From 1732b09b935860959eeae8d9c5d5f88f59505725 Mon Sep 17 00:00:00 2001 From: Jan F Date: Feb 23 2011 09:23:28 +0000 Subject: another audit improovements --- diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch index d4020d3..055ee19 100644 --- a/openssh-5.8p1-audit1.patch +++ b/openssh-5.8p1-audit1.patch @@ -1,6 +1,55 @@ +diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:45:05.000000000 +0100 +@@ -305,6 +305,12 @@ audit_run_command(const char *command) + } + + void ++audit_end_command(const char *command) ++{ ++ /* not implemented */ ++} ++ ++void + audit_session_open(struct logininfo *li) + { + /* not implemented */ +diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-23 09:45:05.000000000 +0100 +@@ -182,5 +182,18 @@ audit_run_command(const char *command) + debug("audit run command euid %d user %s command '%.200s'", geteuid(), + audit_username(), command); + } ++ ++/* ++ * This will be called when the non-interactive command finishes. Note that ++ * it may be called multiple times for a single connection since SSH2 allows ++ * multiple sessions within a single connection. ++ */ ++void ++audit_end_command(const char *command) ++{ ++ debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(), ++ audit_username(), command); ++} ++ + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-23 09:45:05.000000000 +0100 +@@ -52,6 +52,7 @@ void audit_event(ssh_audit_event_t); + void audit_session_open(struct logininfo *); + void audit_session_close(struct logininfo *); + void audit_run_command(const char *); ++void audit_end_command(const char *); + ssh_audit_event_t audit_classify_auth(const char *); + + #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c --- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 20:01:00.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-23 09:46:43.000000000 +0100 @@ -35,13 +35,20 @@ #include "log.h" @@ -40,7 +89,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c NULL, "login", username ? username : "(unknown)", username == NULL ? uid : -1, hostname, ip, ttyn, success); saved_errno = errno; -@@ -65,35 +72,102 @@ linux_audit_record_event(int uid, const +@@ -65,35 +72,112 @@ linux_audit_record_event(int uid, const if ((rc == -EPERM) && (geteuid() != 0)) rc = 0; errno = saved_errno; @@ -118,11 +167,21 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c audit_run_command(const char *command) { - /* not implemented */ -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), -+ NULL, "ssh", 1, AUDIT_USER_START); + if (!user_login_count++) + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_LOGIN); ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_START); ++} ++ ++void ++audit_end_command(const char *command) ++{ ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_END); ++ if (!--user_login_count) ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_LOGOUT); } void @@ -131,11 +190,11 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c - if (linux_audit_record_event(li->uid, NULL, li->hostname, - NULL, li->line, 1) == 0) - fatal("linux_audit_write_entry failed: %s", strerror(errno)); -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, -+ NULL, li->line, 1, AUDIT_USER_START); + if (!user_login_count++) + linux_audit_user_logxxx(li->uid, NULL, li->hostname, + NULL, li->line, 1, AUDIT_USER_LOGIN); ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_START); } void @@ -150,7 +209,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c } void -@@ -101,21 +175,34 @@ audit_event(ssh_audit_event_t event) +@@ -101,21 +185,43 @@ audit_event(ssh_audit_event_t event) { switch(event) { case SSH_AUTH_SUCCESS: @@ -180,6 +239,15 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c + break; + + case SSH_CONNECTION_CLOSE: ++ if (user_login_count) { ++ while (user_login_count--) ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_END); ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_LOGOUT); ++ } ++ break; ++ + case SSH_CONNECTION_ABANDON: case SSH_INVALID_USER: - linux_audit_record_event(-1, audit_username(), NULL, @@ -189,3 +257,147 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c break; default: +diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit1 2010-09-10 03:23:34.000000000 +0200 ++++ openssh-5.8p1/monitor.c 2011-02-23 09:45:05.000000000 +0100 +@@ -177,6 +177,7 @@ int mm_answer_gss_checkmic(int, Buffer * + #ifdef SSH_AUDIT_EVENTS + int mm_answer_audit_event(int, Buffer *); + int mm_answer_audit_command(int, Buffer *); ++int mm_answer_audit_end_command(int, Buffer *); + #endif + + static Authctxt *authctxt; +@@ -261,6 +262,7 @@ struct mon_table mon_dispatch_postauth20 + #ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, ++ {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, + #endif + {0, 0, NULL} + }; +@@ -303,6 +305,7 @@ struct mon_table mon_dispatch_postauth15 + #ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, ++ {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, + #endif + {0, 0, NULL} + }; +@@ -1618,6 +1621,20 @@ mm_answer_audit_command(int socket, Buff + xfree(cmd); + return (0); + } ++ ++int ++mm_answer_audit_end_command(int socket, Buffer *m) ++{ ++ u_int len; ++ char *cmd; ++ ++ debug3("%s entering", __func__); ++ cmd = buffer_get_string(m, &len); ++ /* sanity check command, if so how? */ ++ audit_end_command(cmd); ++ xfree(cmd); ++ return (0); ++} + #endif /* SSH_AUDIT_EVENTS */ + + void +diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h +--- openssh-5.8p1/monitor.h.audit1 2008-11-05 06:20:46.