 
+    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
Jan F. Chadima 69dd72 
 #endif
Jan F. Chadima 69dd72 
     {0, 0, NULL}
Jan F. Chadima 69dd72 
 };
Jan F. Chadima 69dd72 
@@ -1398,6 +1401,12 @@ mm_session_close(Session *s)
Jan F. Chadima 69dd72 
 		debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
Jan F. Chadima 69dd72 
 		session_pty_cleanup2(s);
Jan F. Chadima 69dd72 
 	}
Jan F. Chadima 69dd72 
+#ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
+	if (s->command != NULL) {
Jan F. Chadima 69dd72 
+		debug3("%s: command %d", __func__, s->command_handle);
Jan F. Chadima 69dd72 
+		session_end_command2(s);
Jan F. Chadima 69dd72 
+	}
Jan F. Chadima 69dd72 
+#endif
Jan F. Chadima 69dd72 
 	session_unused(s->self);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
@@ -1720,11 +1729,44 @@ mm_answer_audit_command(int socket, Buff
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
 	u_int len;
Jan F. Chadima 69dd72 
 	char *cmd;
Jan F. Chadima 69dd72 
+	Session *s;
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 	debug3("%s entering", __func__);
Jan F. Chadima 69dd72 
 	cmd = buffer_get_string(m, &len;;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 	/* sanity check command, if so how? */
Jan F. Chadima 69dd72 
-	audit_run_command(cmd);
Jan F. Chadima 69dd72 
+	s = session_new();
Jan F. Chadima 69dd72 
+	if (s == NULL)
Jan F. Chadima 69dd72 
+		fatal("%s: error allocating a session", __func__);
Jan F. Chadima 69dd72 
+	s->command = cmd;
Jan F. Chadima 69dd72 
+	s->command_handle = audit_run_command(cmd);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	buffer_clear(m);
Jan F. Chadima 69dd72 
+	buffer_put_int(m, s->self);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	return (0);
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+int
Jan F. Chadima 69dd72 
+mm_answer_audit_end_command(int socket, Buffer *m)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	int handle;
Jan F. Chadima 69dd72 
+	u_int len;
Jan F. Chadima 69dd72 
+	char *cmd;
Jan F. Chadima 69dd72 
+	Session *s;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	debug3("%s entering", __func__);
Jan F. Chadima 69dd72 
+	handle = buffer_get_int(m);
Jan F. Chadima 69dd72 
+	cmd = buffer_get_string(m, &len;;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	s = session_by_id(handle);
Jan F. Chadima 69dd72 
+	if (s == NULL || s->ttyfd != -1 || s->command == NULL ||
Jan F. Chadima 69dd72 
+	    strcmp(s->command, cmd) != 0)
Jan F. Chadima 69dd72 
+		fatal("%s: invalid handle", __func__);
Jan F. Chadima 69dd72 
+	mm_session_close(s);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 	xfree(cmd);
Jan F. Chadima 69dd72 
 	return (0);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/monitor.h.audit1 openssh-5.9p0/monitor.h
Jan F. Chadima 69dd72 
--- openssh-5.9p0/monitor.h.audit1	2011-06-20 06:42:23.000000000 +0200
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/monitor.h	2011-08-30 10:46:58.392112520 +0200
Jan F. Chadima 69dd72 
@@ -60,6 +60,7 @@ enum monitor_reqtype {
Jan F. Chadima 69dd72 
 	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
Jan F. Chadima 69dd72 
 	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
Jan F. Chadima 69dd72 
 	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
Jan F. Chadima 69dd72 
+	MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
Jan F. Chadima 69dd72 
 	MONITOR_REQ_TERM,
Jan F. Chadima 69dd72 
 	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
Jan F. Chadima 69dd72 
 	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/monitor_wrap.c.audit1 openssh-5.9p0/monitor_wrap.c
Jan F. Chadima 69dd72 
--- openssh-5.9p0/monitor_wrap.c.audit1	2011-06-20 06:42:23.000000000 +0200
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/monitor_wrap.c	2011-08-30 10:46:58.505031574 +0200
Jan F. Chadima 69dd72 
@@ -1188,10 +1188,11 @@ mm_audit_event(ssh_audit_event_t event)
Jan F. Chadima 69dd72 
 	buffer_free(&m);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
-void
Jan F. Chadima 69dd72 
+int
Jan F. Chadima 69dd72 
 mm_audit_run_command(const char *command)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
