From 9cefae06b087e176e3f37f8125041478677bc753 Mon Sep 17 00:00:00 2001 From: Jan F Date: Feb 21 2011 18:33:56 +0000 Subject: another audit improovements --- diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch new file mode 100644 index 0000000..f152972 --- /dev/null +++ b/openssh-5.8p1-audit1a.patch @@ -0,0 +1,127 @@ +diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit1a 2011-02-21 18:14:37.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 18:17:33.000000000 +0100 +@@ -35,13 +35,20 @@ + + #include "log.h" + #include "audit.h" ++#include "key.h" ++#include "hostfile.h" ++#include "auth.h" ++#include "servconf.h" + #include "canohost.h" + ++extern ServerOptions options; ++extern Authctxt *the_authctxt; ++extern u_int utmp_len; + const char* audit_username(void); + + static void +-linux_audit_user_login(int uid, const char *username, +- const char *hostname, const char *ip, const char *ttyn, int success) ++linux_audit_user_logxxx(int uid, const char *username, ++ const char *hostname, const char *ip, const char *ttyn, int success, int event) + { + int audit_fd, rc, saved_errno; + +@@ -53,7 +60,7 @@ linux_audit_user_login(int uid, const ch + else + goto fatal_report; /* Must prevent login */ + } +- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, ++ rc = audit_log_acct_message(audit_fd, event, + NULL, "login", username ? username : "(unknown)", + username == NULL ? uid : -1, hostname, ip, ttyn, success); + saved_errno = errno; +@@ -77,19 +84,19 @@ linux_audit_user_auth(int uid, const cha + { + int audit_fd, rc, saved_errno; + static const char *event_name[] = { +- "exceed maxtries", ++ "maxtries exceeded", + "root denied", + "success", + "none", +- "pasword", +- "chalenge-response", ++ "password", ++ "challenge-response", + "pubkey", + "hostbased", + "gssapi", + "invalid user", + "nologin", +- "connection close", +- "connection abandon", ++ "connection closed", ++ "connection abandoned", + "unknown" + }; + +@@ -123,6 +130,8 @@ fatal_report: + } + } + ++static int user_login_count = 0; ++ + /* Below is the sshd audit API code */ + + void +@@ -134,20 +143,31 @@ audit_connection_from(const char *host, + void + audit_run_command(const char *command) + { +- /* not implemented */ ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_START); ++ if (!user_login_count++) ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_LOGIN); + } + + void + audit_session_open(struct logininfo *li) + { +- linux_audit_user_login(li->uid, NULL, li->hostname, +- NULL, li->line, 1); ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_START); ++ if (!user_login_count++) ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_LOGIN); + } + + void + audit_session_close(struct logininfo *li) + { +- /* not implemented */ ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_END); ++ if (!--user_login_count) ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_LOGOUT); + } + + void +@@ -163,8 +183,8 @@ audit_event(ssh_audit_event_t event) + case SSH_LOGIN_ROOT_DENIED: + linux_audit_user_auth(-1, audit_username(), NULL, + get_remote_ipaddr(), "sshd", 0, event); +- linux_audit_user_login(-1, audit_username(), NULL, +- get_remote_ipaddr(), "sshd", 0); ++ linux_audit_user_logxxx(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); + break; + + case SSH_LOGIN_EXCEED_MAXTRIES: +@@ -181,8 +201,8 @@ audit_event(ssh_audit_event_t event) + case SSH_CONNECTION_CLOSE: + case SSH_CONNECTION_ABANDON: + case SSH_INVALID_USER: +- linux_audit_user_login(-1, audit_username(), NULL, +- get_remote_ipaddr(), "sshd", 0); ++ linux_audit_user_logxxx(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); + break; + + default: diff --git a/openssh-5.8p1-audit2.patch b/openssh-5.8p1-audit2.patch index a21b000..83b556f 100644 --- a/openssh-5.8p1-audit2.patch +++ b/openssh-5.8p1-audit2.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c --- openssh-5.8p1/audit-bsm.c.audit2 2011-01-17 11:15:29.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:21:20.000000000 +0100 @@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -16,7 +16,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c { diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c --- openssh-5.8p1/audit.c.audit2 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 18:21:21.000000000 +0100 @@ -111,6 +111,33 @@ audit_event_lookup(ssh_audit_event_t ev) return(event_lookup[i].name); } @@ -71,7 +71,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h --- openssh-5.8p1/audit.h.audit2 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 18:21:21.000000000 +0100 @@ -28,6 +28,7 @@ # define _SSH_AUDIT_H @@ -89,18 +89,18 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit2 2011-02-16 23:29:26.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-16 23:31:08.000000000 +0100 -@@ -37,6 +37,8 @@ - #include "audit.h" +--- openssh-5.8p1/audit-linux.c.audit2 2011-02-21 18:21:20.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 18:21:56.000000000 +0100 +@@ -41,6 +41,8 @@ + #include "servconf.h" #include "canohost.h" +#define AUDIT_LOG_SIZE 128 + - const char* audit_username(void); - - static void -@@ -123,6 +125,37 @@ fatal_report: + extern ServerOptions options; + extern Authctxt *the_authctxt; + extern u_int utmp_len; +@@ -130,6 +132,37 @@ fatal_report: } } @@ -135,12 +135,12 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c + return (rc >= 0) || ((rc == -EPERM) && (getuid() != 0)); +} + - /* Below is the sshd audit API code */ + static int user_login_count = 0; - void + /* Below is the sshd audit API code */ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c --- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 -+++ openssh-5.8p1/auth2-hostbased.c 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-02-21 18:21:21.000000000 +0100 @@ -136,6 +136,18 @@ done: return authenticated; } @@ -162,7 +162,7 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c --- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 18:21:21.000000000 +0100 @@ -177,6 +177,18 @@ done: return authenticated; } @@ -184,7 +184,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c { diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 -+++ openssh-5.8p1/auth.h 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-02-21 18:21:21.000000000 +0100 @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); @@ -203,7 +203,7 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c --- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-21 18:21:21.000000000 +0100 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU { u_char buf[32], mdbuf[16]; @@ -242,7 +242,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c /* diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c --- openssh-5.8p1/monitor.c.audit2 2010-09-10 03:23:34.000000000 +0200 -+++ openssh-5.8p1/monitor.c 2011-02-16 23:29:26.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 18:21:21.000000000 +0100 @@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); diff --git a/openssh-5.8p1-audit2a.patch b/openssh-5.8p1-audit2a.patch index df48c4d..cfd11af 100644 --- a/openssh-5.8p1-audit2a.patch +++ b/openssh-5.8p1-audit2a.patch @@ -1,6 +1,23 @@ +diff -up openssh-5.8p1/acss.c.audit2a openssh-5.8p1/acss.c +diff -up openssh-5.8p1/acss.h.audit2a openssh-5.8p1/acss.h +diff -up openssh-5.8p1/addrmatch.c.audit2a openssh-5.8p1/addrmatch.c +diff -up openssh-5.8p1/atomicio.c.audit2a openssh-5.8p1/atomicio.c +diff -up openssh-5.8p1/atomicio.h.audit2a openssh-5.8p1/atomicio.h +diff -up openssh-5.8p1/audit-bsm.c.audit2a openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit2a 2011-02-21 16:17:09.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 16:20:57.000000000 +0100 +@@ -317,7 +317,7 @@ audit_session_close(struct logininfo *li + } + + int +-audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) + { + /* not implemented */ + } diff -up openssh-5.8p1/audit.c.audit2a openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit2a 2011-02-17 15:05:55.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-17 15:06:13.000000000 +0100 +--- openssh-5.8p1/audit.c.audit2a 2011-02-21 16:17:09.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 16:23:39.000000000 +0100 @@ -36,6 +36,7 @@ #include "key.h" #include "hostfile.h" @@ -9,3 +26,293 @@ diff -up openssh-5.8p1/audit.c.audit2a openssh-5.8p1/audit.c /* * Care must be taken when using this since it WILL NOT be initialized when +@@ -111,29 +112,18 @@ audit_event_lookup(ssh_audit_event_t ev) + return(event_lookup[i].name); + } + +-int +-audit_key(int type, int *rv, const Key *key) ++void ++audit_key(int host_user, int *rv, const Key *key) + { + char *fp; +- unsigned size = 0; +- const char *crypto_name[] = { +- "ssh-rsa1", +- "ssh-rsa", +- "ssh-dsa", +- "unknown" }; ++ const char *crypto_name; + + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); +- switch(key->type) { +- case KEY_RSA1: +- case KEY_RSA: +- size = RSA_size(key->rsa); +- break; +- case KEY_DSA: +- size = DSA_size(key->dsa); +- break; +- } +- +- if (audit_keyusage(0, crypto_name[key->type], size, fp, *rv) == 0) ++ if (key->type == KEY_RSA1) ++ crypto_name = "ssh-rsa1"; ++ else ++ crypto_name = key_ssh_name(key); ++ if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0) + *rv = 0; + xfree(fp); + } +@@ -216,10 +206,10 @@ audit_run_command(const char *command) + * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key. + */ + int +-audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) + { + debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", +- host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv); ++ host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); + } + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/audit.h.audit2a openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit2a 2011-02-21 16:17:09.