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-23 09:45:05.000000000 +0100 +@@ -60,6 +60,7 @@ enum monitor_reqtype { + MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, + MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, ++ MONITOR_REQ_AUDIT_END_COMMAND, + MONITOR_REQ_TERM, + MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, + MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, +diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit1 2010-08-31 14:41:14.000000000 +0200 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:45:05.000000000 +0100 +@@ -1163,6 +1163,20 @@ mm_audit_run_command(const char *command + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); + buffer_free(&m); + } ++ ++void ++mm_audit_end_command(const char *command) ++{ ++ Buffer m; ++ ++ debug3("%s entering command %s", __func__, command); ++ ++ buffer_init(&m); ++ buffer_put_cstring(&m, command); ++ ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m); ++ buffer_free(&m); ++} + #endif /* SSH_AUDIT_EVENTS */ + + #ifdef GSSAPI +diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit1 2009-03-05 14:58:22.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:45:05.000000000 +0100 +@@ -74,6 +74,7 @@ void mm_sshpam_free_ctx(void *); + #include "audit.h" + void mm_audit_event(ssh_audit_event_t); + void mm_audit_run_command(const char *); ++void mm_audit_end_command(const char *); + #endif + + struct Session; +diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c +--- openssh-5.8p1/session.c.audit1 2010-12-01 02:02:59.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-23 09:45:05.000000000 +0100 +@@ -809,14 +809,16 @@ do_exec(Session *s, const char *command) + } + + #ifdef SSH_AUDIT_EVENTS +- if (command != NULL) ++ if (command != NULL) { + PRIVSEP(audit_run_command(command)); +- else if (s->ttyfd == -1) { ++ command = xstrdup(command); ++ } else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; + PRIVSEP(audit_run_command(shell)); ++ command = xstrdup(shell); + } + #endif + if (s->ttyfd != -1) +@@ -2456,6 +2458,12 @@ session_close(Session *s) + debug("session_close: session %d pid %ld", s->self, (long)s->pid); + if (s->ttyfd != -1) + session_pty_cleanup(s); ++#ifdef SSH_AUDIT_EVENTS ++ if (s->command) { ++ PRIVSEP(audit_end_command(s->command)); ++ xfree(s->command); ++ } ++#endif + if (s->term) + xfree(s->term); + if (s->display) +diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h +--- openssh-5.8p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200 ++++ openssh-5.8p1/session.h 2011-02-23 09:45:05.000000000 +0100 +@@ -60,6 +60,11 @@ struct Session { + char *name; + char *val; + } *env; ++ ++ /* exec */ ++#ifdef SSH_AUDIT_EVENTS ++ char *command; ++#endif + }; + + void do_authenticated(Authctxt *); diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch index db0940b..e69de29 100644 --- a/openssh-5.8p1-audit1a.patch +++ b/openssh-5.8p1-audit1a.patch @@ -1,15 +0,0 @@ -diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit1a 2011-02-22 14:42:30.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-22 14:47:03.000000000 +0100 -@@ -199,6 +199,11 @@ audit_event(ssh_audit_event_t event) - break; - - case SSH_CONNECTION_CLOSE: -+ if (user_login_count) -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), -+ NULL, "ssh", 1, AUDIT_USER_LOGOUT); -+ break; -+ - case SSH_CONNECTION_ABANDON: - case SSH_INVALID_USER: - linux_audit_user_logxxx(-1, audit_username(), NULL, diff --git a/openssh-5.8p1-audit2.patch b/openssh-5.8p1-audit2.patch index ba0b204..ed3c74b 100644 --- a/openssh-5.8p1-audit2.patch +++ b/openssh-5.8p1-audit2.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit2 2011-01-17 11:15:29.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-22 14:04:27.000000000 +0100 -@@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li +--- openssh-5.8p1/audit-bsm.c.audit2 2011-02-23 07:46:37.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-23 07:46:37.000000000 +0100 +@@ -322,6 +322,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -15,8 +15,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c audit_event(ssh_audit_event_t event) { diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit2 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-22 14:04:27.000000000 +0100 +--- openssh-5.8p1/audit.c.audit2 2011-02-23 07:46:37.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-23 07:47:32.000000000 +0100 @@ -36,6 +36,7 @@ #include "key.h" #include "hostfile.h" @@ -48,11 +48,10 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -182,5 +199,17 @@ audit_run_command(const char *command) - debug("audit run command euid %d user %s command '%.200s'", geteuid(), +@@ -195,5 +212,16 @@ audit_end_command(const char *command) audit_username(), command); } -+ + +/* + * This will be called when user is successfully autherized by the RSA1/RSA/DSA key. + * @@ -62,13 +61,13 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c +audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) +{ + debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", -+ host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); ++ host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, fp, rv); +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit2 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-22 14:04:27.000000000 +0100 +--- openssh-5.8p1/audit.h.audit2 2011-02-23 07:46:37.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-23 07:48:16.000000000 +0100 @@ -28,6 +28,7 @@ # define _SSH_AUDIT_H @@ -77,17 +76,17 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, -@@ -53,5 +54,7 @@ void audit_session_open(struct logininfo - void audit_session_close(struct logininfo *); +@@ -54,5 +55,7 @@ void audit_session_close(struct logininf void audit_run_command(const char *); + void audit_end_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); +int audit_keyusage(int, const char *, unsigned, char *, int); +void audit_key(int, int *, const Key *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit2 2011-02-22 14:04:27.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-22 14:05:28.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit2 2011-02-23 07:46:37.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-23 07:46:37.000000000 +0100 @@ -41,6 +41,8 @@ #include "servconf.h" #include "canohost.h" @@ -115,7 +114,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c + else + return 0; /* Must prevent login */ + } -+ snprintf(buf, sizeof(buf), "%s_auth rport=%d", host_user ? "hostbased" : "pubkey", get_remote_port()); ++ snprintf(buf, sizeof(buf), "%s_auth rport=%d", host_user ? "pubkey" : "hostbased", get_remote_port()); + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); + if ((rc < 0) && ((rc != -1) || (getuid() == 0))) @@ -137,7 +136,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c /* Below is the sshd audit API code */ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c --- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 -+++ openssh-5.8p1/auth2-hostbased.c 2011-02-22 14:04:27.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-02-23 07:46:37.000000000 +0100 @@ -136,6 +136,18 @@ done: return authenticated; } @@ -159,7 +158,7 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c --- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-22 14:04:27.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-23 07:46:37.000000000 +0100 @@ -177,6 +177,18 @@ done: return authenticated; } @@ -181,7 +180,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c { diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 -+++ openssh-5.8p1/auth.h 2011-02-22 14:04:27.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-02-23 07:46:37.000000000 +0100 @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); @@ -200,7 +199,7 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c --- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-22 14:04:27.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-23 07:46:37.000000000 +0100 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU { u_char buf[32], mdbuf[16]; @@ -238,9 +237,9 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c /* diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit2 2010-09-10 03:23:34.000000000 +0200 -+++ openssh-5.8p1/monitor.c 2011-02-22 14:04:27.000000000 +0100 -@@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m) +--- openssh-5.8p1/monitor.c.audit2 2011-02-23 07:46:37.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-23 07:46:37.000000000 +0100 +@@ -1238,7 +1238,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); diff --git a/openssh-5.8p1-audit3.patch b/openssh-5.8p1-audit3.patch index 7683c00..a55a01e 100644 --- a/openssh-5.8p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit3 2011-02-21 20:09:33.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:09:33.000000000 +0100 -@@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event) +--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-23 10:05:33.000000000 +0100 +@@ -389,4 +389,16 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } } @@ -19,8 +19,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit3 2011-02-21 20:09:33.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 20:09:33.000000000 +0100 +--- openssh-5.8p1/audit.c.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-23 10:07:53.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -57,9 +57,9 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -211,5 +226,26 @@ audit_keyusage(int host_user, const char +@@ -223,5 +238,26 @@ audit_keyusage(int host_user, const char debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", - host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); + host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, fp, rv); } + +/* @@ -69,7 +69,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c +audit_unsupported_body(int what) +{ + debug("audit unsupported protocol ieuid %d type %d", geteuid(), what); -+ ++} + +/* + * This will be called on succesfull protocol negotiation. @@ -85,9 +85,9 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit3 2011-02-21 20:09:33.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 20:09:33.000000000 +0100 -@@ -56,5 +56,9 @@ void audit_run_command(const char *); +--- openssh-5.8p1/audit.h.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-23 10:05:33.000000000 +0100 +@@ -57,5 +57,9 @@ void audit_end_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); int audit_keyusage(int, const char *, unsigned, char *, int); void audit_key(int, int *, const Key *); @@ -98,8 +98,8 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit3 2011-02-21 20:09:33.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 20:09:33.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-23 10:05:33.000000000 +0100 @@ -40,6 +40,8 @@ #include "auth.h" #include "servconf.h" @@ -109,7 +109,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c #define AUDIT_LOG_SIZE 128 -@@ -243,4 +245,56 @@ audit_event(ssh_audit_event_t event) +@@ -262,4 +264,56 @@ audit_event(ssh_audit_event_t event) } } @@ -167,8 +167,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit3 2011-02-21 20:09:33.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-21 20:09:33.