 	Buffer m;
Jan F. Chadima 69dd72 
+	int handle;
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 	debug3("%s entering command %s", __func__, command);
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
@@ -1199,6 +1200,26 @@ mm_audit_run_command(const char *command
Jan F. Chadima 69dd72 
 	buffer_put_cstring(&m, command);
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
Jan F. Chadima 69dd72 
+	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	handle = buffer_get_int(&m);
Jan F. Chadima 69dd72 
+	buffer_free(&m);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	return (handle);
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+mm_audit_end_command(int handle, const char *command)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	Buffer m;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	debug3("%s entering command %s", __func__, command);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	buffer_init(&m);
Jan F. Chadima 69dd72 
+	buffer_put_int(&m, handle);
Jan F. Chadima 69dd72 
+	buffer_put_cstring(&m, command);
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m);
Jan F. Chadima 69dd72 
 	buffer_free(&m);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72 
 #endif /* SSH_AUDIT_EVENTS */
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/monitor_wrap.h.audit1 openssh-5.9p0/monitor_wrap.h
Jan F. Chadima 69dd72 
--- openssh-5.9p0/monitor_wrap.h.audit1	2011-06-20 06:42:23.000000000 +0200
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/monitor_wrap.h	2011-08-30 10:46:58.616212835 +0200
Jan F. Chadima 69dd72 
@@ -74,7 +74,8 @@ void mm_sshpam_free_ctx(void *);
Jan F. Chadima 69dd72 
 #ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
 #include "audit.h"
Jan F. Chadima 69dd72 
 void mm_audit_event(ssh_audit_event_t);
Jan F. Chadima 69dd72 
-void mm_audit_run_command(const char *);
Jan F. Chadima 69dd72 
+int mm_audit_run_command(const char *);
Jan F. Chadima 69dd72 
+void mm_audit_end_command(int, const char *);
Jan F. Chadima 69dd72 
 #endif
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 struct Session;
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/session.c.audit1 openssh-5.9p0/session.c
Jan F. Chadima 69dd72 
--- openssh-5.9p0/session.c.audit1	2011-05-20 03:23:10.000000000 +0200
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/session.c	2011-08-30 10:46:58.756024849 +0200
Jan F. Chadima 69dd72 
@@ -742,6 +742,14 @@ do_exec_pty(Session *s, const char *comm
Jan F. Chadima 69dd72 
 	/* Parent.  Close the slave side of the pseudo tty. */
Jan F. Chadima 69dd72 
 	close(ttyfd);
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
+#ifndef HAVE_OSF_SIA
Jan F. Chadima 69dd72 
+	/* do_login in the child did not affect state in this process,
Jan F. Chadima 69dd72 
+	   compensate.  From an architectural standpoint, this is extremely
Jan F. Chadima 69dd72 
+	   ugly. */
Jan F. Chadima 69dd72 
+	if (!(options.use_login && command == NULL))
Jan F. Chadima 69dd72 
+		audit_count_session_open();
Jan F. Chadima 69dd72 
+#endif
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 	/* Enter interactive session. */
Jan F. Chadima 69dd72 
 	s->ptymaster = ptymaster;
Jan F. Chadima 69dd72 
 	packet_set_interactive(1,
Jan F. Chadima 69dd72 
@@ -813,15 +821,19 @@ do_exec(Session *s, const char *command)
Jan F. Chadima 69dd72 
 	}
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 #ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
+	if (s->command != NULL || s->command_handle != -1)
Jan F. Chadima 69dd72 
+		fatal("do_exec: command already set");
Jan F. Chadima 69dd72 
 	if (command != NULL)
Jan F. Chadima 69dd72 
-		PRIVSEP(audit_run_command(command));
Jan F. Chadima 69dd72 
+		s->command = xstrdup(command);
Jan F. Chadima 69dd72 
 	else if (s->ttyfd == -1) {
Jan F. Chadima 69dd72 
 		char *shell = s->pw->pw_shell;
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 		if (shell[0] == '\0')	/* empty shell means /bin/sh */
Jan F. Chadima 69dd72 
 			shell =_PATH_BSHELL;
Jan F. Chadima 69dd72 
-		PRIVSEP(audit_run_command(shell));
Jan F. Chadima 69dd72 
+		s->command = xstrdup(shell);