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 16:24:27.000000000 +0100 +@@ -55,6 +55,6 @@ void audit_session_close(struct logininf + void audit_run_command(const char *); + ssh_audit_event_t audit_classify_auth(const char *); + int audit_keyusage(int, const char *, unsigned, char *, int); +-int audit_key(int, int *, const Key *); ++void audit_key(int, int *, const Key *); + + #endif /* _SSH_AUDIT_H */ +diff -up openssh-5.8p1/audit-linux.c.audit2a openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit2a 2011-02-21 16:17:09.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 16:21:19.000000000 +0100 +@@ -129,7 +129,7 @@ fatal_report: + } + + int +-audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) + { + char buf[AUDIT_LOG_SIZE]; + int audit_fd, rc, saved_errno; +@@ -148,7 +148,7 @@ audit_keyusage(int host_user, const char + if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + goto out; + snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d", +- type, 8 * len, fp, get_remote_port()); ++ type, bits, fp, get_remote_port()); + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); + out: +diff -up openssh-5.8p1/auth1.c.audit2a openssh-5.8p1/auth1.c +diff -up openssh-5.8p1/auth2.c.audit2a openssh-5.8p1/auth2.c +diff -up openssh-5.8p1/auth2-chall.c.audit2a openssh-5.8p1/auth2-chall.c +diff -up openssh-5.8p1/auth2-gss.c.audit2a openssh-5.8p1/auth2-gss.c +diff -up openssh-5.8p1/auth2-hostbased.c.audit2a openssh-5.8p1/auth2-hostbased.c +diff -up openssh-5.8p1/auth2-jpake.c.audit2a openssh-5.8p1/auth2-jpake.c +diff -up openssh-5.8p1/auth2-kbdint.c.audit2a openssh-5.8p1/auth2-kbdint.c +diff -up openssh-5.8p1/auth2-none.c.audit2a openssh-5.8p1/auth2-none.c +diff -up openssh-5.8p1/auth2-passwd.c.audit2a openssh-5.8p1/auth2-passwd.c +diff -up openssh-5.8p1/auth2-pubkey.c.audit2a openssh-5.8p1/auth2-pubkey.c +diff -up openssh-5.8p1/auth-bsdauth.c.audit2a openssh-5.8p1/auth-bsdauth.c +diff -up openssh-5.8p1/auth.c.audit2a openssh-5.8p1/auth.c +diff -up openssh-5.8p1/auth-chall.c.audit2a openssh-5.8p1/auth-chall.c +diff -up openssh-5.8p1/authfd.c.audit2a openssh-5.8p1/authfd.c +diff -up openssh-5.8p1/authfd.h.audit2a openssh-5.8p1/authfd.h +diff -up openssh-5.8p1/authfile.c.audit2a openssh-5.8p1/authfile.c +diff -up openssh-5.8p1/authfile.h.audit2a openssh-5.8p1/authfile.h +diff -up openssh-5.8p1/auth.h.audit2a openssh-5.8p1/auth.h +diff -up openssh-5.8p1/auth-krb5.c.audit2a openssh-5.8p1/auth-krb5.c +diff -up openssh-5.8p1/auth-options.c.audit2a openssh-5.8p1/auth-options.c +diff -up openssh-5.8p1/auth-options.h.audit2a openssh-5.8p1/auth-options.h +diff -up openssh-5.8p1/auth-pam.c.audit2a openssh-5.8p1/auth-pam.c +diff -up openssh-5.8p1/auth-pam.h.audit2a openssh-5.8p1/auth-pam.h +diff -up openssh-5.8p1/auth-passwd.c.audit2a openssh-5.8p1/auth-passwd.c +diff -up openssh-5.8p1/auth-rhosts.c.audit2a openssh-5.8p1/auth-rhosts.c +diff -up openssh-5.8p1/auth-rh-rsa.c.audit2a openssh-5.8p1/auth-rh-rsa.c +diff -up openssh-5.8p1/auth-rsa.c.audit2a openssh-5.8p1/auth-rsa.c +--- openssh-5.8p1/auth-rsa.c.audit2a 2011-02-21 16:17:09.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-21 16:25:17.000000000 +0100 +@@ -120,7 +120,7 @@ auth_rsa_verify_response(Key *key, BIGNU + + #ifdef SSH_AUDIT_EVENTS + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); +- if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) { ++ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { + debug("unsuccessful audit"); + rv = 0; + } +diff -up openssh-5.8p1/auth-shadow.c.audit2a openssh-5.8p1/auth-shadow.c +diff -up openssh-5.8p1/auth-sia.c.audit2a openssh-5.8p1/auth-sia.c +diff -up openssh-5.8p1/auth-sia.h.audit2a openssh-5.8p1/auth-sia.h +diff -up openssh-5.8p1/auth-skey.c.audit2a openssh-5.8p1/auth-skey.c +diff -up openssh-5.8p1/bufaux.c.audit2a openssh-5.8p1/bufaux.c +diff -up openssh-5.8p1/bufbn.c.audit2a openssh-5.8p1/bufbn.c +diff -up openssh-5.8p1/bufec.c.audit2a openssh-5.8p1/bufec.c +diff -up openssh-5.8p1/buffer.c.audit2a openssh-5.8p1/buffer.c +diff -up openssh-5.8p1/buffer.h.audit2a openssh-5.8p1/buffer.h +diff -up openssh-5.8p1/canohost.c.audit2a openssh-5.8p1/canohost.c +diff -up openssh-5.8p1/canohost.h.audit2a openssh-5.8p1/canohost.h +diff -up openssh-5.8p1/channels.c.audit2a openssh-5.8p1/channels.c +diff -up openssh-5.8p1/channels.h.audit2a openssh-5.8p1/channels.h +diff -up openssh-5.8p1/cipher-3des1.c.audit2a openssh-5.8p1/cipher-3des1.c +diff -up openssh-5.8p1/cipher-acss.c.audit2a openssh-5.8p1/cipher-acss.c +diff -up openssh-5.8p1/cipher-aes.c.audit2a openssh-5.8p1/cipher-aes.c +diff -up openssh-5.8p1/cipher-bf1.c.audit2a openssh-5.8p1/cipher-bf1.c +diff -up openssh-5.8p1/cipher.c.audit2a openssh-5.8p1/cipher.c +diff -up openssh-5.8p1/cipher-ctr.c.audit2a openssh-5.8p1/cipher-ctr.c +diff -up openssh-5.8p1/cipher.h.audit2a openssh-5.8p1/cipher.h +diff -up openssh-5.8p1/cleanup.c.audit2a openssh-5.8p1/cleanup.c +diff -up openssh-5.8p1/clientloop.c.audit2a openssh-5.8p1/clientloop.c +diff -up openssh-5.8p1/clientloop.h.audit2a openssh-5.8p1/clientloop.h +diff -up openssh-5.8p1/compat.c.audit2a openssh-5.8p1/compat.c +diff -up openssh-5.8p1/compat.h.audit2a openssh-5.8p1/compat.h +diff -up openssh-5.8p1/compress.c.audit2a openssh-5.8p1/compress.c +diff -up openssh-5.8p1/compress.h.audit2a openssh-5.8p1/compress.h +diff -up openssh-5.8p1/crc32.c.audit2a openssh-5.8p1/crc32.c +diff -up openssh-5.8p1/crc32.h.audit2a openssh-5.8p1/crc32.h +diff -up openssh-5.8p1/deattack.c.audit2a openssh-5.8p1/deattack.c +diff -up openssh-5.8p1/deattack.h.audit2a openssh-5.8p1/deattack.h +diff -up openssh-5.8p1/defines.h.audit2a openssh-5.8p1/defines.h +diff -up openssh-5.8p1/dh.c.audit2a openssh-5.8p1/dh.c +diff -up openssh-5.8p1/dh.h.audit2a openssh-5.8p1/dh.h +diff -up openssh-5.8p1/dispatch.c.audit2a openssh-5.8p1/dispatch.c +diff -up openssh-5.8p1/dispatch.h.audit2a openssh-5.8p1/dispatch.h +diff -up openssh-5.8p1/dns.c.audit2a openssh-5.8p1/dns.c +diff -up openssh-5.8p1/dns.h.audit2a openssh-5.8p1/dns.h +diff -up openssh-5.8p1/entropy.c.audit2a openssh-5.8p1/entropy.c +diff -up openssh-5.8p1/entropy.h.audit2a openssh-5.8p1/entropy.h +diff -up openssh-5.8p1/fatal.c.audit2a openssh-5.8p1/fatal.c +diff -up openssh-5.8p1/groupaccess.c.audit2a openssh-5.8p1/groupaccess.c +diff -up openssh-5.8p1/groupaccess.h.audit2a openssh-5.8p1/groupaccess.h +diff -up openssh-5.8p1/gss-genr.c.audit2a openssh-5.8p1/gss-genr.c +diff -up openssh-5.8p1/gss-serv.c.audit2a openssh-5.8p1/gss-serv.c +diff -up openssh-5.8p1/gss-serv-krb5.c.audit2a openssh-5.8p1/gss-serv-krb5.c +diff -up openssh-5.8p1/hostfile.c.audit2a openssh-5.8p1/hostfile.c +diff -up openssh-5.8p1/hostfile.h.audit2a openssh-5.8p1/hostfile.h +diff -up openssh-5.8p1/includes.h.audit2a openssh-5.8p1/includes.h +diff -up openssh-5.8p1/jpake.c.audit2a openssh-5.8p1/jpake.c +diff -up openssh-5.8p1/jpake.h.audit2a openssh-5.8p1/jpake.h +diff -up openssh-5.8p1/kex.c.audit2a openssh-5.8p1/kex.c +diff -up openssh-5.8p1/kexdh.c.audit2a openssh-5.8p1/kexdh.c +diff -up openssh-5.8p1/kexdhc.c.audit2a openssh-5.8p1/kexdhc.c +diff -up openssh-5.8p1/kexdhs.c.audit2a openssh-5.8p1/kexdhs.c +diff -up openssh-5.8p1/kexecdh.c.audit2a openssh-5.8p1/kexecdh.c +diff -up openssh-5.8p1/kexecdhc.c.audit2a openssh-5.8p1/kexecdhc.c +diff -up openssh-5.8p1/kexecdhs.c.audit2a openssh-5.8p1/kexecdhs.c +diff -up openssh-5.8p1/kexgex.c.audit2a openssh-5.8p1/kexgex.c +diff -up openssh-5.8p1/kexgexc.c.audit2a openssh-5.8p1/kexgexc.c +diff -up openssh-5.8p1/kexgexs.c.audit2a openssh-5.8p1/kexgexs.c +diff -up openssh-5.8p1/kex.h.audit2a openssh-5.8p1/kex.h +diff -up openssh-5.8p1/key.c.audit2a openssh-5.8p1/key.c +diff -up openssh-5.8p1/key.h.audit2a openssh-5.8p1/key.h +diff -up openssh-5.8p1/log.c.audit2a openssh-5.8p1/log.c +diff -up openssh-5.8p1/log.h.audit2a openssh-5.8p1/log.h +diff -up openssh-5.8p1/loginrec.c.audit2a openssh-5.8p1/loginrec.c +diff -up openssh-5.8p1/loginrec.h.audit2a openssh-5.8p1/loginrec.h +diff -up openssh-5.8p1/logintest.c.audit2a openssh-5.8p1/logintest.c +diff -up openssh-5.8p1/mac.c.audit2a openssh-5.8p1/mac.c +diff -up openssh-5.8p1/mac.h.audit2a openssh-5.8p1/mac.h +diff -up openssh-5.8p1/match.c.audit2a openssh-5.8p1/match.c +diff -up openssh-5.8p1/match.h.audit2a openssh-5.8p1/match.h +diff -up openssh-5.8p1/md5crypt.c.audit2a openssh-5.8p1/md5crypt.c +diff -up openssh-5.8p1/md5crypt.h.audit2a openssh-5.8p1/md5crypt.h +diff -up openssh-5.8p1/md-sha256.c.audit2a openssh-5.8p1/md-sha256.c +diff -up openssh-5.8p1/misc.c.audit2a openssh-5.8p1/misc.c +diff -up openssh-5.8p1/misc.h.audit2a openssh-5.8p1/misc.h +diff -up openssh-5.8p1/moduli.c.audit2a openssh-5.8p1/moduli.c +diff -up openssh-5.8p1/monitor.c.audit2a openssh-5.8p1/monitor.c +diff -up openssh-5.8p1/monitor_fdpass.c.audit2a openssh-5.8p1/monitor_fdpass.c +diff -up openssh-5.8p1/monitor_fdpass.h.audit2a openssh-5.8p1/monitor_fdpass.h +diff -up openssh-5.8p1/monitor.h.audit2a openssh-5.8p1/monitor.h +diff -up openssh-5.8p1/monitor_mm.c.audit2a openssh-5.8p1/monitor_mm.c +diff -up openssh-5.8p1/monitor_mm.h.audit2a openssh-5.8p1/monitor_mm.h +diff -up openssh-5.8p1/monitor_wrap.c.audit2a openssh-5.8p1/monitor_wrap.c +diff -up openssh-5.8p1/monitor_wrap.h.audit2a openssh-5.8p1/monitor_wrap.h +diff -up openssh-5.8p1/msg.c.audit2a openssh-5.8p1/msg.c +diff -up openssh-5.8p1/msg.h.audit2a openssh-5.8p1/msg.h +diff -up openssh-5.8p1/mux.c.audit2a openssh-5.8p1/mux.c +diff -up openssh-5.8p1/myproposal.h.audit2a openssh-5.8p1/myproposal.h +diff -up openssh-5.8p1/nchan.c.audit2a openssh-5.8p1/nchan.c +diff -up openssh-5.8p1/packet.c.audit2a openssh-5.8p1/packet.c +diff -up openssh-5.8p1/packet.h.audit2a openssh-5.8p1/packet.h +diff -up openssh-5.8p1/pathnames.h.audit2a openssh-5.8p1/pathnames.h +diff -up openssh-5.8p1/pkcs11.h.audit2a openssh-5.8p1/pkcs11.h +diff -up openssh-5.8p1/platform.c.audit2a openssh-5.8p1/platform.c +diff -up openssh-5.8p1/platform.h.audit2a openssh-5.8p1/platform.h +diff -up openssh-5.8p1/progressmeter.c.audit2a openssh-5.8p1/progressmeter.c +diff -up openssh-5.8p1/progressmeter.h.audit2a openssh-5.8p1/progressmeter.h +diff -up openssh-5.8p1/readconf.c.audit2a openssh-5.8p1/readconf.c +diff -up openssh-5.8p1/readconf.h.audit2a openssh-5.8p1/readconf.h +diff -up openssh-5.8p1/readpass.c.audit2a openssh-5.8p1/readpass.c +diff -up openssh-5.8p1/rijndael.c.audit2a openssh-5.8p1/rijndael.c +diff -up openssh-5.8p1/rijndael.h.audit2a openssh-5.8p1/rijndael.h +diff -up openssh-5.8p1/roaming_client.c.audit2a openssh-5.8p1/roaming_client.c +diff -up openssh-5.8p1/roaming_common.c.audit2a openssh-5.8p1/roaming_common.c +diff -up openssh-5.8p1/roaming_dummy.c.audit2a openssh-5.8p1/roaming_dummy.c +diff -up openssh-5.8p1/roaming.h.audit2a openssh-5.8p1/roaming.h +diff -up openssh-5.8p1/roaming_serv.c.audit2a openssh-5.8p1/roaming_serv.c +diff -up openssh-5.8p1/rsa.c.audit2a openssh-5.8p1/rsa.c +diff -up openssh-5.8p1/rsa.h.audit2a openssh-5.8p1/rsa.h +diff -up openssh-5.8p1/schnorr.c.audit2a openssh-5.8p1/schnorr.c +diff -up openssh-5.8p1/schnorr.h.audit2a openssh-5.8p1/schnorr.h +diff -up openssh-5.8p1/scp.c.audit2a openssh-5.8p1/scp.c +diff -up openssh-5.8p1/servconf.c.audit2a openssh-5.8p1/servconf.c +diff -up openssh-5.8p1/servconf.h.audit2a openssh-5.8p1/servconf.h +diff -up openssh-5.8p1/serverloop.c.audit2a openssh-5.8p1/serverloop.c +diff -up openssh-5.8p1/serverloop.h.audit2a openssh-5.8p1/serverloop.h +diff -up openssh-5.8p1/session.c.audit2a openssh-5.8p1/session.c +diff -up openssh-5.8p1/session.h.audit2a openssh-5.8p1/session.h +diff -up openssh-5.8p1/sftp.c.audit2a openssh-5.8p1/sftp.c +diff -up openssh-5.8p1/sftp-client.c.audit2a openssh-5.8p1/sftp-client.c +diff -up openssh-5.8p1/sftp-client.h.audit2a openssh-5.8p1/sftp-client.h +diff -up openssh-5.8p1/sftp-common.c.audit2a openssh-5.8p1/sftp-common.c +diff -up openssh-5.8p1/sftp-common.h.audit2a openssh-5.8p1/sftp-common.h +diff -up openssh-5.8p1/sftp-glob.c.audit2a openssh-5.8p1/sftp-glob.c +diff -up openssh-5.8p1/sftp.h.audit2a openssh-5.8p1/sftp.h +diff -up openssh-5.8p1/sftp-server.c.audit2a openssh-5.8p1/sftp-server.c +diff -up openssh-5.8p1/sftp-server-main.c.audit2a openssh-5.8p1/sftp-server-main.c +diff -up openssh-5.8p1/ssh1.h.audit2a openssh-5.8p1/ssh1.h +diff -up openssh-5.8p1/ssh2.h.audit2a openssh-5.8p1/ssh2.h +diff -up openssh-5.8p1/ssh-add.c.audit2a openssh-5.8p1/ssh-add.c +diff -up openssh-5.8p1/ssh-agent.c.audit2a openssh-5.8p1/ssh-agent.c +diff -up openssh-5.8p1/ssh.c.audit2a openssh-5.8p1/ssh.c +diff -up openssh-5.8p1/sshconnect1.c.audit2a openssh-5.8p1/sshconnect1.c +diff -up openssh-5.8p1/sshconnect2.c.audit2a openssh-5.8p1/sshconnect2.c +diff -up openssh-5.8p1/sshconnect.c.audit2a openssh-5.8p1/sshconnect.c +diff -up openssh-5.8p1/sshconnect.h.audit2a openssh-5.8p1/sshconnect.h +diff -up openssh-5.8p1/sshd.c.audit2a openssh-5.8p1/sshd.c +diff -up openssh-5.8p1/ssh-dss.c.audit2a openssh-5.8p1/ssh-dss.c +diff -up openssh-5.8p1/ssh-ecdsa.c.audit2a openssh-5.8p1/ssh-ecdsa.c +diff -up openssh-5.8p1/ssh-gss.h.audit2a openssh-5.8p1/ssh-gss.h +diff -up openssh-5.8p1/ssh.h.audit2a openssh-5.8p1/ssh.h +diff -up openssh-5.8p1/ssh-keygen.c.audit2a openssh-5.8p1/ssh-keygen.c +diff -up openssh-5.8p1/ssh-keyscan.c.audit2a openssh-5.8p1/ssh-keyscan.c +diff -up openssh-5.8p1/ssh-keysign.c.audit2a openssh-5.8p1/ssh-keysign.c +diff -up openssh-5.8p1/sshlogin.c.audit2a openssh-5.8p1/sshlogin.c +diff -up openssh-5.8p1/sshlogin.h.audit2a openssh-5.8p1/sshlogin.h +diff -up openssh-5.8p1/ssh-pkcs11.c.audit2a openssh-5.8p1/ssh-pkcs11.c +diff -up openssh-5.8p1/ssh-pkcs11-client.c.audit2a openssh-5.8p1/ssh-pkcs11-client.c +diff -up openssh-5.8p1/ssh-pkcs11.h.audit2a openssh-5.8p1/ssh-pkcs11.h +diff -up openssh-5.8p1/ssh-pkcs11-helper.c.audit2a openssh-5.8p1/ssh-pkcs11-helper.c +diff -up openssh-5.8p1/sshpty.c.audit2a openssh-5.8p1/sshpty.c +diff -up openssh-5.8p1/sshpty.h.audit2a openssh-5.8p1/sshpty.h +diff -up openssh-5.8p1/ssh-rand-helper.c.audit2a openssh-5.8p1/ssh-rand-helper.c +diff -up openssh-5.8p1/ssh-rsa.c.audit2a openssh-5.8p1/ssh-rsa.c +diff -up openssh-5.8p1/sshtty.c.audit2a openssh-5.8p1/sshtty.c +diff -up openssh-5.8p1/ttymodes.c.audit2a openssh-5.8p1/ttymodes.c +diff -up openssh-5.8p1/ttymodes.h.audit2a openssh-5.8p1/ttymodes.h +diff -up openssh-5.8p1/uidswap.c.audit2a openssh-5.8p1/uidswap.c +diff -up openssh-5.8p1/uidswap.h.audit2a openssh-5.8p1/uidswap.h +diff -up openssh-5.8p1/umac.c.audit2a openssh-5.8p1/umac.c +diff -up openssh-5.8p1/umac.h.audit2a openssh-5.8p1/umac.h +diff -up openssh-5.8p1/uuencode.c.audit2a openssh-5.8p1/uuencode.c +diff -up openssh-5.8p1/uuencode.h.audit2a openssh-5.8p1/uuencode.h +diff -up openssh-5.8p1/version.h.audit2a openssh-5.8p1/version.h +diff -up openssh-5.8p1/xmalloc.c.audit2a openssh-5.8p1/xmalloc.c +diff -up openssh-5.8p1/xmalloc.h.audit2a openssh-5.8p1/xmalloc.h diff --git a/openssh-5.8p1-audit3.patch b/openssh-5.8p1-audit3.patch index 66427be..2bdfa66 100644 --- a/openssh-5.8p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit3 2011-02-17 15:09:38.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-17 15:09:38.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:28:25.000000000 +0100 @@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } @@ -19,8 +19,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit3 2011-02-17 15:09:38.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-17 15:10:27.000000000 +0100 +--- openssh-5.8p1/audit.c.audit3 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 18:28:25.000000000 +0100 @@ -36,6 +36,8 @@ #include "key.h" #include "hostfile.h" @@ -30,7 +30,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c #include "xmalloc.h" /* -@@ -139,6 +141,18 @@ audit_key(int type, int *rv, const Key * +@@ -128,6 +130,18 @@ audit_key(int host_user, int *rv, const xfree(fp); } @@ -49,9 +49,9 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -222,5 +236,24 @@ audit_keyusage(int host_user, const char +@@ -211,5 +225,24 @@ audit_keyusage(int host_user, const char debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", - host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv); + host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); } + +/* @@ -75,12 +75,12 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit3 2011-02-17 15:09:38.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-17 15:09:38.000000000 +0100 +--- openssh-5.8p1/audit.h.audit3 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 18:28:25.000000000 +0100 @@ -56,5 +56,9 @@ void audit_run_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); int audit_keyusage(int, const char *, unsigned, char *, int); - int audit_key(int, int *, const Key *); + void audit_key(int, int *, const Key *); +void audit_unsupported(int); +void audit_kex(int, char *, char *, char *); +void audit_unsupported_body(int); @@ -88,18 +88,18 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit3 2011-02-17 15:09:38.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-17 15:09:38.000000000 +0100 -@@ -36,6 +36,8 @@ - #include "log.h" - #include "audit.h" +--- openssh-5.8p1/audit-linux.c.audit3 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 18:28:59.000000000 +0100 +@@ -40,6 +40,8 @@ + #include "auth.h" + #include "servconf.h" #include "canohost.h" +#include "packet.h" +#include "cipher.h" #define AUDIT_LOG_SIZE 128 -@@ -223,4 +225,54 @@ audit_event(ssh_audit_event_t event) +@@ -243,4 +245,54 @@ audit_event(ssh_audit_event_t event) } } @@ -155,8 +155,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit3 2011-02-17 15:09:38.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-17 15:09:38.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit3 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-21 18:28:25.000000000 +0100 @@ -0,0 +1,39 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -199,7 +199,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c + diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-21 18:28:25.000000000 +0100 @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); @@ -219,7 +219,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-21 18:28:25.000000000 +0100 @@ -61,7 +61,16 @@ typedef struct Cipher Cipher; typedef struct CipherContext CipherContext; @@ -240,7 +240,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h EVP_CIPHER_CTX evp; diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.c 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-21 18:28:25.000000000 +0100 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "monitor.h" @@ -305,7 +305,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-21 18:28:25.000000000 +0100 @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ @@ -316,8 +316,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit3 2011-02-17 15:09:38.