From 9b05c6d476518b96e5a9e98969951ad4b9dc973d Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Jan 22 2018 11:58:09 +0000 Subject: USER_AUTH: Remove bogus rport, add required grantors --- diff --git a/openssh-7.6p1-audit.patch b/openssh-7.6p1-audit.patch index 6d1012c..fc370a6 100644 --- a/openssh-7.6p1-audit.patch +++ b/openssh-7.6p1-audit.patch @@ -435,7 +435,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c + else + return 0; /* Must prevent login */ + } -+ snprintf(buf, sizeof(buf), "%s_auth rport=%d", host_user ? "pubkey" : "hostbased", ssh_remote_port(active_state)); ++ snprintf(buf, sizeof(buf), "%s_auth grantors=auth-key", host_user ? "pubkey" : "hostbased"); + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + buf, audit_username(), -1, NULL, ssh_remote_ipaddr(active_state), NULL, rv); + if ((rc < 0) && ((rc != -1) || (getuid() == 0)))