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-23 10:05:33.000000000 +0100 @@ -0,0 +1,39 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -211,7 +211,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c + diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-23 10:05:33.000000000 +0100 @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); @@ -231,7 +231,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-23 10:05:33.000000000 +0100 @@ -61,7 +61,16 @@ typedef struct Cipher Cipher; typedef struct CipherContext CipherContext; @@ -252,7 +252,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h EVP_CIPHER_CTX evp; diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.c 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-23 10:05:33.000000000 +0100 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "monitor.h" @@ -317,7 +317,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-23 10:05:33.000000000 +0100 @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ @@ -328,8 +328,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit3 2011-02-21 20:09:33.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 20:09:33.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-23 10:05:33.000000000 +0100 @@ -89,6 +89,7 @@ #include "ssh2.h" #include "jpake.h" @@ -338,16 +338,16 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c #ifdef GSSAPI static Gssctxt *gsscontext = NULL; -@@ -177,6 +178,8 @@ int mm_answer_gss_checkmic(int, Buffer * - #ifdef SSH_AUDIT_EVENTS +@@ -178,6 +179,8 @@ int mm_answer_gss_checkmic(int, Buffer * int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_command(int, Buffer *); + int mm_answer_audit_end_command(int, Buffer *); +int mm_answer_audit_unsupported_body(int, Buffer *); +int mm_answer_audit_kex_body(int, Buffer *); #endif static Authctxt *authctxt; -@@ -225,6 +228,8 @@ struct mon_table mon_dispatch_proto20[] +@@ -226,6 +229,8 @@ struct mon_table mon_dispatch_proto20[] #endif #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, @@ -356,16 +356,16 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -261,6 +266,8 @@ struct mon_table mon_dispatch_postauth20 - #ifdef SSH_AUDIT_EVENTS +@@ -263,6 +268,8 @@ struct mon_table mon_dispatch_postauth20 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, #endif {0, 0, NULL} }; -@@ -292,6 +299,8 @@ struct mon_table mon_dispatch_proto15[] +@@ -294,6 +301,8 @@ struct mon_table mon_dispatch_proto15[] #endif #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, @@ -374,16 +374,16 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -303,6 +312,8 @@ struct mon_table mon_dispatch_postauth15 - #ifdef SSH_AUDIT_EVENTS +@@ -306,6 +315,8 @@ struct mon_table mon_dispatch_postauth15 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, + {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, + {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, #endif {0, 0, NULL} }; -@@ -2206,3 +2217,44 @@ mm_answer_jpake_check_confirm(int sock, +@@ -2223,3 +2234,44 @@ mm_answer_jpake_check_confirm(int sock, } #endif /* JPAKE */ @@ -429,9 +429,9 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c + +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-21 20:09:33.000000000 +0100 -@@ -66,6 +66,8 @@ enum monitor_reqtype { +--- openssh-5.8p1/monitor.h.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-23 10:05:33.000000000 +0100 +@@ -67,6 +67,8 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, @@ -441,9 +441,9 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:09:33.000000000 +0100 -@@ -1412,3 +1412,41 @@ mm_jpake_check_confirm(const BIGNUM *k, +--- openssh-5.8p1/monitor_wrap.c.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-23 10:05:33.000000000 +0100 +@@ -1426,3 +1426,41 @@ mm_jpake_check_confirm(const BIGNUM *k, return success; } #endif /* JPAKE */ @@ -486,12 +486,12 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +} +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:09:33.000000000 +0100 -@@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *); - #include "audit.h" +--- openssh-5.8p1/monitor_wrap.h.audit3 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-23 10:05:33.000000000 +0100 +@@ -75,6 +75,8 @@ void mm_sshpam_free_ctx(void *); void mm_audit_event(ssh_audit_event_t); void mm_audit_run_command(const char *); + void mm_audit_end_command(const char *); +void mm_audit_unsupported_body(int); +void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); #endif @@ -499,7 +499,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c --- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-23 10:05:33.000000000 +0100 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index a8108f5..8f25907 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:14:10.000000000 +0100 -@@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char +--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:23:30.000000000 +0100 +@@ -401,4 +401,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ } @@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 20:14:10.000000000 +0100 +--- openssh-5.8p1/audit.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-23 09:23:30.000000000 +0100 @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } @@ -28,7 +28,7 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -247,5 +253,15 @@ audit_kex_body(int ctos, char *enc, char +@@ -259,5 +265,15 @@ audit_kex_body(int ctos, char *enc, char (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, (unsigned)uid); } @@ -45,9 +45,9 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 20:14:10.000000000 +0100 -@@ -60,5 +60,7 @@ void audit_unsupported(int); +--- openssh-5.8p1/audit.h.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-23 09:23:30.000000000 +0100 +@@ -61,5 +61,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); @@ -56,9 +56,9 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 20:14:10.000000000 +0100 -@@ -266,6 +266,8 @@ audit_unsupported_body(int what) +--- openssh-5.8p1/audit-linux.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-23 09:23:30.000000000 +0100 +@@ -281,6 +281,8 @@ audit_unsupported_body(int what) #endif } @@ -67,7 +67,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c void audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid) -@@ -273,7 +275,6 @@ audit_kex_body(int ctos, char *enc, char +@@ -288,7 +290,6 @@ audit_kex_body(int ctos, char *enc, char #ifdef AUDIT_CRYPTO_SESSION char buf[AUDIT_LOG_SIZE]; int audit_fd, audit_ok; @@ -75,7 +75,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c Cipher *cipher = cipher_by_name(enc); snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", -@@ -297,4 +298,30 @@ audit_kex_body(int ctos, char *enc, char +@@ -312,4 +313,30 @@ audit_kex_body(int ctos, char *enc, char #endif } @@ -107,9 +107,18 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-21 20:14:10.000000000 +0100 -@@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac +--- openssh-5.8p1/auditstub.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-23 09:23:30.000000000 +0100 +@@ -27,6 +27,8 @@ + * Red Hat author: Jan F. Chadima + */ + ++#include ++ + void + audit_unsupported(int n) + { +@@ -37,3 +39,12 @@ audit_kex(int ctos, char *enc, char *mac { } @@ -117,9 +126,14 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +audit_session_key_free(int ctos) +{ +} ++ ++void ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) ++{ ++} diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c ---- openssh-5.8p1/kex.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/kex.c 2011-02-21 20:14:10.000000000 +0100 +--- openssh-5.8p1/kex.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-23 09:23:30.000000000 +0100 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -157,7 +171,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c + diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.h 2011-02-21 20:14:10.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-02-23 09:23:30.000000000 +0100 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -169,7 +183,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.8p1/mac.c 2011-02-21 20:14:10.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-23 09:23:30.000000000 +0100 @@ -162,6 +162,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -193,24 +207,24 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c int diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.8p1/mac.h 2011-02-21 20:14:10.000000000 +0100 ++++ openssh-5.8p1/mac.h 2011-02-23 09:23:30.000000000 +0100 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 20:14:10.000000000 +0100 -@@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *) - int mm_answer_audit_command(int, Buffer *); +--- openssh-5.8p1/monitor.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-23 09:23:30.000000000 +0100 +@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer + int mm_answer_audit_end_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); +int mm_answer_audit_session_key_free_body(int, Buffer *); #endif static Authctxt *authctxt; -@@ -230,6 +231,7 @@ struct mon_table mon_dispatch_proto20[] +@@ -231,6 +232,7 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -218,15 +232,15 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -268,6 +270,7 @@ struct mon_table mon_dispatch_postauth20 - {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, +@@ -270,6 +272,7 @@ struct mon_table mon_dispatch_postauth20 + {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, + {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, #endif {0, 0, NULL} }; -@@ -301,6 +304,7 @@ struct mon_table mon_dispatch_proto15[] +@@ -303,6 +306,7 @@ struct mon_table mon_dispatch_proto15[] {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, @@ -234,15 +248,46 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -314,6 +318,7 @@ struct mon_table mon_dispatch_postauth15 - {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, +@@ -317,6 +321,7 @@ struct mon_table mon_dispatch_postauth15 + {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, + {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, #endif {0, 0, NULL} }; -@@ -2257,4 +2262,22 @@ mm_answer_audit_kex_body(int sock, Buffe +@@ -1783,11 +1788,13 @@ mm_get_keystate(struct monitor *pmonitor + + blob = buffer_get_string(&m, &bloblen); + current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); ++ memset(blob, 0, bloblen); + xfree(blob); + + debug3("%s: Waiting for second key", __func__); + blob = buffer_get_string(&m, &bloblen); + current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); ++ memset(blob, 0, bloblen); + xfree(blob); + + /* Now get sequence numbers for the packets */ +@@ -1833,6 +1840,16 @@ mm_get_keystate(struct monitor *pmonitor + } + + buffer_free(&m); ++ ++#ifdef SSH_AUDIT_EVENTS ++ if (compat20) { ++ buffer_init(&m); ++ mm_request_receive_expect(pmonitor->m_sendfd, ++ MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); ++ mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, &m); ++ buffer_free(&m); ++ } ++#endif + } + + +@@ -2274,4 +2291,22 @@ mm_answer_audit_kex_body(int sock, Buffe return 0; } @@ -266,9 +311,9 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-21 20:14:10.000000000 +0100 -@@ -68,6 +68,7 @@ enum monitor_reqtype { +--- openssh-5.8p1/monitor.h.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-23 09:23:30.000000000 +0100 +@@ -69,6 +69,7 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, @@ -277,9 +322,24 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:14:10.000000000 +0100 -@@ -1449,4 +1449,19 @@ mm_audit_kex_body(int ctos, char *cipher +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:23:30.000000000 +0100 +@@ -601,12 +601,14 @@ mm_send_keystate(struct monitor *monitor + fatal("%s: conversion of newkeys failed", __func__); + + buffer_put_string(&m, blob, bloblen); ++ memset(blob, 0, bloblen); + xfree(blob); + + if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) + fatal("%s: conversion of newkeys failed", __func__); + + buffer_put_string(&m, blob, bloblen); ++ memset(blob, 0, bloblen); + xfree(blob); + + packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); +@@ -1463,4 +1465,19 @@ mm_audit_kex_body(int ctos, char *cipher buffer_free(&m); } @@ -300,10 +360,10 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:14:10.000000000 +0100 -@@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t); - void mm_audit_run_command(const char *); +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:23:30.000000000 +0100 +@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); + void mm_audit_end_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); +void mm_audit_session_key_free_body(int, pid_t, uid_t); @@ -312,8 +372,16 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 -+++ openssh-5.8p1/packet.c 2011-02-21 20:14:10.000000000 +0100 -@@ -497,6 +497,7 @@ packet_close(void) ++++ openssh-5.8p1/packet.c 2011-02-23 09:23:30.000000000 +0100 +@@ -60,6 +60,7 @@ + #include + + #include "xmalloc.h" ++#include "audit.h" + #include "buffer.h" + #include "packet.h" + #include "crc32.h" +@@ -497,6 +498,7 @@ packet_close(void) } cipher_cleanup(&active_state->send_context); cipher_cleanup(&active_state->receive_context); @@ -321,15 +389,52 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c } /* Sets remote side protocol flags. */ -@@ -756,6 +757,7 @@ set_newkeys(int mode) +@@ -731,6 +733,23 @@ packet_send1(void) + */ + } + ++static void ++newkeys_destroy_and_free(Newkeys *newkeys) ++{ ++ if (newkeys == NULL) ++ return; ++ ++ xfree(newkeys->enc.name); ++ ++ mac_clear(&newkeys->mac); ++ xfree(newkeys->mac.name); ++ ++ xfree(newkeys->comp.name); ++ ++ newkeys_destroy(newkeys); ++ xfree(newkeys); ++} ++ + void + set_newkeys(int mode) + { +@@ -756,18 +775,9 @@ set_newkeys(int mode) } if (active_state->newkeys[mode] != NULL) { debug("set_newkeys: rekeying"); + audit_session_key_free(mode); cipher_cleanup(cc); - enc = &active_state->newkeys[mode]->enc; - mac = &active_state->newkeys[mode]->mac; -@@ -1912,6 +1914,34 @@ packet_get_newkeys(int mode) +- enc = &active_state->newkeys[mode]->enc; +- mac = &active_state->newkeys[mode]->mac; +- comp = &active_state->newkeys[mode]->comp; +- mac_clear(mac); +- xfree(enc->name); +- xfree(enc->iv); +- xfree(enc->key); +- xfree(mac->name); +- xfree(mac->key); +- xfree(comp->name); +- xfree(active_state->newkeys[mode]); ++ newkeys_destroy_and_free(active_state->newkeys[mode]); + } + active_state->newkeys[mode] = kex_get_newkeys(mode); + if (active_state->newkeys[mode] == NULL) +@@ -1912,6 +1922,55 @@ packet_get_newkeys(int mode) return (void *)active_state->newkeys[mode]; } @@ -347,24 +452,45 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + buffer_free(&state->outgoing_packet); + buffer_free(&state->incoming_packet); + buffer_free(&state->compression_buffer); -+ newkeys_destroy(state->newkeys[MODE_IN]); -+ newkeys_destroy(state->newkeys[MODE_OUT]); ++ newkeys_destroy_and_free(state->newkeys[MODE_IN]); ++ state->newkeys[MODE_IN] = NULL; ++ newkeys_destroy_and_free(state->newkeys[MODE_OUT]); ++ state->newkeys[MODE_OUT] = NULL; + mac_destroy(state->packet_discard_mac); +// TAILQ_HEAD(, packet) outgoing; +// memset(state, 0, sizeof(state)); +} + ++static int ++packet_state_has_keys (const struct session_state *state) ++{ ++ return state != NULL && ++ (state->newkeys[MODE_IN] != NULL || state->newkeys[MODE_OUT] != NULL); ++} ++ +void -+packet_destroy_all(void) ++packet_destroy_all(int privsep) +{ ++ int audit_it; ++ ++ audit_it = packet_state_has_keys (active_state) || ++ packet_state_has_keys (backup_state); + packet_destroy_state(active_state); + packet_destroy_state(backup_state); ++ if (audit_it) { ++#ifdef SSH_AUDIT_EVENTS ++ if (privsep) ++ audit_session_key_free(2); ++ else ++ audit_session_key_free_body(2, getpid(), getuid()); ++#endif ++ } +} + /* * Save the state for the real connection, and use a separate state when * resuming a suspended connection. -@@ -1919,18 +1949,12 @@ packet_get_newkeys(int mode) +@@ -1919,18 +1978,12 @@ packet_get_newkeys(int mode) void packet_backup_state(void) { @@ -384,7 +510,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c } /* -@@ -1947,9 +1971,7 @@ packet_restore_state(void) +@@ -1947,9 +2000,7 @@ packet_restore_state(void) backup_state = active_state; active_state = tmp; active_state->connection_in = backup_state->connection_in; @@ -394,7 +520,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c len = buffer_len(&backup_state->input); if (len > 0) { buf = buffer_ptr(&backup_state->input); -@@ -1957,4 +1979,10 @@ packet_restore_state(void) +@@ -1957,4 +2008,10 @@ packet_restore_state(void) buffer_clear(&backup_state->input); add_recv_bytes(len); } @@ -407,16 +533,16 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 -+++ openssh-5.8p1/packet.h 2011-02-21 20:14:10.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-02-23 09:23:30.000000000 +0100 @@ -125,4 +125,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); -+void packet_destroy_all(void); ++void packet_destroy_all(int); #endif /* PACKET_H */ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4 2011-02-21 20:14:09.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 20:14:10.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit4 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-23 09:23:30.000000000 +0100 @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) return (0); } @@ -426,32 +552,29 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c static void privsep_postauth(Authctxt *authctxt) { -@@ -688,6 +690,10 @@ privsep_postauth(Authctxt *authctxt) +@@ -688,6 +690,9 @@ privsep_postauth(Authctxt *authctxt) verbose("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); buffer_clear(&loginmsg); + newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_IN]); -+ packet_destroy_all(); -+ audit_session_key_free_body(2, getpid(), getuid()); ++ packet_destroy_all(0); monitor_child_postauth(pmonitor); /* NEVERREACHED */ -@@ -1974,6 +1980,8 @@ main(int ac, char **av) +@@ -1974,6 +1979,7 @@ main(int ac, char **av) */ if (use_privsep) { mm_send_keystate(pmonitor); -+ packet_destroy_all(); -+ audit_session_key_free(2); ++ packet_destroy_all(1); exit(0); } -@@ -2026,6 +2034,9 @@ main(int ac, char **av) +@@ -2026,6 +2032,8 @@ main(int ac, char **av) do_authenticated(authctxt); /* The connection has been terminated. */ -+ packet_destroy_all(); -+ audit_session_key_free(2); ++ packet_destroy_all(0); + packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index 7d97e76..65e014e 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:16:34.000000000 +0100 -@@ -401,4 +401,22 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:33:38.000000000 +0100 +@@ -407,4 +407,22 @@ audit_session_key_free_body(int ctos, pi { /* not implemented */ } @@ -25,9 +25,9 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 20:16:34.000000000 +0100 -@@ -263,5 +263,24 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit.c.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-23 09:33:38.000000000 +0100 +@@ -275,5 +275,24 @@ audit_session_key_free_body(int ctos, pi debug("audit session key discard euid %u direction %d from pid %ld uid %u", (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); } @@ -53,8 +53,8 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 20:16:34.000000000 +0100 +--- openssh-5.8p1/audit.h.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-23 09:33:38.000000000 +0100 @@ -48,6 +48,8 @@ enum ssh_audit_event_type { }; typedef enum ssh_audit_event_type ssh_audit_event_t; @@ -64,7 +64,7 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h void audit_connection_from(const char *, int); void audit_event(ssh_audit_event_t); void audit_session_open(struct logininfo *); -@@ -62,5 +64,7 @@ void audit_unsupported_body(int); +@@ -63,5 +65,7 @@ void audit_unsupported_body(int); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void audit_session_key_free(int ctos); void audit_session_key_free_body(int ctos, pid_t, uid_t); @@ -73,21 +73,12 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 20:16:34.000000000 +0100 -@@ -317,6 +317,31 @@ audit_session_key_free_body(int ctos, pi - return; - } - audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, -+ buf, NULL, -+ listening_for_clients() ? NULL : get_remote_ipaddr(), -+ NULL, 1); -+ audit_close(audit_fd); -+ /* do not abort if the error is EPERM and sshd is run as non root user */ -+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) -+ error("cannot write into audit"); -+} -+ +--- openssh-5.8p1/audit-linux.c.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-23 09:33:38.000000000 +0100 +@@ -339,4 +339,50 @@ audit_session_key_free_body(int ctos, pi + error("cannot write into audit"); + } + +void +audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) +{ @@ -104,13 +95,15 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c + return; + } + audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, - buf, NULL, get_remote_ipaddr(), NULL, 1); - audit_close(audit_fd); - /* do not abort if the error is EPERM and sshd is run as non root user */ -@@ -324,4 +349,25 @@ audit_session_key_free_body(int ctos, pi - error("cannot write into audit"); - } - ++ buf, NULL, ++ listening_for_clients() ? NULL : get_remote_ipaddr(), ++ NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ error("cannot write into audit"); ++} ++ +void +audit_generate_ephemeral_server_key(const char *fp) +{ @@ -135,7 +128,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c --- openssh-5.8p1/key.c.audit5 2011-02-04 01:48:34.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-23 09:33:38.000000000 +0100 @@ -1769,6 +1769,30 @@ key_demote(const Key *k) } @@ -169,7 +162,7 @@ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c if (k == NULL) diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h --- openssh-5.8p1/key.h.audit5 2010-11-05 00:19:49.000000000 +0100 -+++ openssh-5.8p1/key.h 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-02-23 09:33:38.000000000 +0100 @@ -106,6 +106,7 @@ Key *key_generate(int, u_int); Key *key_from_private(const Key *); int key_type_from_name(char *); @@ -179,9 +172,9 @@ diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h int key_to_certified(Key *, int); int key_drop_cert(Key *); diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 20:16:34.000000000 +0100 -@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer +--- openssh-5.8p1/monitor.c.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-23 09:33:38.000000000 +0100 +@@ -182,6 +182,7 @@ int mm_answer_audit_end_command(int, Buf int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); int mm_answer_audit_session_key_free_body(int, Buffer *); @@ -189,7 +182,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif static Authctxt *authctxt; -@@ -232,6 +233,7 @@ struct mon_table mon_dispatch_proto20[] +@@ -233,6 +234,7 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -197,7 +190,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -271,6 +273,7 @@ struct mon_table mon_dispatch_postauth20 +@@ -273,6 +275,7 @@ struct mon_table mon_dispatch_postauth20 {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -205,7 +198,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -305,6 +308,7 @@ struct mon_table mon_dispatch_proto15[] +@@ -307,6 +310,7 @@ struct mon_table mon_dispatch_proto15[] {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -213,7 +206,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -319,6 +323,7 @@ struct mon_table mon_dispatch_postauth15 +@@ -322,6 +326,7 @@ struct mon_table mon_dispatch_postauth15 {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -221,7 +214,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2280,4 +2285,24 @@ mm_answer_audit_session_key_free_body(in +@@ -2309,4 +2314,24 @@ mm_answer_audit_session_key_free_body(in mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); return 0; } @@ -247,9 +240,9 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-21 20:16:34.000000000 +0100 -@@ -69,6 +69,7 @@ enum monitor_reqtype { +--- openssh-5.8p1/monitor.h.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-23 09:33:38.000000000 +0100 +@@ -70,6 +70,7 @@ enum monitor_reqtype { MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, @@ -258,9 +251,9 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:16:34.000000000 +0100 -@@ -1464,4 +1464,20 @@ mm_audit_session_key_free_body(int ctos, +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:33:38.000000000 +0100 +@@ -1480,4 +1480,20 @@ mm_audit_session_key_free_body(int ctos, &m); buffer_free(&m); } @@ -282,9 +275,9 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:16:34.000000000 +0100 -@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:33:38.000000000 +0100 +@@ -78,6 +78,7 @@ void mm_audit_end_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void mm_audit_session_key_free_body(int, pid_t, uid_t); @@ -293,8 +286,8 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-21 20:16:34.000000000 +0100 +--- openssh-5.8p1/session.c.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-23 09:33:38.000000000 +0100 @@ -132,7 +132,7 @@ extern int log_stderr; extern int debug_flag; extern u_int utmp_len; @@ -304,7 +297,7 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c extern Buffer loginmsg; /* original command from peer. */ -@@ -1614,7 +1614,7 @@ do_child(Session *s, const char *command +@@ -1616,7 +1616,7 @@ do_child(Session *s, const char *command int r = 0; /* remove hostkey from the child's memory */ @@ -314,8 +307,8 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5 2011-02-21 20:16:34.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 20:16:34.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit5 2011-02-23 09:33:38.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-23 09:33:38.000000000 +0100 @@ -253,7 +253,7 @@ Buffer loginmsg; struct passwd *privsep_pw = NULL; @@ -429,7 +422,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c } /* Certs do not need demotion */ } -@@ -1120,6 +1170,7 @@ server_accept_loop(int *sock_in, int *so +@@ -1119,6 +1169,7 @@ server_accept_loop(int *sock_in, int *so if (received_sigterm) { logit("Received signal %d; terminating.", (int) received_sigterm); @@ -437,7 +430,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c close_listen_socks(); unlink(options.pid_file); exit(255); -@@ -2024,7 +2075,7 @@ main(int ac, char **av) +@@ -2022,7 +2073,7 @@ main(int ac, char **av) privsep_postauth(authctxt); /* the monitor process [priv] will not return */ if (!compat20) @@ -446,7 +439,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c } packet_set_timeout(options.client_alive_interval, -@@ -2264,7 +2315,7 @@ do_ssh1_kex(void) +@@ -2261,7 +2312,7 @@ do_ssh1_kex(void) session_id[i] = session_key[i] ^ session_key[i + 16]; } /* Destroy the private and public keys. No longer. */ @@ -455,13 +448,27 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c if (use_privsep) mm_ssh1_session_id(session_id); -@@ -2356,6 +2407,9 @@ cleanup_exit(int i) +@@ -2351,8 +2402,23 @@ do_ssh2_kex(void) + void + cleanup_exit(int i) { ++ static int in_cleanup; ++ ++ int is_privsep_child; ++ ++ /* cleanup_exit can be called at the very least from the privsep ++ wrappers used for auditing. Make sure we don't recurse ++ indefinitely. */ ++ if (in_cleanup) ++ _exit(i); ++ in_cleanup = 1; ++ if (the_authctxt) do_cleanup(the_authctxt); ++ is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor(); + if (sensitive_data.host_keys != NULL) -+ destroy_sensitive_data(use_privsep && pmonitor != NULL && -+ !mm_is_monitor()); ++ destroy_sensitive_data(is_privsep_child); ++ packet_destroy_all(is_privsep_child); #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ if (!use_privsep || mm_is_monitor()) diff --git a/openssh.spec b/openssh.spec index f2bb20d..fa78bbf 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 6 +%define openssh_rel 7 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -616,7 +616,7 @@ fi %endif %changelog -* Tue Feb 22 2011 Jan F. Chadima - 5.8p1-6 + 0.9.2-30 +* Wed Feb 23 2011 Jan F. Chadima - 5.8p1-7 + 0.9.2-30 - another audit improovements * Thu Feb 17 2011 Jan F. Chadima - 5.8p1-4 + 0.9.2-30