Jan F. Chadima 69dd72 
 	}
Jan F. Chadima 69dd72 
+	if (s->command != NULL)
Jan F. Chadima 69dd72 
+		s->command_handle = PRIVSEP(audit_run_command(s->command));
Jan F. Chadima 69dd72 
 #endif
Jan F. Chadima 69dd72 
 	if (s->ttyfd != -1)
Jan F. Chadima 69dd72 
 		ret = do_exec_pty(s, command);
Jan F. Chadima 69dd72 
@@ -1848,6 +1860,7 @@ session_unused(int id)
Jan F. Chadima 69dd72 
 	sessions[id].ttyfd = -1;
Jan F. Chadima 69dd72 
 	sessions[id].ptymaster = -1;
Jan F. Chadima 69dd72 
 	sessions[id].x11_chanids = NULL;
Jan F. Chadima 69dd72 
+	sessions[id].command_handle = -1;
Jan F. Chadima 69dd72 
 	sessions[id].next_unused = sessions_first_unused;
Jan F. Chadima 69dd72 
 	sessions_first_unused = id;
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72 
@@ -1930,6 +1943,19 @@ session_open(Authctxt *authctxt, int cha
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 Session *
Jan F. Chadima 69dd72 
+session_by_id(int id)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	if (id >= 0 && id < sessions_nalloc) {
Jan F. Chadima 69dd72 
+		Session *s = &sessions[id];
Jan F. Chadima 69dd72 
+		if (s->used)
Jan F. Chadima 69dd72 
+			return s;
Jan F. Chadima 69dd72 
+	}
Jan F. Chadima 69dd72 
+	debug("session_by_id: unknown id %d", id);
Jan F. Chadima 69dd72 
+	session_dump();
Jan F. Chadima 69dd72 
+	return NULL;
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+Session *
Jan F. Chadima 69dd72 
 session_by_tty(char *tty)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
 	int i;
Jan F. Chadima 69dd72 
@@ -2455,6 +2481,30 @@ session_exit_message(Session *s, int sta
Jan F. Chadima 69dd72 
 		chan_write_failed(c);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
+#ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
+void
Jan F. Chadima 69dd72 
+session_end_command2(Session *s)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	if (s->command != NULL) {
Jan F. Chadima 69dd72 
+		audit_end_command(s->command_handle, s->command);
Jan F. Chadima 69dd72 
+		xfree(s->command);
Jan F. Chadima 69dd72 
+		s->command = NULL;
Jan F. Chadima 69dd72 
+		s->command_handle = -1;
Jan F. Chadima 69dd72 
+	}
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+static void
Jan F. Chadima 69dd72 
+session_end_command(Session *s)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	if (s->command != NULL) {
Jan F. Chadima 69dd72 
+		PRIVSEP(audit_end_command(s->command_handle, s->command));
Jan F. Chadima 69dd72 
+		xfree(s->command);
Jan F. Chadima 69dd72 
+		s->command = NULL;
Jan F. Chadima 69dd72 
+		s->command_handle = -1;
Jan F. Chadima 69dd72 
+	}
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+#endif
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 void
Jan F. Chadima 69dd72 
 session_close(Session *s)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
@@ -2463,6 +2513,10 @@ session_close(Session *s)
Jan F. Chadima 69dd72 
 	debug("session_close: session %d pid %ld", s->self, (long)s->pid);
Jan F. Chadima 69dd72 
 	if (s->ttyfd != -1)
Jan F. Chadima 69dd72 
 		session_pty_cleanup(s);
Jan F. Chadima 69dd72 
+#ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
+	if (s->command)
Jan F. Chadima 69dd72 
+		session_end_command(s);
Jan F. Chadima 69dd72 
+#endif
Jan F. Chadima 69dd72 
 	if (s->term)
Jan F. Chadima 69dd72 
 		xfree(s->term);
Jan F. Chadima 69dd72 
 	if (s->display)
Jan F. Chadima 69dd72 
@@ -2682,6 +2736,15 @@ do_authenticated2(Authctxt *authctxt)
Jan F. Chadima 69dd72 
 	server_loop2(authctxt);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
+static void
Jan F. Chadima 69dd72 
+do_cleanup_one_session(Session *s)
Jan F. Chadima 69dd72 
+{
Jan F. Chadima 69dd72 
+	session_pty_cleanup2(s);
Jan F. Chadima 69dd72 
+#ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
+	session_end_command2(s);
Jan F. Chadima 69dd72 
+#endif
Jan F. Chadima 69dd72 
+}
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
 void
Jan F. Chadima 69dd72 
 do_cleanup(Authctxt *authctxt)
Jan F. Chadima 69dd72 
 {
Jan F. Chadima 69dd72 
@@ -2730,5 +2793,5 @@ do_cleanup(Authctxt *authctxt)
Jan F. Chadima 69dd72 
 	 * or if running in monitor.