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-17 15:09:38.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit3 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 18:28:25.000000000 +0100 @@ -89,6 +89,7 @@ #include "ssh2.h" #include "jpake.h" @@ -414,7 +414,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h --- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-21 18:28:25.000000000 +0100 @@ -66,6 +66,8 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, @@ -426,7 +426,7 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c --- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:28:25.000000000 +0100 @@ -1412,3 +1412,38 @@ mm_jpake_check_confirm(const BIGNUM *k, return success; } @@ -468,7 +468,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h --- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:28:25.000000000 +0100 @@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *); #include "audit.h" void mm_audit_event(ssh_audit_event_t); @@ -480,7 +480,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c --- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 18:28:25.000000000 +0100 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" diff --git a/openssh-5.8p1-audit3a.patch b/openssh-5.8p1-audit3a.patch new file mode 100644 index 0000000..66cd62a --- /dev/null +++ b/openssh-5.8p1-audit3a.patch @@ -0,0 +1,139 @@ +diff -up openssh-5.8p1/audit-bsm.c.audit3a openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit3a 2011-02-21 18:29:45.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:29:45.000000000 +0100 +@@ -391,7 +391,7 @@ audit_unsupported_body(int what) + } + + void +-audit_kex_body(int ctos, char *enc, char *mac, char *compress) ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid) + { + /* not implemented */ + } +diff -up openssh-5.8p1/audit.c.audit3a openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit3a 2011-02-21 18:29:45.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 18:29:45.000000000 +0100 +@@ -28,6 +28,7 @@ + + #include + #include ++#include + + #ifdef SSH_AUDIT_EVENTS + +@@ -139,7 +140,7 @@ audit_unsupported(int what) + void + audit_kex(int ctos, char *enc, char *mac, char *comp) + { +- PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); ++ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); + } + + # ifndef CUSTOM_SSH_AUDIT_EVENTS +@@ -239,10 +240,12 @@ audit_unsupported_body(int what) + * This will be called on succesfull protocol negotiation. + */ + void +-audit_kex_body(int ctos, char *enc, char *mac, char *compress) ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, ++ uid_t uid) + { +- debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s", +- geteuid(), ctos, enc, mac, compress); ++ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u", ++ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, ++ (unsigned)uid); + } + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/audit.h.audit3a openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit3a 2011-02-21 18:29:45.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 18:29:45.000000000 +0100 +@@ -59,6 +59,6 @@ void audit_key(int, int *, const Key *); + void audit_unsupported(int); + void audit_kex(int, char *, char *, char *); + void audit_unsupported_body(int); +-void audit_kex_body(int, char *, char *, char *); ++void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); + + #endif /* _SSH_AUDIT_H */ +diff -up openssh-5.8p1/audit-linux.c.audit3a openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit3a 2011-02-21 18:29:45.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 18:29:45.000000000 +0100 +@@ -267,7 +267,8 @@ audit_unsupported_body(int what) + } + + void +-audit_kex_body(int ctos, char *enc, char *mac, char *compress) ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, ++ uid_t uid) + { + #ifdef AUDIT_CRYPTO_SESSION + char buf[AUDIT_LOG_SIZE]; +@@ -275,8 +276,9 @@ audit_kex_body(int ctos, char *enc, char + const static char *direction[] = { "from-server", "from-client", "both" }; + Cipher *cipher = cipher_by_name(enc); + +- snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d", ++ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", + direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, ++ (intmax_t)pid, (intmax_t)uid, + get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); + audit_fd = audit_open(); + if (audit_fd < 0) { +diff -up openssh-5.8p1/monitor.c.audit3a openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit3a 2011-02-21 18:29:45.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 18:29:45.000000000 +0100 +@@ -2239,13 +2239,17 @@ mm_answer_audit_kex_body(int sock, Buffe + { + int ctos, len; + char *cipher, *mac, *compress; ++ pid_t pid; ++ uid_t uid; + + ctos = buffer_get_int(m); + cipher = buffer_get_string(m, &len); + mac = buffer_get_string(m, &len); + compress = buffer_get_string(m, &len); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); + +- audit_kex_body(ctos, cipher, mac, compress); ++ audit_kex_body(ctos, cipher, mac, compress, pid, uid); + + buffer_clear(m); + +diff -up openssh-5.8p1/monitor_wrap.c.audit3a openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit3a 2011-02-21 18:29:45.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:29:45.000000000 +0100 +@@ -1430,7 +1430,8 @@ mm_audit_unsupported_body(int what) + } + + void +-mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress) ++mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid, ++ uid_t uid) + { + Buffer m; + +@@ -1439,6 +1440,8 @@ mm_audit_kex_body(int ctos, char *cipher + buffer_put_cstring(&m, cipher); + buffer_put_cstring(&m, mac); + buffer_put_cstring(&m, compress); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX, +diff -up openssh-5.8p1/monitor_wrap.h.audit3a openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit3a 2011-02-21 18:33:57.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:34:18.000000000 +0100 +@@ -75,7 +75,7 @@ void mm_sshpam_free_ctx(void *); + void mm_audit_event(ssh_audit_event_t); + void mm_audit_run_command(const char *); + void mm_audit_unsupported_body(int); +-void mm_audit_kex_body(int, char *, char *, char *); ++void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); + #endif + + struct Session; diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index f4d77f2..aba3c06 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:38:45.000000000 +0100 @@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ @@ -13,10 +13,10 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-17 10:34:25.000000000 +0100 -@@ -152,6 +152,12 @@ audit_kex(int ctos, char *enc, char *mac - PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); +--- openssh-5.8p1/audit.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 18:38:45.000000000 +0100 +@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac + PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } +void @@ -28,14 +28,15 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -254,5 +260,13 @@ audit_kex_body(int ctos, char *enc, char - debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s", - geteuid(), ctos, enc, mac, compress); +@@ -247,5 +253,14 @@ audit_kex_body(int ctos, char *enc, char + (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, + (unsigned)uid); } + +/* + * This will be called on succesfull session key discard + */ ++void +audit_session_key_free_body(int ctos) +{ + debug("audit session key discard euid %d direction %d", geteuid(), ctos); @@ -43,36 +44,37 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/audit.h.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 18:38:45.000000000 +0100 @@ -60,5 +60,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); - void audit_kex_body(int, char *, char *, char *); + void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); +void audit_session_key_free(int ctos); +void audit_session_key_free_body(int ctos); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-17 10:34:25.000000000 +0100 -@@ -246,13 +246,14 @@ audit_unsupported_body(int what) +--- openssh-5.8p1/audit-linux.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 18:38:45.000000000 +0100 +@@ -266,6 +266,8 @@ audit_unsupported_body(int what) #endif } +const static char *direction[] = { "from-server", "from-client", "both" }; + void - audit_kex_body(int ctos, char *enc, char *mac, char *compress) - { + audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, + uid_t uid) +@@ -273,7 +275,6 @@ audit_kex_body(int ctos, char *enc, char #ifdef AUDIT_CRYPTO_SESSION char buf[AUDIT_LOG_SIZE]; int audit_fd, audit_ok; - const static char *direction[] = { "from-server", "from-client", "both" }; Cipher *cipher = cipher_by_name(enc); - snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d", -@@ -275,4 +276,29 @@ audit_kex_body(int ctos, char *enc, char + snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", +@@ -297,4 +298,29 @@ audit_kex_body(int ctos, char *enc, char #endif } @@ -103,8 +105,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-21 18:38:45.000000000 +0100 @@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac { } @@ -114,8 +116,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +{ +} diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c ---- openssh-5.8p1/kex.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/kex.c 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/kex.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-21 18:38:45.000000000 +0100 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -153,7 +155,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c + diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.h 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-02-21 18:38:45.000000000 +0100 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -165,7 +167,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.8p1/mac.c 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-21 18:38:45.000000000 +0100 @@ -162,6 +162,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -189,15 +191,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c int diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.8p1/mac.h 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/mac.h 2011-02-21 18:38:45.000000000 +0100 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 18:38:45.000000000 +0100 @@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *) int mm_answer_audit_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); @@ -238,7 +240,7 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2253,4 +2258,18 @@ mm_answer_audit_kex_body(int sock, Buffe +@@ -2257,4 +2262,18 @@ mm_answer_audit_kex_body(int sock, Buffe return 0; } @@ -258,8 +260,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-21 18:38:45.000000000 +0100 @@ -68,6 +68,7 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -269,9 +271,9 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-17 10:34:25.000000000 +0100 -@@ -1446,4 +1446,17 @@ mm_audit_kex_body(int ctos, char *cipher +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:38:45.000000000 +0100 +@@ -1449,4 +1449,17 @@ mm_audit_kex_body(int ctos, char *cipher buffer_free(&m); } @@ -290,19 +292,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:39:26.000000000 +0100 @@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t); void mm_audit_run_command(const char *); void mm_audit_unsupported_body(int); - void mm_audit_kex_body(int, char *, char *, char *); + void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); +void mm_audit_session_key_free_body(int); #endif struct Session; diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 -+++ openssh-5.8p1/packet.c 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/packet.c 2011-02-21 18:38:45.000000000 +0100 @@ -497,6 +497,7 @@ packet_close(void) } cipher_cleanup(&active_state->send_context); @@ -397,7 +399,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 -+++ openssh-5.8p1/packet.h 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-02-21 18:38:45.000000000 +0100 @@ -125,4 +125,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); @@ -405,8 +407,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h +void packet_destroy_all(void); #endif /* PACKET_H */ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4 2011-02-17 10:34:25.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-17 10:34:25.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit4 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 18:38:45.000000000 +0100 @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) return (0); } diff --git a/openssh-5.8p1-audit4a.patch b/openssh-5.8p1-audit4a.patch new file mode 100644 index 0000000..07939a1 --- /dev/null +++ b/openssh-5.8p1-audit4a.patch @@ -0,0 +1,131 @@ +diff -up openssh-5.8p1/audit-bsm.c.audit4a openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit4a 2011-02-21 18:42:14.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:42:14.000000000 +0100 +@@ -397,7 +397,7 @@ audit_kex_body(int ctos, char *enc, char + } + + void +-audit_session_key_free_body(int ctos) ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) + { + /* not implemented */ + } +diff -up openssh-5.8p1/audit.c.audit4a openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit4a 2011-02-21 18:42:14.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 18:42:14.000000000 +0100 +@@ -146,7 +146,7 @@ audit_kex(int ctos, char *enc, char *mac + void + audit_session_key_free(int ctos) + { +- PRIVSEP(audit_session_key_free_body(ctos)); ++ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid())); + } + + # ifndef CUSTOM_SSH_AUDIT_EVENTS +@@ -258,9 +258,10 @@ audit_kex_body(int ctos, char *enc, char + * This will be called on succesfull session key discard + */ + void +-audit_session_key_free_body(int ctos) ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) + { +- debug("audit session key discard euid %d direction %d", geteuid(), ctos); ++ debug("audit session key discard euid %u direction %d from pid %ld uid %u", ++ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); + } + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-5.8p1/audit.h.audit4a openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit4a 2011-02-21 18:42:14.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 18:42:14.000000000 +0100 +@@ -61,6 +61,6 @@ void audit_kex(int, char *, char *, char + void audit_unsupported_body(int); + void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); + void audit_session_key_free(int ctos); +-void audit_session_key_free_body(int ctos); ++void audit_session_key_free_body(int ctos, pid_t, uid_t); + + #endif /* _SSH_AUDIT_H */ +diff -up openssh-5.8p1/audit-linux.c.audit4a openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit4a 2011-02-21 18:42:14.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 18:42:14.000000000 +0100 +@@ -299,13 +299,14 @@ audit_kex_body(int ctos, char *enc, char + } + + void +-audit_session_key_free_body(int ctos) ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) + { + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + +- snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d", +- direction[ctos], get_remote_port(), ++ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d", ++ direction[ctos], (intmax_t)pid, (intmax_t)uid, ++ get_remote_port(), + get_local_ipaddr(packet_get_connection_in()), + get_local_port()); + audit_fd = audit_open(); +diff -up openssh-5.8p1/monitor.c.audit4a openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit4a 2011-02-21 18:42:14.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 18:42:14.000000000 +0100 +@@ -2266,10 +2266,14 @@ int + mm_answer_audit_session_key_free_body(int sock, Buffer *m) + { + int ctos; ++ pid_t pid; ++ uid_t uid; + + ctos = buffer_get_int(m); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); + +- audit_session_key_free_body(ctos); ++ audit_session_key_free_body(ctos, pid, uid); + + buffer_clear(m); + +diff -up openssh-5.8p1/monitor_wrap.c.audit4a openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit4a 2011-02-21 18:42:14.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:42:14.000000000 +0100 +@@ -1451,12 +1451,14 @@ mm_audit_kex_body(int ctos, char *cipher + } + + void +-mm_audit_session_key_free_body(int ctos) ++mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) + { + Buffer m; + + buffer_init(&m); + buffer_put_int(&m, ctos); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, + &m); +diff -up openssh-5.8p1/monitor_wrap.h.audit4a openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit4a 2011-02-21 18:42:14.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:42:14.000000000 +0100 +@@ -76,7 +76,7 @@ void mm_audit_event(ssh_audit_event_t); + void mm_audit_run_command(const char *); + void mm_audit_unsupported_body(int); + void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); +-void mm_audit_session_key_free_body(int); ++void mm_audit_session_key_free_body(int, pid_t, uid_t); + #endif + + struct Session; +diff -up openssh-5.8p1/sshd.c.audit4a openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.audit4a 2011-02-21 18:48:30.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 18:48:41.000000000 +0100 +@@ -693,7 +693,7 @@ privsep_postauth(Authctxt *authctxt) + newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_IN]); + packet_destroy_all(); +- audit_session_key_free_body(2); ++ audit_session_key_free_body(2, getpid(), getuid()); + monitor_child_postauth(pmonitor); + + /* NEVERREACHED */ diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index f2ed6ef..f0013b2 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-17 10:36:14.000000000 +0100 -@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos) +--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:54:03.000000000 +0100 +@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos, pi { /* not implemented */ } @@ -13,11 +13,11 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-17 10:36:14.000000000 +0100 -@@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos) - { - debug("audit session key discard euid %d direction %d", geteuid(), ctos); +--- openssh-5.8p1/audit.c.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 18:54:03.000000000 +0100 +@@ -263,5 +263,14 @@ audit_session_key_free_body(int ctos, pi + debug("audit session key discard euid %u direction %d from pid %ld uid %u", + (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); } + +/* @@ -31,19 +31,19 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-17 10:36:14.000000000 +0100 +--- openssh-5.8p1/audit.h.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 18:54:03.000000000 +0100 @@ -62,5 +62,6 @@ void audit_unsupported_body(int); - void audit_kex_body(int, char *, char *, char *); + void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void audit_session_key_free(int ctos); - void audit_session_key_free_body(int ctos); + void audit_session_key_free_body(int ctos, pid_t, uid_t); +void audit_destroy_sensitive_data(const char *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-17 10:36:14.000000000 +0100 -@@ -301,4 +301,26 @@ audit_session_key_free_body(int ctos) +--- openssh-5.8p1/audit-linux.c.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 18:54:03.000000000 +0100 +@@ -324,4 +324,26 @@ audit_session_key_free_body(int ctos, pi error("cannot write into audit"); } @@ -71,8 +71,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-17 10:36:14.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 18:54:03.000000000 +0100 @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); @@ -113,7 +113,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2272,4 +2277,20 @@ mm_answer_audit_session_key_free_body(in +@@ -2280,4 +2285,20 @@ mm_answer_audit_session_key_free_body(in mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); return 0; } @@ -135,8 +135,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-17 10:36:14.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-21 18:54:03.000000000 +0100 @@ -69,6 +69,7 @@ enum monitor_reqtype { MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, @@ -146,9 +146,9 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-17 10:36:14.000000000 +0100 -@@ -1459,4 +1459,18 @@ mm_audit_session_key_free_body(int ctos) +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:54:03.000000000 +0100 +@@ -1464,4 +1464,18 @@ mm_audit_session_key_free_body(int ctos, &m); buffer_free(&m); } @@ -168,19 +168,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-17 10:36:14.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:54:56.000000000 +0100 @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); void mm_audit_unsupported_body(int); - void mm_audit_kex_body(int, char *, char *, char *); - void mm_audit_session_key_free_body(int); + void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); + void mm_audit_session_key_free_body(int, pid_t, uid_t); +void mm_audit_destroy_sensitive_data(const char *); #endif struct Session; diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c --- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-21 18:54:03.000000000 +0100 @@ -132,7 +132,7 @@ extern int log_stderr; extern int debug_flag; extern u_int utmp_len; @@ -200,8 +200,8 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5 2011-02-17 10:36:14.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-17 10:36:14.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit5 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 18:54:03.000000000 +0100 @@ -253,7 +253,7 @@ Buffer loginmsg; struct passwd *privsep_pw = NULL; diff --git a/openssh-5.8p1-audit5a.patch b/openssh-5.8p1-audit5a.patch index 4c32431..3844295 100644 --- a/openssh-5.8p1-audit5a.patch +++ b/openssh-5.8p1-audit5a.patch @@ -1,24 +1,37 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5a openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5a 2011-02-17 14:23:22.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-17 14:24:05.000000000 +0100 -@@ -407,4 +407,10 @@ audit_destroy_sensitive_data(const char +--- openssh-5.8p1/audit-bsm.c.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 19:11:32.000000000 +0100 +@@ -407,4 +407,16 @@ audit_destroy_sensitive_data(const char { /* not implemented */ } + +void ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) ++{ ++ /* not implemented */ ++} ++ ++void +audit_generate_ephemeral_server_key(const char *fp) +{ + /* not implemented */ +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5a openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5a 2011-02-17 13:27:01.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-17 14:18:58.000000000 +0100 -@@ -277,5 +277,14 @@ audit_destroy_sensitive_data(const char +--- openssh-5.8p1/audit.c.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 19:11:32.000000000 +0100 +@@ -268,9 +268,19 @@ audit_session_key_free_body(int ctos, pi + * This will be called on destroy private part of the server key + */ + void +-audit_destroy_sensitive_data(const char *fp) ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) { - debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp); - } +- debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp); ++ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u", ++ geteuid(), fp, (long)pid, (unsigned)uid); ++} + +/* + * This will be called on generation of the ephemeral server key @@ -27,23 +40,61 @@ diff -up openssh-5.8p1/audit.c.audit5a openssh-5.8p1/audit.c +audit_generate_ephemeral_server_key(const char *) +{ + debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp); -+} + } # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5a openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5a 2011-02-17 13:23:57.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-17 14:11:53.000000000 +0100 -@@ -63,5 +63,6 @@ void audit_kex_body(int, char *, char *, +--- openssh-5.8p1/audit.h.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 19:11:32.000000000 +0100 +@@ -48,6 +48,8 @@ enum ssh_audit_event_type { + }; + typedef enum ssh_audit_event_type ssh_audit_event_t; + ++int listening_for_clients(void); ++ + void audit_connection_from(const char *, int); + void audit_event(ssh_audit_event_t); + void audit_session_open(struct logininfo *); +@@ -62,6 +64,7 @@ void audit_unsupported_body(int); + void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void audit_session_key_free(int ctos); - void audit_session_key_free_body(int ctos); - void audit_destroy_sensitive_data(const char *); + void audit_session_key_free_body(int ctos, pid_t, uid_t); +-void audit_destroy_sensitive_data(const char *); ++void audit_destroy_sensitive_data(const char *, pid_t, uid_t); +void audit_generate_ephemeral_server_key(const char *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5a 2011-02-17 14:24:31.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-17 14:26:12.000000000 +0100 -@@ -323,4 +323,25 @@ audit_destroy_sensitive_data(const char +--- openssh-5.8p1/audit-linux.c.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 19:11:32.000000000 +0100 +@@ -317,7 +317,9 @@ audit_session_key_free_body(int ctos, pi + return; + } + audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, +- buf, NULL, get_remote_ipaddr(), NULL, 1); ++ buf, NULL, ++ listening_for_clients() ? NULL : get_remote_ipaddr(), ++ NULL, 1); + audit_close(audit_fd); + /* do not abort if the error is EPERM and sshd is run as non root user */ + if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) +@@ -325,12 +327,13 @@ audit_session_key_free_body(int ctos, pi + } + + void +-audit_destroy_sensitive_data(const char *fp) ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) + { + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + +- snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp); ++ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd", ++ fp, (intmax_t)pid, (intmax_t)uid); + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno != EINVAL && errno != EPROTONOSUPPORT && +@@ -346,4 +349,25 @@ audit_destroy_sensitive_data(const char error("cannot write into audit"); } @@ -69,23 +120,232 @@ diff -up openssh-5.8p1/audit-linux.c.audit5a openssh-5.8p1/audit-linux.c + error("cannot write into audit"); +} #endif /* USE_LINUX_AUDIT */ +diff -up openssh-5.8p1/key.c.audit5a openssh-5.8p1/key.c +--- openssh-5.8p1/key.c.audit5a 2011-02-04 01:48:34.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-21 19:15:28.000000000 +0100 +@@ -1769,6 +1769,30 @@ key_demote(const Key *k) + } + + int ++key_is_private(const Key *k) ++{ ++ switch (k->type) { ++ case KEY_RSA_CERT_V00: ++ case KEY_RSA_CERT: ++ case KEY_RSA1: ++ case KEY_RSA: ++ return k->rsa->d != NULL; ++ case KEY_DSA_CERT_V00: ++ case KEY_DSA_CERT: ++ case KEY_DSA: ++ return k->dsa->priv_key != NULL; ++#ifdef OPENSSL_HAS_ECC ++ case KEY_ECDSA_CERT: ++ case KEY_ECDSA: ++ return EC_KEY_get0_private_key(k->ecdsa) != NULL; ++#endif ++ default: ++ fatal("key_is_private: bad key type %d", k->type); ++ return 1; ++ } ++} ++ ++int + key_is_cert(const Key *k) + { + if (k == NULL) +diff -up openssh-5.8p1/key.h.audit5a openssh-5.8p1/key.h +--- openssh-5.8p1/key.h.audit5a 2010-11-05 00:19:49.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-02-21 19:15:34.000000000 +0100 +@@ -106,6 +106,7 @@ Key *key_generate(int, u_int); + Key *key_from_private(const Key *); + int key_type_from_name(char *); + int key_is_cert(const Key *); ++int key_is_private(const Key *k); + int key_type_plain(int); + int key_to_certified(Key *, int); + int key_drop_cert(Key *); +diff -up openssh-5.8p1/monitor.c.audit5a openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 19:11:32.000000000 +0100 +@@ -2291,10 +2291,14 @@ mm_answer_audit_server_key_free(int sock + { + int len; + char *fp; ++ pid_t pid; ++ uid_t uid; + + fp = buffer_get_string(m, &len); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); + +- audit_destroy_sensitive_data(fp); ++ audit_destroy_sensitive_data(fp, pid, uid); + + buffer_clear(m); + +diff -up openssh-5.8p1/monitor_wrap.c.audit5a openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 19:11:32.000000000 +0100 +@@ -1466,12 +1466,14 @@ mm_audit_session_key_free_body(int ctos, + } + + void +-mm_audit_destroy_sensitive_data(const char *fp) ++mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) + { + Buffer m; + + buffer_init(&m); + buffer_put_cstring(&m, fp); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, +diff -up openssh-5.8p1/monitor_wrap.h.audit5a openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 19:11:32.000000000 +0100 +@@ -77,7 +77,7 @@ void mm_audit_run_command(const char *); + void mm_audit_unsupported_body(int); + void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); + void mm_audit_session_key_free_body(int, pid_t, uid_t); +-void mm_audit_destroy_sensitive_data(const char *); ++void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t); + #endif + + struct Session; diff -up openssh-5.8p1/sshd.c.audit5a openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5a 2011-02-17 13:23:27.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-17 14:11:33.000000000 +0100 -@@ -379,6 +379,16 @@ generate_ephemeral_server_key(void) - sensitive_data.server_key = key_generate(KEY_RSA1, - options.server_key_bits); - verbose("RSA key generation complete."); -+#ifdef SSH_AUDIT_EVENTS -+ { -+ char *fp; +--- openssh-5.8p1/sshd.c.audit5a 2011-02-21 19:11:32.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 19:11:32.000000000 +0100 +@@ -272,6 +272,15 @@ close_listen_socks(void) + num_listen_socks = -1; + } + ++/* ++ * Is this process listening for clients (i.e. not specific to any specific ++ * client connection?) ++ */ ++int listening_for_clients(void) ++{ ++ return num_listen_socks > 0; ++} + -+ fp = key_fingerprint(sensitive_data.server_key, -+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ audit_generate_ephemeral_server_key(fp); -+ xfree(fp); -+ } -+#endif + static void + close_startup_pipes(void) + { +@@ -532,30 +541,47 @@ sshd_exchange_identification(int sock_in + } + } + +-/* Destroy the host and server keys. They will no longer be needed. */ ++/* ++ * Destroy the host and server keys. They will no longer be needed. Careful, ++ * this can be called from cleanup_exit() - i.e. from just about anywhere. ++ */ + void + destroy_sensitive_data(int privsep) + { + int i; ++ pid_t pid; ++ uid_t uid; - arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); - arc4random_stir(); + if (sensitive_data.server_key) { + key_free(sensitive_data.server_key); + sensitive_data.server_key = NULL; + } ++ pid = getpid(); ++ uid = getuid(); + for (i = 0; i < options.num_host_key_files; i++) { + if (sensitive_data.host_keys[i]) { + char *fp; + +- fp = key_fingerprint(sensitive_data.host_keys[i], +- FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); ++ if (key_is_private(sensitive_data.host_keys[i])) ++ fp = key_fingerprint(sensitive_data.host_keys[i], ++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ++ SSH_FP_HEX); ++ else ++ fp = NULL; + key_free(sensitive_data.host_keys[i]); + sensitive_data.host_keys[i] = NULL; +- if (privsep) +- PRIVSEP(audit_destroy_sensitive_data(fp)); +- else +- audit_destroy_sensitive_data(fp); ++ if (fp != NULL) { ++ if (privsep) ++ PRIVSEP(audit_destroy_sensitive_data(fp, ++ pid, uid)); ++ else ++ audit_destroy_sensitive_data(fp, ++ pid, uid); ++ xfree(fp); ++ } + } +- if (sensitive_data.host_certificates[i]) { ++ if (sensitive_data.host_certificates ++ && sensitive_data.host_certificates[i]) { + key_free(sensitive_data.host_certificates[i]); + sensitive_data.host_certificates[i] = NULL; + } +@@ -569,6 +595,8 @@ void + demote_sensitive_data(void) + { + Key *tmp; ++ pid_t pid; ++ uid_t uid; + int i; + + if (sensitive_data.server_key) { +@@ -577,19 +605,27 @@ demote_sensitive_data(void) + sensitive_data.server_key = tmp; + } + ++ pid = getpid(); ++ uid = getuid(); + for (i = 0; i < options.num_host_key_files; i++) { + if (sensitive_data.host_keys[i]) { + char *fp; + +- fp = key_fingerprint(sensitive_data.host_keys[i], +- FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); ++ if (key_is_private(sensitive_data.host_keys[i])) ++ fp = key_fingerprint(sensitive_data.host_keys[i], ++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ++ SSH_FP_HEX); ++ else ++ fp = NULL; + tmp = key_demote(sensitive_data.host_keys[i]); + key_free(sensitive_data.host_keys[i]); + sensitive_data.host_keys[i] = tmp; + if (tmp->type == KEY_RSA1) + sensitive_data.ssh1_host_key = tmp; +- audit_destroy_sensitive_data(fp); +- xfree(fp); ++ if (fp != NULL) { ++ audit_destroy_sensitive_data(fp, pid, uid); ++ xfree(fp); ++ } + } + /* Certs do not need demotion */ + } +@@ -1134,6 +1170,7 @@ server_accept_loop(int *sock_in, int *so + if (received_sigterm) { + logit("Received signal %d; terminating.", + (int) received_sigterm); ++ destroy_sensitive_data(0); + close_listen_socks(); + unlink(options.pid_file); + exit(255); +@@ -2370,6 +2407,9 @@ cleanup_exit(int i) + { + if (the_authctxt) + do_cleanup(the_authctxt); ++ if (sensitive_data.host_keys != NULL) ++ destroy_sensitive_data(use_privsep && pmonitor != NULL && ++ !mm_is_monitor()); + #ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if (!use_privsep || mm_is_monitor()) diff --git a/openssh-5.8p1-fips.patch b/openssh-5.8p1-fips.patch index c1de68d..418f882 100644 --- a/openssh-5.8p1-fips.patch +++ b/openssh-5.8p1-fips.patch @@ -1,18 +1,18 @@ diff -up openssh-5.8p1/audit.c.fips openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-14 10:10:41.000000000 +0100 -@@ -124,7 +124,7 @@ audit_key(int type, int *rv, const Key * - "ssh-dsa", - "unknown" }; +--- openssh-5.8p1/audit.c.fips 2011-02-21 17:05:13.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 17:06:18.000000000 +0100 +@@ -121,7 +121,7 @@ audit_key(int host_user, int *rv, const + char *fp; + const char *crypto_name; - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); - switch(key->type) { - case KEY_RSA1: - case KEY_RSA: + if (key->type == KEY_RSA1) + crypto_name = "ssh-rsa1"; + else diff -up openssh-5.8p1/auth2-pubkey.c.fips openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/auth2-pubkey.c.fips 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 17:05:14.000000000 +0100 @@ -36,6 +36,7 @@ #include #include @@ -32,7 +32,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.fips openssh-5.8p1/auth2-pubkey.c xfree(fp); diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c --- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100 -+++ openssh-5.8p1/authfile.c 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/authfile.c 2011-02-21 17:05:14.000000000 +0100 @@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe /* Allocate space for the private part of the key in the buffer. */ cp = buffer_append_space(&encrypted, buffer_len(&buffer)); @@ -67,20 +67,20 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c buffer_ptr(blob), buffer_len(blob)); cipher_cleanup(&ciphercontext); diff -up openssh-5.8p1/auth-rsa.c.fips openssh-5.8p1/auth-rsa.c ---- openssh-5.8p1/auth-rsa.c.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/auth-rsa.c.fips 2011-02-21 17:05:13.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-21 17:07:33.000000000 +0100 @@ -119,7 +119,7 @@ auth_rsa_verify_response(Key *key, BIGNU rv = timingsafe_bcmp(response, mdbuf, 16) == 0; #ifdef SSH_AUDIT_EVENTS - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); - if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) { + if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { debug("unsuccessful audit"); rv = 0; diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c ---- openssh-5.8p1/cipher.c.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/cipher.c.fips 2011-02-21 17:05:13.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-21 17:05:14.000000000 +0100 @@ -40,6 +40,7 @@ #include @@ -167,7 +167,7 @@ diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c /* diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c --- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 -+++ openssh-5.8p1/cipher-ctr.c 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/cipher-ctr.c 2011-02-21 17:05:14.000000000 +0100 @@ -140,7 +140,8 @@ evp_aes_128_ctr(void) aes_ctr.do_cipher = ssh_aes_ctr; #ifndef SSH_OLD_EVP @@ -179,8 +179,8 @@ diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c return (&aes_ctr); } diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h ---- openssh-5.8p1/cipher.h.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/cipher.h.fips 2011-02-21 17:05:13.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-21 17:05:14.000000000 +0100 @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe const u_char *, u_int, int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); @@ -191,8 +191,8 @@ diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h u_int cipher_keylen(const Cipher *); u_int cipher_is_cbc(const Cipher *); diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c ---- openssh-5.8p1/mac.c.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/mac.c 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/mac.c.fips 2011-02-21 17:05:13.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-21 17:05:14.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -243,8 +243,8 @@ diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in ---- openssh-5.8p1/Makefile.in.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/Makefile.in.fips 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-21 17:05:14.000000000 +0100 @@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ @@ -288,7 +288,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h --- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100 -+++ openssh-5.8p1/myproposal.h 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/myproposal.h 2011-02-21 17:05:14.000000000 +0100 @@ -81,7 +81,12 @@ "hmac-sha1-96,hmac-md5-96" #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" @@ -305,7 +305,7 @@ diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h KEX_DEFAULT_KEX, diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c --- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 -+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-21 17:05:14.000000000 +0100 @@ -39,6 +39,7 @@ static int rc4_ready = 0; static RC4_KEY rc4; @@ -349,7 +349,7 @@ diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbs #ifndef HAVE_ARC4RANDOM_BUF diff -up openssh-5.8p1/ssh-add.c.fips openssh-5.8p1/ssh-add.c --- openssh-5.8p1/ssh-add.c.fips 2010-11-11 04:17:02.000000000 +0100 -+++ openssh-5.8p1/ssh-add.c 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/ssh-add.c 2011-02-21 17:05:14.000000000 +0100 @@ -42,6 +42,7 @@ #include @@ -369,7 +369,7 @@ diff -up openssh-5.8p1/ssh-add.c.fips openssh-5.8p1/ssh-add.c key_size(key), fp, comment, key_type(key)); diff -up openssh-5.8p1/ssh-agent.c.fips openssh-5.8p1/ssh-agent.c --- openssh-5.8p1/ssh-agent.c.fips 2010-12-01 01:50:35.000000000 +0100 -+++ openssh-5.8p1/ssh-agent.c 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/ssh-agent.c 2011-02-21 17:05:14.000000000 +0100 @@ -51,6 +51,7 @@ #include @@ -393,7 +393,7 @@ diff -up openssh-5.8p1/ssh-agent.c.fips openssh-5.8p1/ssh-agent.c diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c --- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100 -+++ openssh-5.8p1/ssh.c 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/ssh.c 2011-02-21 17:05:14.000000000 +0100 @@ -73,6 +73,8 @@ #include @@ -458,7 +458,7 @@ diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c options.address_family, options.connection_attempts, &timeout_ms, diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c --- openssh-5.8p1/sshconnect2.c.fips 2010-12-01 02:21:51.000000000 +0100 -+++ openssh-5.8p1/sshconnect2.c 2011-02-14 10:10:41.000000000 +0100 ++++ openssh-5.8p1/sshconnect2.c 2011-02-21 17:05:14.000000000 +0100 @@ -44,6 +44,8 @@ #include #endif @@ -504,7 +504,7 @@ diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c /* diff -up openssh-5.8p1/sshconnect.c.fips openssh-5.8p1/sshconnect.c --- openssh-5.8p1/sshconnect.c.fips 2011-01-16 13:17:59.000000000 +0100 -+++ openssh-5.8p1/sshconnect.c 2011-02-14 10:18:14.000000000 +0100 ++++ openssh-5.8p1/sshconnect.c 2011-02-21 17:05:14.000000000 +0100 @@ -41,6 +41,8 @@ #include #include @@ -617,8 +617,8 @@ diff -up openssh-5.8p1/sshconnect.c.fips openssh-5.8p1/sshconnect.c xfree(fp); diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/sshd.c.fips 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 17:05:14.000000000 +0100 @@ -76,6 +76,8 @@ #include #include @@ -628,7 +628,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c #include "openbsd-compat/openssl-compat.h" #ifdef HAVE_SECUREWARE -@@ -1314,6 +1316,12 @@ main(int ac, char **av) +@@ -1327,6 +1329,12 @@ main(int ac, char **av) (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); @@ -641,7 +641,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ -@@ -1475,8 +1483,6 @@ main(int ac, char **av) +@@ -1488,8 +1496,6 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); @@ -650,7 +650,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) -@@ -1595,6 +1601,10 @@ main(int ac, char **av) +@@ -1608,6 +1614,10 @@ main(int ac, char **av) debug("private host key: #%d type %d %s", i, key->type, key_type(key)); } @@ -661,7 +661,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { logit("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; -@@ -1759,6 +1769,10 @@ main(int ac, char **av) +@@ -1772,6 +1782,10 @@ main(int ac, char **av) /* Initialize the random number generator. */ arc4random_stir(); @@ -672,7 +672,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* Chdir to the root directory so that the current disk can be unmounted if desired. */ chdir("/"); -@@ -2305,6 +2319,9 @@ do_ssh2_kex(void) +@@ -2315,6 +2329,9 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; @@ -682,7 +682,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); -@@ -2314,6 +2331,9 @@ do_ssh2_kex(void) +@@ -2324,6 +2341,9 @@ do_ssh2_kex(void) if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; @@ -693,8 +693,8 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = diff -up openssh-5.8p1/ssh-keygen.c.fips openssh-5.8p1/ssh-keygen.c ---- openssh-5.8p1/ssh-keygen.c.fips 2011-02-14 10:10:41.000000000 +0100 -+++ openssh-5.8p1/ssh-keygen.c 2011-02-14 10:10:41.000000000 +0100 +--- openssh-5.8p1/ssh-keygen.c.fips 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/ssh-keygen.c 2011-02-21 17:05:14.000000000 +0100 @@ -21,6 +21,7 @@ #include diff --git a/openssh-5.8p1-wIm.patch b/openssh-5.8p1-wIm.patch new file mode 100644 index 0000000..2ae400c --- /dev/null +++ b/openssh-5.8p1-wIm.patch @@ -0,0 +1,74 @@ +diff -up openssh-5.8p1/log.h.wIm openssh-5.8p1/log.h +--- openssh-5.8p1/log.h.wIm 2008-06-13 02:22:54.000000000 +0200 ++++ openssh-5.8p1/log.h 2011-02-17 11:41:51.000000000 +0100 +@@ -63,6 +63,7 @@ void verbose(const char *, ...) __at + void debug(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); ++void debug_wIm(const char *); + + void do_log(LogLevel, const char *, va_list); + void cleanup_exit(int) __attribute__((noreturn)); +diff -up openssh-5.8p1/Makefile.in.wIm openssh-5.8p1/Makefile.in +--- openssh-5.8p1/Makefile.in.wIm 2011-02-04 01:42:13.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-17 11:44:05.000000000 +0100 +@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b + cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ + compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ + log.o match.o md-sha256.o moduli.o nchan.o packet.o \ +- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ ++ readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \ + atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ + monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ + kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ +diff -up openssh-5.8p1/sshd.c.wIm openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.wIm 2011-01-11 07:20:31.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-17 11:41:51.000000000 +0100 +@@ -139,6 +139,9 @@ int deny_severity; + + extern char *__progname; + ++/* trace of fork processes */ ++extern int whereIam; ++ + /* Server configuration options. */ + ServerOptions options; + +@@ -652,6 +655,7 @@ privsep_preauth(Authctxt *authctxt) + } else { + /* child */ + ++ whereIam = 1; + close(pmonitor->m_sendfd); + + /* Demote the child */ +@@ -693,6 +697,7 @@ privsep_postauth(Authctxt *authctxt) + exit(0); + } + ++ whereIam = 2; + close(pmonitor->m_sendfd); + + /* Demote the private keys to public keys. */ +@@ -1302,6 +1307,8 @@ main(int ac, char **av) + Key *key; + Authctxt *authctxt; + ++ whereIam = 0; ++ + #ifdef HAVE_SECUREWARE + (void)set_auth_parameters(ac, av); + #endif +diff -up openssh-5.8p1/whereIam.c.wIm openssh-5.8p1/whereIam.c +--- openssh-5.8p1/whereIam.c.wIm 2011-02-17 11:41:51.000000000 +0100 ++++ openssh-5.8p1/whereIam.c 2011-02-17 11:41:51.000000000 +0100 +@@ -0,0 +1,9 @@ ++ ++int whereIam = -1; ++ ++void debug_wIm(const char *txt) ++{ ++ debug("%s: %s wIm = %d, euid=%d", txt, __func__, whereIam, geteuid()); ++} ++ ++ diff --git a/openssh.spec b/openssh.spec index 643d43f..14ce2ff 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 4 +%define openssh_rel 5 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -97,10 +97,13 @@ Patch100: openssh-5.8p1-wIm.patch Patch0: openssh-5.6p1-redhat.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Patch1: openssh-5.8p1-audit1.patch +Patch101: openssh-5.8p1-audit1a.patch Patch2: openssh-5.8p1-audit2.patch Patch102: openssh-5.8p1-audit2a.patch Patch3: openssh-5.8p1-audit3.patch +Patch103: openssh-5.8p1-audit3a.patch Patch4: openssh-5.8p1-audit4.patch +Patch104: openssh-5.8p1-audit4a.patch Patch5: openssh-5.8p1-audit5.patch Patch105: openssh-5.8p1-audit5a.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 @@ -287,10 +290,13 @@ The module is most useful for su and sudo service stacks. ###%patch100 -p1 -b .wIm %patch0 -p1 -b .redhat %patch1 -p1 -b .audit1 +%patch101 -p1 -b .audit1a %patch2 -p1 -b .audit2 %patch102 -p1 -b .audit2a %patch3 -p1 -b .audit3 +%patch103 -p1 -b .audit3a %patch4 -p1 -b .audit4 +%patch104 -p1 -b .audit4a %patch5 -p1 -b .audit5 %patch105 -p1 -b .audit5a %patch9 -p1 -b .vendor @@ -610,6 +616,9 @@ fi %endif %changelog +* Mon Feb 21 2011 Jan F. Chadima - 5.8p1-5 + 0.9.2-30 +- another audit improovements + * Thu Feb 17 2011 Jan F. Chadima - 5.8p1-4 + 0.9.2-30 - improve audit of server ket management