Jan F. Chadima 69dd72 
 	 */
Jan F. Chadima 69dd72 
 	if (!use_privsep || mm_is_monitor())
Jan F. Chadima 69dd72 
-		session_destroy_all(session_pty_cleanup2);
Jan F. Chadima 69dd72 
+		session_destroy_all(do_cleanup_one_session);
Jan F. Chadima 69dd72 
 }
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/session.h.audit1 openssh-5.9p0/session.h
Jan F. Chadima 69dd72 
--- openssh-5.9p0/session.h.audit1	2008-05-19 07:34:50.000000000 +0200
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/session.h	2011-08-30 10:46:58.884024597 +0200
Jan F. Chadima 69dd72 
@@ -60,6 +60,12 @@ struct Session {
Jan F. Chadima 69dd72 
 		char	*name;
Jan F. Chadima 69dd72 
 		char	*val;
Jan F. Chadima 69dd72 
 	} *env;
Jan F. Chadima 69dd72 
+
Jan F. Chadima 69dd72 
+	/* exec */
Jan F. Chadima 69dd72 
+#ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
+	int	command_handle;
Jan F. Chadima 69dd72 
+	char	*command;
Jan F. Chadima 69dd72 
+#endif
Jan F. Chadima 69dd72 
 };
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 void	 do_authenticated(Authctxt *);
Jan F. Chadima 69dd72 
@@ -72,8 +78,10 @@ void	 session_close_by_pid(pid_t, int);
Jan F. Chadima 69dd72 
 void	 session_close_by_channel(int, void *);
Jan F. Chadima 69dd72 
 void	 session_destroy_all(void (*)(Session *));
Jan F. Chadima 69dd72 
 void	 session_pty_cleanup2(Session *);
Jan F. Chadima 69dd72 
+void	 session_end_command2(Session *);
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
 Session	*session_new(void);
Jan F. Chadima 69dd72 
+Session *session_by_id(int);
Jan F. Chadima 69dd72 
 Session	*session_by_tty(char *);
Jan F. Chadima 69dd72 
 void	 session_close(Session *);
Jan F. Chadima 69dd72 
 void	 do_setusercontext(struct passwd *);
Jan F. Chadima 69dd72 
diff -up openssh-5.9p0/sshd.c.audit1 openssh-5.9p0/sshd.c
Jan F. Chadima 69dd72 
--- openssh-5.9p0/sshd.c.audit1	2011-06-23 11:45:51.000000000 +0200
Jan F. Chadima 69dd72 
+++ openssh-5.9p0/sshd.c	2011-08-30 10:46:59.009025421 +0200
Jan F. Chadima 69dd72 
@@ -2364,7 +2364,8 @@ cleanup_exit(int i)
Jan F. Chadima 69dd72 
 		do_cleanup(the_authctxt);
Jan F. Chadima 69dd72 
 #ifdef SSH_AUDIT_EVENTS
Jan F. Chadima 69dd72 
 	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
Jan F. Chadima 69dd72 
-	if (!use_privsep || mm_is_monitor())
Jan F. Chadima 69dd72 
+	if ((the_authctxt == NULL || !the_authctxt->authenticated) &&
Jan F. Chadima 69dd72 
+	    (!use_privsep || mm_is_monitor()))
Jan F. Chadima 69dd72 
 		audit_event(SSH_CONNECTION_ABANDON);
Jan F. Chadima 69dd72 
 #endif
Jan F. Chadima 69dd72 
 	_exit(i);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation