From c2b0098c73ebfd2bc1b31b344b6f9fde7d332ca8 Mon Sep 17 00:00:00 2001 From: Jan F Date: Feb 21 2011 19:24:29 +0000 Subject: another audit improovements --- diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch index 51e4fae..d4020d3 100644 --- a/openssh-5.8p1-audit1.patch +++ b/openssh-5.8p1-audit1.patch @@ -1,18 +1,31 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c --- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-16 23:26:59.000000000 +0100 -@@ -39,8 +39,8 @@ ++++ openssh-5.8p1/audit-linux.c 2011-02-21 20:01:00.000000000 +0100 +@@ -35,13 +35,20 @@ + #include "log.h" + #include "audit.h" ++#include "key.h" ++#include "hostfile.h" ++#include "auth.h" ++#include "servconf.h" + #include "canohost.h" + ++extern ServerOptions options; ++extern Authctxt *the_authctxt; ++extern u_int utmp_len; const char* audit_username(void); -int -linux_audit_record_event(int uid, const char *username, +- const char *hostname, const char *ip, const char *ttyn, int success) +static void -+linux_audit_user_login(int uid, const char *username, - const char *hostname, const char *ip, const char *ttyn, int success) ++linux_audit_user_logxxx(int uid, const char *username, ++ const char *hostname, const char *ip, const char *ttyn, int success, int event) { int audit_fd, rc, saved_errno; -@@ -49,9 +49,9 @@ linux_audit_record_event(int uid, const + +@@ -49,11 +56,11 @@ linux_audit_record_event(int uid, const if (audit_fd < 0) { if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) @@ -22,9 +35,12 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c - return 0; /* Must prevent login */ + goto fatal_report; /* Must prevent login */ } - rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, +- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, ++ rc = audit_log_acct_message(audit_fd, event, NULL, "login", username ? username : "(unknown)", -@@ -65,7 +65,62 @@ linux_audit_record_event(int uid, const + username == NULL ? uid : -1, hostname, ip, ttyn, success); + saved_errno = errno; +@@ -65,35 +72,102 @@ linux_audit_record_event(int uid, const if ((rc == -EPERM) && (geteuid() != 0)) rc = 0; errno = saved_errno; @@ -41,19 +57,19 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c +{ + int audit_fd, rc, saved_errno; + static const char *event_name[] = { -+ "exceed maxtries", ++ "maxtries exceeded", + "root denied", + "success", + "none", -+ "pasword", -+ "chalenge-response", ++ "password", ++ "challenge-response", + "pubkey", + "hostbased", + "gssapi", + "invalid user", + "nologin", -+ "connection close", -+ "connection abandon", ++ "connection closed", ++ "connection abandoned", + "unknown" + }; + @@ -87,8 +103,10 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c + } } ++static int user_login_count = 0; ++ /* Below is the sshd audit API code */ -@@ -73,8 +128,8 @@ linux_audit_record_event(int uid, const + void audit_connection_from(const char *host, int port) { @@ -98,19 +116,41 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c void audit_run_command(const char *command) -@@ -85,9 +140,8 @@ audit_run_command(const char *command) + { +- /* not implemented */ ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_START); ++ if (!user_login_count++) ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_LOGIN); + } + void audit_session_open(struct logininfo *li) { - if (linux_audit_record_event(li->uid, NULL, li->hostname, - NULL, li->line, 1) == 0) - fatal("linux_audit_write_entry failed: %s", strerror(errno)); -+ linux_audit_user_login(li->uid, NULL, li->hostname, -+ NULL, li->line, 1); ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_START); ++ if (!user_login_count++) ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_LOGIN); + } + + void + audit_session_close(struct logininfo *li) + { +- /* not implemented */ ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_END); ++ if (!--user_login_count) ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_LOGOUT); } void -@@ -101,20 +155,33 @@ audit_event(ssh_audit_event_t event) +@@ -101,21 +175,34 @@ audit_event(ssh_audit_event_t event) { switch(event) { case SSH_AUTH_SUCCESS: @@ -124,8 +164,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c case SSH_LOGIN_ROOT_DENIED: + linux_audit_user_auth(-1, audit_username(), NULL, + get_remote_ipaddr(), "sshd", 0, event); -+ linux_audit_user_login(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0); ++ linux_audit_user_logxxx(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); break; + case SSH_LOGIN_EXCEED_MAXTRIES: @@ -143,7 +183,9 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c + case SSH_CONNECTION_ABANDON: case SSH_INVALID_USER: - linux_audit_record_event(-1, audit_username(), NULL, -+ linux_audit_user_login(-1, audit_username(), NULL, - get_remote_ipaddr(), "sshd", 0); +- get_remote_ipaddr(), "sshd", 0); ++ linux_audit_user_logxxx(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); break; + default: diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch index f152972..e69de29 100644 --- a/openssh-5.8p1-audit1a.patch +++ b/openssh-5.8p1-audit1a.patch @@ -1,127 +0,0 @@ -diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit1a 2011-02-21 18:14:37.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:17:33.000000000 +0100 -@@ -35,13 +35,20 @@ - - #include "log.h" - #include "audit.h" -+#include "key.h" -+#include "hostfile.h" -+#include "auth.h" -+#include "servconf.h" - #include "canohost.h" - -+extern ServerOptions options; -+extern Authctxt *the_authctxt; -+extern u_int utmp_len; - const char* audit_username(void); - - static void --linux_audit_user_login(int uid, const char *username, -- const char *hostname, const char *ip, const char *ttyn, int success) -+linux_audit_user_logxxx(int uid, const char *username, -+ const char *hostname, const char *ip, const char *ttyn, int success, int event) - { - int audit_fd, rc, saved_errno; - -@@ -53,7 +60,7 @@ linux_audit_user_login(int uid, const ch - else - goto fatal_report; /* Must prevent login */ - } -- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, -+ rc = audit_log_acct_message(audit_fd, event, - NULL, "login", username ? username : "(unknown)", - username == NULL ? uid : -1, hostname, ip, ttyn, success); - saved_errno = errno; -@@ -77,19 +84,19 @@ linux_audit_user_auth(int uid, const cha - { - int audit_fd, rc, saved_errno; - static const char *event_name[] = { -- "exceed maxtries", -+ "maxtries exceeded", - "root denied", - "success", - "none", -- "pasword", -- "chalenge-response", -+ "password", -+ "challenge-response", - "pubkey", - "hostbased", - "gssapi", - "invalid user", - "nologin", -- "connection close", -- "connection abandon", -+ "connection closed", -+ "connection abandoned", - "unknown" - }; - -@@ -123,6 +130,8 @@ fatal_report: - } - } - -+static int user_login_count = 0; -+ - /* Below is the sshd audit API code */ - - void -@@ -134,20 +143,31 @@ audit_connection_from(const char *host, - void - audit_run_command(const char *command) - { -- /* not implemented */ -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), -+ NULL, "ssh", 1, AUDIT_USER_START); -+ if (!user_login_count++) -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), -+ NULL, "ssh", 1, AUDIT_USER_LOGIN); - } - - void - audit_session_open(struct logininfo *li) - { -- linux_audit_user_login(li->uid, NULL, li->hostname, -- NULL, li->line, 1); -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, -+ NULL, li->line, 1, AUDIT_USER_START); -+ if (!user_login_count++) -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, -+ NULL, li->line, 1, AUDIT_USER_LOGIN); - } - - void - audit_session_close(struct logininfo *li) - { -- /* not implemented */ -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, -+ NULL, li->line, 1, AUDIT_USER_END); -+ if (!--user_login_count) -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, -+ NULL, li->line, 1, AUDIT_USER_LOGOUT); - } - - void -@@ -163,8 +183,8 @@ audit_event(ssh_audit_event_t event) - case SSH_LOGIN_ROOT_DENIED: - linux_audit_user_auth(-1, audit_username(), NULL, - get_remote_ipaddr(), "sshd", 0, event); -- linux_audit_user_login(-1, audit_username(), NULL, -- get_remote_ipaddr(), "sshd", 0); -+ linux_audit_user_logxxx(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); - break; - - case SSH_LOGIN_EXCEED_MAXTRIES: -@@ -181,8 +201,8 @@ audit_event(ssh_audit_event_t event) - case SSH_CONNECTION_CLOSE: - case SSH_CONNECTION_ABANDON: - case SSH_INVALID_USER: -- linux_audit_user_login(-1, audit_username(), NULL, -- get_remote_ipaddr(), "sshd", 0); -+ linux_audit_user_logxxx(-1, audit_username(), NULL, -+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN); - break; - - default: diff --git a/openssh-5.8p1-audit2.patch b/openssh-5.8p1-audit2.patch index 83b556f..e3b003c 100644 --- a/openssh-5.8p1-audit2.patch +++ b/openssh-5.8p1-audit2.patch @@ -1,12 +1,12 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c --- openssh-5.8p1/audit-bsm.c.audit2 2011-01-17 11:15:29.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:21:20.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:04:37.000000000 +0100 @@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } +int -+audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) +{ + /* not implemented */ +} @@ -16,34 +16,31 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c { diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c --- openssh-5.8p1/audit.c.audit2 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 18:21:21.000000000 +0100 -@@ -111,6 +111,33 @@ audit_event_lookup(ssh_audit_event_t ev) ++++ openssh-5.8p1/audit.c 2011-02-21 20:04:37.000000000 +0100 +@@ -36,6 +36,7 @@ + #include "key.h" + #include "hostfile.h" + #include "auth.h" ++#include "xmalloc.h" + + /* + * Care must be taken when using this since it WILL NOT be initialized when +@@ -111,6 +112,22 @@ audit_event_lookup(ssh_audit_event_t ev) return(event_lookup[i].name); } -+int -+audit_key(int type, int *rv, const Key *key) ++void ++audit_key(int host_user, int *rv, const Key *key) +{ + char *fp; -+ unsigned size = 0; -+ const char *crypto_name[] = { -+ "ssh-rsa1", -+ "ssh-rsa", -+ "ssh-dsa", -+ "unknown" }; ++ const char *crypto_name; + + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -+ switch(key->type) { -+ case KEY_RSA1: -+ case KEY_RSA: -+ size = RSA_size(key->rsa); -+ break; -+ case KEY_DSA: -+ size = DSA_size(key->dsa); -+ break; -+ } -+ -+ if (audit_keyusage(0, crypto_name[key->type], size, fp, *rv) == 0) ++ if (key->type == KEY_RSA1) ++ crypto_name = "ssh-rsa1"; ++ else ++ crypto_name = key_ssh_name(key); ++ if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0) + *rv = 0; + xfree(fp); +} @@ -51,7 +48,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -182,5 +209,17 @@ audit_run_command(const char *command) +@@ -182,5 +199,17 @@ audit_run_command(const char *command) debug("audit run command euid %d user %s command '%.200s'", geteuid(), audit_username(), command); } @@ -62,16 +59,16 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c + * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key. + */ +int -+audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) +{ + debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", -+ host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv); ++ host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h --- openssh-5.8p1/audit.h.audit2 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 18:21:21.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 20:04:37.000000000 +0100 @@ -28,6 +28,7 @@ # define _SSH_AUDIT_H @@ -85,12 +82,12 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h void audit_run_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); +int audit_keyusage(int, const char *, unsigned, char *, int); -+int audit_key(int, int *, const Key *); ++void audit_key(int, int *, const Key *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit2 2011-02-21 18:21:20.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:21:56.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit2 2011-02-21 20:04:37.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 20:04:37.000000000 +0100 @@ -41,6 +41,8 @@ #include "servconf.h" #include "canohost.h" @@ -105,7 +102,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c } +int -+audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) +{ + char buf[AUDIT_LOG_SIZE]; + int audit_fd, rc, saved_errno; @@ -124,7 +121,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c + if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + goto out; + snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d", -+ type, 8 * len, fp, get_remote_port()); ++ type, bits, fp, get_remote_port()); + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); +out: @@ -140,7 +137,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c /* Below is the sshd audit API code */ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c --- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 -+++ openssh-5.8p1/auth2-hostbased.c 2011-02-21 18:21:21.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-02-21 20:04:37.000000000 +0100 @@ -136,6 +136,18 @@ done: return authenticated; } @@ -162,7 +159,7 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c --- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 18:21:21.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 20:04:37.000000000 +0100 @@ -177,6 +177,18 @@ done: return authenticated; } @@ -184,7 +181,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c { diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 -+++ openssh-5.8p1/auth.h 2011-02-21 18:21:21.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-02-21 20:04:37.000000000 +0100 @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); @@ -203,7 +200,7 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c --- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-21 18:21:21.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-21 20:04:37.000000000 +0100 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU { u_char buf[32], mdbuf[16]; @@ -227,7 +224,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c + +#ifdef SSH_AUDIT_EVENTS + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) { ++ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { + debug("unsuccessful audit"); + rv = 0; } @@ -242,7 +239,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c /* diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c --- openssh-5.8p1/monitor.c.audit2 2010-09-10 03:23:34.000000000 +0200 -+++ openssh-5.8p1/monitor.c 2011-02-21 18:21:21.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 20:04:37.000000000 +0100 @@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); diff --git a/openssh-5.8p1-audit2a.patch b/openssh-5.8p1-audit2a.patch index cfd11af..e69de29 100644 --- a/openssh-5.8p1-audit2a.patch +++ b/openssh-5.8p1-audit2a.patch @@ -1,318 +0,0 @@ -diff -up openssh-5.8p1/acss.c.audit2a openssh-5.8p1/acss.c -diff -up openssh-5.8p1/acss.h.audit2a openssh-5.8p1/acss.h -diff -up openssh-5.8p1/addrmatch.c.audit2a openssh-5.8p1/addrmatch.c -diff -up openssh-5.8p1/atomicio.c.audit2a openssh-5.8p1/atomicio.c -diff -up openssh-5.8p1/atomicio.h.audit2a openssh-5.8p1/atomicio.h -diff -up openssh-5.8p1/audit-bsm.c.audit2a openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit2a 2011-02-21 16:17:09.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 16:20:57.000000000 +0100 -@@ -317,7 +317,7 @@ audit_session_close(struct logininfo *li - } - - int --audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) -+audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) - { - /* not implemented */ - } -diff -up openssh-5.8p1/audit.c.audit2a openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit2a 2011-02-21 16:17:09.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 16:23:39.000000000 +0100 -@@ -36,6 +36,7 @@ - #include "key.h" - #include "hostfile.h" - #include "auth.h" -+#include "xmalloc.h" - - /* - * Care must be taken when using this since it WILL NOT be initialized when -@@ -111,29 +112,18 @@ audit_event_lookup(ssh_audit_event_t ev) - return(event_lookup[i].name); - } - --int --audit_key(int type, int *rv, const Key *key) -+void -+audit_key(int host_user, int *rv, const Key *key) - { - char *fp; -- unsigned size = 0; -- const char *crypto_name[] = { -- "ssh-rsa1", -- "ssh-rsa", -- "ssh-dsa", -- "unknown" }; -+ const char *crypto_name; - - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -- switch(key->type) { -- case KEY_RSA1: -- case KEY_RSA: -- size = RSA_size(key->rsa); -- break; -- case KEY_DSA: -- size = DSA_size(key->dsa); -- break; -- } -- -- if (audit_keyusage(0, crypto_name[key->type], size, fp, *rv) == 0) -+ if (key->type == KEY_RSA1) -+ crypto_name = "ssh-rsa1"; -+ else -+ crypto_name = key_ssh_name(key); -+ if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0) - *rv = 0; - xfree(fp); - } -@@ -216,10 +206,10 @@ audit_run_command(const char *command) - * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key. - */ - int --audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) -+audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) - { - debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", -- host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv); -+ host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); - } - # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.8p1/audit.h.audit2a openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit2a 2011-02-21 16:17:09.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 16:24:27.000000000 +0100 -@@ -55,6 +55,6 @@ void audit_session_close(struct logininf - void audit_run_command(const char *); - ssh_audit_event_t audit_classify_auth(const char *); - int audit_keyusage(int, const char *, unsigned, char *, int); --int audit_key(int, int *, const Key *); -+void audit_key(int, int *, const Key *); - - #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.8p1/audit-linux.c.audit2a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit2a 2011-02-21 16:17:09.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 16:21:19.000000000 +0100 -@@ -129,7 +129,7 @@ fatal_report: - } - - int --audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) -+audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) - { - char buf[AUDIT_LOG_SIZE]; - int audit_fd, rc, saved_errno; -@@ -148,7 +148,7 @@ audit_keyusage(int host_user, const char - if ((rc < 0) && ((rc != -1) || (getuid() == 0))) - goto out; - snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d", -- type, 8 * len, fp, get_remote_port()); -+ type, bits, fp, get_remote_port()); - rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, - buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); - out: -diff -up openssh-5.8p1/auth1.c.audit2a openssh-5.8p1/auth1.c -diff -up openssh-5.8p1/auth2.c.audit2a openssh-5.8p1/auth2.c -diff -up openssh-5.8p1/auth2-chall.c.audit2a openssh-5.8p1/auth2-chall.c -diff -up openssh-5.8p1/auth2-gss.c.audit2a openssh-5.8p1/auth2-gss.c -diff -up openssh-5.8p1/auth2-hostbased.c.audit2a openssh-5.8p1/auth2-hostbased.c -diff -up openssh-5.8p1/auth2-jpake.c.audit2a openssh-5.8p1/auth2-jpake.c -diff -up openssh-5.8p1/auth2-kbdint.c.audit2a openssh-5.8p1/auth2-kbdint.c -diff -up openssh-5.8p1/auth2-none.c.audit2a openssh-5.8p1/auth2-none.c -diff -up openssh-5.8p1/auth2-passwd.c.audit2a openssh-5.8p1/auth2-passwd.c -diff -up openssh-5.8p1/auth2-pubkey.c.audit2a openssh-5.8p1/auth2-pubkey.c -diff -up openssh-5.8p1/auth-bsdauth.c.audit2a openssh-5.8p1/auth-bsdauth.c -diff -up openssh-5.8p1/auth.c.audit2a openssh-5.8p1/auth.c -diff -up openssh-5.8p1/auth-chall.c.audit2a openssh-5.8p1/auth-chall.c -diff -up openssh-5.8p1/authfd.c.audit2a openssh-5.8p1/authfd.c -diff -up openssh-5.8p1/authfd.h.audit2a openssh-5.8p1/authfd.h -diff -up openssh-5.8p1/authfile.c.audit2a openssh-5.8p1/authfile.c -diff -up openssh-5.8p1/authfile.h.audit2a openssh-5.8p1/authfile.h -diff -up openssh-5.8p1/auth.h.audit2a openssh-5.8p1/auth.h -diff -up openssh-5.8p1/auth-krb5.c.audit2a openssh-5.8p1/auth-krb5.c -diff -up openssh-5.8p1/auth-options.c.audit2a openssh-5.8p1/auth-options.c -diff -up openssh-5.8p1/auth-options.h.audit2a openssh-5.8p1/auth-options.h -diff -up openssh-5.8p1/auth-pam.c.audit2a openssh-5.8p1/auth-pam.c -diff -up openssh-5.8p1/auth-pam.h.audit2a openssh-5.8p1/auth-pam.h -diff -up openssh-5.8p1/auth-passwd.c.audit2a openssh-5.8p1/auth-passwd.c -diff -up openssh-5.8p1/auth-rhosts.c.audit2a openssh-5.8p1/auth-rhosts.c -diff -up openssh-5.8p1/auth-rh-rsa.c.audit2a openssh-5.8p1/auth-rh-rsa.c -diff -up openssh-5.8p1/auth-rsa.c.audit2a openssh-5.8p1/auth-rsa.c ---- openssh-5.8p1/auth-rsa.c.audit2a 2011-02-21 16:17:09.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-21 16:25:17.000000000 +0100 -@@ -120,7 +120,7 @@ auth_rsa_verify_response(Key *key, BIGNU - - #ifdef SSH_AUDIT_EVENTS - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -- if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) { -+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { - debug("unsuccessful audit"); - rv = 0; - } -diff -up openssh-5.8p1/auth-shadow.c.audit2a openssh-5.8p1/auth-shadow.c -diff -up openssh-5.8p1/auth-sia.c.audit2a openssh-5.8p1/auth-sia.c -diff -up openssh-5.8p1/auth-sia.h.audit2a openssh-5.8p1/auth-sia.h -diff -up openssh-5.8p1/auth-skey.c.audit2a openssh-5.8p1/auth-skey.c -diff -up openssh-5.8p1/bufaux.c.audit2a openssh-5.8p1/bufaux.c -diff -up openssh-5.8p1/bufbn.c.audit2a openssh-5.8p1/bufbn.c -diff -up openssh-5.8p1/bufec.c.audit2a openssh-5.8p1/bufec.c -diff -up openssh-5.8p1/buffer.c.audit2a openssh-5.8p1/buffer.c -diff -up openssh-5.8p1/buffer.h.audit2a openssh-5.8p1/buffer.h -diff -up openssh-5.8p1/canohost.c.audit2a openssh-5.8p1/canohost.c -diff -up openssh-5.8p1/canohost.h.audit2a openssh-5.8p1/canohost.h -diff -up openssh-5.8p1/channels.c.audit2a openssh-5.8p1/channels.c -diff -up openssh-5.8p1/channels.h.audit2a openssh-5.8p1/channels.h -diff -up openssh-5.8p1/cipher-3des1.c.audit2a openssh-5.8p1/cipher-3des1.c -diff -up openssh-5.8p1/cipher-acss.c.audit2a openssh-5.8p1/cipher-acss.c -diff -up openssh-5.8p1/cipher-aes.c.audit2a openssh-5.8p1/cipher-aes.c -diff -up openssh-5.8p1/cipher-bf1.c.audit2a openssh-5.8p1/cipher-bf1.c -diff -up openssh-5.8p1/cipher.c.audit2a openssh-5.8p1/cipher.c -diff -up openssh-5.8p1/cipher-ctr.c.audit2a openssh-5.8p1/cipher-ctr.c -diff -up openssh-5.8p1/cipher.h.audit2a openssh-5.8p1/cipher.h -diff -up openssh-5.8p1/cleanup.c.audit2a openssh-5.8p1/cleanup.c -diff -up openssh-5.8p1/clientloop.c.audit2a openssh-5.8p1/clientloop.c -diff -up openssh-5.8p1/clientloop.h.audit2a openssh-5.8p1/clientloop.h -diff -up openssh-5.8p1/compat.c.audit2a openssh-5.8p1/compat.c -diff -up openssh-5.8p1/compat.h.audit2a openssh-5.8p1/compat.h -diff -up openssh-5.8p1/compress.c.audit2a openssh-5.8p1/compress.c -diff -up openssh-5.8p1/compress.h.audit2a openssh-5.8p1/compress.h -diff -up openssh-5.8p1/crc32.c.audit2a openssh-5.8p1/crc32.c -diff -up openssh-5.8p1/crc32.h.audit2a openssh-5.8p1/crc32.h -diff -up openssh-5.8p1/deattack.c.audit2a openssh-5.8p1/deattack.c -diff -up openssh-5.8p1/deattack.h.audit2a openssh-5.8p1/deattack.h -diff -up openssh-5.8p1/defines.h.audit2a openssh-5.8p1/defines.h -diff -up openssh-5.8p1/dh.c.audit2a openssh-5.8p1/dh.c -diff -up openssh-5.8p1/dh.h.audit2a openssh-5.8p1/dh.h -diff -up openssh-5.8p1/dispatch.c.audit2a openssh-5.8p1/dispatch.c -diff -up openssh-5.8p1/dispatch.h.audit2a openssh-5.8p1/dispatch.h -diff -up openssh-5.8p1/dns.c.audit2a openssh-5.8p1/dns.c -diff -up openssh-5.8p1/dns.h.audit2a openssh-5.8p1/dns.h -diff -up openssh-5.8p1/entropy.c.audit2a openssh-5.8p1/entropy.c -diff -up openssh-5.8p1/entropy.h.audit2a openssh-5.8p1/entropy.h -diff -up openssh-5.8p1/fatal.c.audit2a openssh-5.8p1/fatal.c -diff -up openssh-5.8p1/groupaccess.c.audit2a openssh-5.8p1/groupaccess.c -diff -up openssh-5.8p1/groupaccess.h.audit2a openssh-5.8p1/groupaccess.h -diff -up openssh-5.8p1/gss-genr.c.audit2a openssh-5.8p1/gss-genr.c -diff -up openssh-5.8p1/gss-serv.c.audit2a openssh-5.8p1/gss-serv.c -diff -up openssh-5.8p1/gss-serv-krb5.c.audit2a openssh-5.8p1/gss-serv-krb5.c -diff -up openssh-5.8p1/hostfile.c.audit2a openssh-5.8p1/hostfile.c -diff -up openssh-5.8p1/hostfile.h.audit2a openssh-5.8p1/hostfile.h -diff -up openssh-5.8p1/includes.h.audit2a openssh-5.8p1/includes.h -diff -up openssh-5.8p1/jpake.c.audit2a openssh-5.8p1/jpake.c -diff -up openssh-5.8p1/jpake.h.audit2a openssh-5.8p1/jpake.h -diff -up openssh-5.8p1/kex.c.audit2a openssh-5.8p1/kex.c -diff -up openssh-5.8p1/kexdh.c.audit2a openssh-5.8p1/kexdh.c -diff -up openssh-5.8p1/kexdhc.c.audit2a openssh-5.8p1/kexdhc.c -diff -up openssh-5.8p1/kexdhs.c.audit2a openssh-5.8p1/kexdhs.c -diff -up openssh-5.8p1/kexecdh.c.audit2a openssh-5.8p1/kexecdh.c -diff -up openssh-5.8p1/kexecdhc.c.audit2a openssh-5.8p1/kexecdhc.c -diff -up openssh-5.8p1/kexecdhs.c.audit2a openssh-5.8p1/kexecdhs.c -diff -up openssh-5.8p1/kexgex.c.audit2a openssh-5.8p1/kexgex.c -diff -up openssh-5.8p1/kexgexc.c.audit2a openssh-5.8p1/kexgexc.c -diff -up openssh-5.8p1/kexgexs.c.audit2a openssh-5.8p1/kexgexs.c -diff -up openssh-5.8p1/kex.h.audit2a openssh-5.8p1/kex.h -diff -up openssh-5.8p1/key.c.audit2a openssh-5.8p1/key.c -diff -up openssh-5.8p1/key.h.audit2a openssh-5.8p1/key.h -diff -up openssh-5.8p1/log.c.audit2a openssh-5.8p1/log.c -diff -up openssh-5.8p1/log.h.audit2a openssh-5.8p1/log.h -diff -up openssh-5.8p1/loginrec.c.audit2a openssh-5.8p1/loginrec.c -diff -up openssh-5.8p1/loginrec.h.audit2a openssh-5.8p1/loginrec.h -diff -up openssh-5.8p1/logintest.c.audit2a openssh-5.8p1/logintest.c -diff -up openssh-5.8p1/mac.c.audit2a openssh-5.8p1/mac.c -diff -up openssh-5.8p1/mac.h.audit2a openssh-5.8p1/mac.h -diff -up openssh-5.8p1/match.c.audit2a openssh-5.8p1/match.c -diff -up openssh-5.8p1/match.h.audit2a openssh-5.8p1/match.h -diff -up openssh-5.8p1/md5crypt.c.audit2a openssh-5.8p1/md5crypt.c -diff -up openssh-5.8p1/md5crypt.h.audit2a openssh-5.8p1/md5crypt.h -diff -up openssh-5.8p1/md-sha256.c.audit2a openssh-5.8p1/md-sha256.c -diff -up openssh-5.8p1/misc.c.audit2a openssh-5.8p1/misc.c -diff -up openssh-5.8p1/misc.h.audit2a openssh-5.8p1/misc.h -diff -up openssh-5.8p1/moduli.c.audit2a openssh-5.8p1/moduli.c -diff -up openssh-5.8p1/monitor.c.audit2a openssh-5.8p1/monitor.c -diff -up openssh-5.8p1/monitor_fdpass.c.audit2a openssh-5.8p1/monitor_fdpass.c -diff -up openssh-5.8p1/monitor_fdpass.h.audit2a openssh-5.8p1/monitor_fdpass.h -diff -up openssh-5.8p1/monitor.h.audit2a openssh-5.8p1/monitor.h -diff -up openssh-5.8p1/monitor_mm.c.audit2a openssh-5.8p1/monitor_mm.c -diff -up openssh-5.8p1/monitor_mm.h.audit2a openssh-5.8p1/monitor_mm.h -diff -up openssh-5.8p1/monitor_wrap.c.audit2a openssh-5.8p1/monitor_wrap.c -diff -up openssh-5.8p1/monitor_wrap.h.audit2a openssh-5.8p1/monitor_wrap.h -diff -up openssh-5.8p1/msg.c.audit2a openssh-5.8p1/msg.c -diff -up openssh-5.8p1/msg.h.audit2a openssh-5.8p1/msg.h -diff -up openssh-5.8p1/mux.c.audit2a openssh-5.8p1/mux.c -diff -up openssh-5.8p1/myproposal.h.audit2a openssh-5.8p1/myproposal.h -diff -up openssh-5.8p1/nchan.c.audit2a openssh-5.8p1/nchan.c -diff -up openssh-5.8p1/packet.c.audit2a openssh-5.8p1/packet.c -diff -up openssh-5.8p1/packet.h.audit2a openssh-5.8p1/packet.h -diff -up openssh-5.8p1/pathnames.h.audit2a openssh-5.8p1/pathnames.h -diff -up openssh-5.8p1/pkcs11.h.audit2a openssh-5.8p1/pkcs11.h -diff -up openssh-5.8p1/platform.c.audit2a openssh-5.8p1/platform.c -diff -up openssh-5.8p1/platform.h.audit2a openssh-5.8p1/platform.h -diff -up openssh-5.8p1/progressmeter.c.audit2a openssh-5.8p1/progressmeter.c -diff -up openssh-5.8p1/progressmeter.h.audit2a openssh-5.8p1/progressmeter.h -diff -up openssh-5.8p1/readconf.c.audit2a openssh-5.8p1/readconf.c -diff -up openssh-5.8p1/readconf.h.audit2a openssh-5.8p1/readconf.h -diff -up openssh-5.8p1/readpass.c.audit2a openssh-5.8p1/readpass.c -diff -up openssh-5.8p1/rijndael.c.audit2a openssh-5.8p1/rijndael.c -diff -up openssh-5.8p1/rijndael.h.audit2a openssh-5.8p1/rijndael.h -diff -up openssh-5.8p1/roaming_client.c.audit2a openssh-5.8p1/roaming_client.c -diff -up openssh-5.8p1/roaming_common.c.audit2a openssh-5.8p1/roaming_common.c -diff -up openssh-5.8p1/roaming_dummy.c.audit2a openssh-5.8p1/roaming_dummy.c -diff -up openssh-5.8p1/roaming.h.audit2a openssh-5.8p1/roaming.h -diff -up openssh-5.8p1/roaming_serv.c.audit2a openssh-5.8p1/roaming_serv.c -diff -up openssh-5.8p1/rsa.c.audit2a openssh-5.8p1/rsa.c -diff -up openssh-5.8p1/rsa.h.audit2a openssh-5.8p1/rsa.h -diff -up openssh-5.8p1/schnorr.c.audit2a openssh-5.8p1/schnorr.c -diff -up openssh-5.8p1/schnorr.h.audit2a openssh-5.8p1/schnorr.h -diff -up openssh-5.8p1/scp.c.audit2a openssh-5.8p1/scp.c -diff -up openssh-5.8p1/servconf.c.audit2a openssh-5.8p1/servconf.c -diff -up openssh-5.8p1/servconf.h.audit2a openssh-5.8p1/servconf.h -diff -up openssh-5.8p1/serverloop.c.audit2a openssh-5.8p1/serverloop.c -diff -up openssh-5.8p1/serverloop.h.audit2a openssh-5.8p1/serverloop.h -diff -up openssh-5.8p1/session.c.audit2a openssh-5.8p1/session.c -diff -up openssh-5.8p1/session.h.audit2a openssh-5.8p1/session.h -diff -up openssh-5.8p1/sftp.c.audit2a openssh-5.8p1/sftp.c -diff -up openssh-5.8p1/sftp-client.c.audit2a openssh-5.8p1/sftp-client.c -diff -up openssh-5.8p1/sftp-client.h.audit2a openssh-5.8p1/sftp-client.h -diff -up openssh-5.8p1/sftp-common.c.audit2a openssh-5.8p1/sftp-common.c -diff -up openssh-5.8p1/sftp-common.h.audit2a openssh-5.8p1/sftp-common.h -diff -up openssh-5.8p1/sftp-glob.c.audit2a openssh-5.8p1/sftp-glob.c -diff -up openssh-5.8p1/sftp.h.audit2a openssh-5.8p1/sftp.h -diff -up openssh-5.8p1/sftp-server.c.audit2a openssh-5.8p1/sftp-server.c -diff -up openssh-5.8p1/sftp-server-main.c.audit2a openssh-5.8p1/sftp-server-main.c -diff -up openssh-5.8p1/ssh1.h.audit2a openssh-5.8p1/ssh1.h -diff -up openssh-5.8p1/ssh2.h.audit2a openssh-5.8p1/ssh2.h -diff -up openssh-5.8p1/ssh-add.c.audit2a openssh-5.8p1/ssh-add.c -diff -up openssh-5.8p1/ssh-agent.c.audit2a openssh-5.8p1/ssh-agent.c -diff -up openssh-5.8p1/ssh.c.audit2a openssh-5.8p1/ssh.c -diff -up openssh-5.8p1/sshconnect1.c.audit2a openssh-5.8p1/sshconnect1.c -diff -up openssh-5.8p1/sshconnect2.c.audit2a openssh-5.8p1/sshconnect2.c -diff -up openssh-5.8p1/sshconnect.c.audit2a openssh-5.8p1/sshconnect.c -diff -up openssh-5.8p1/sshconnect.h.audit2a openssh-5.8p1/sshconnect.h -diff -up openssh-5.8p1/sshd.c.audit2a openssh-5.8p1/sshd.c -diff -up openssh-5.8p1/ssh-dss.c.audit2a openssh-5.8p1/ssh-dss.c -diff -up openssh-5.8p1/ssh-ecdsa.c.audit2a openssh-5.8p1/ssh-ecdsa.c -diff -up openssh-5.8p1/ssh-gss.h.audit2a openssh-5.8p1/ssh-gss.h -diff -up openssh-5.8p1/ssh.h.audit2a openssh-5.8p1/ssh.h -diff -up openssh-5.8p1/ssh-keygen.c.audit2a openssh-5.8p1/ssh-keygen.c -diff -up openssh-5.8p1/ssh-keyscan.c.audit2a openssh-5.8p1/ssh-keyscan.c -diff -up openssh-5.8p1/ssh-keysign.c.audit2a openssh-5.8p1/ssh-keysign.c -diff -up openssh-5.8p1/sshlogin.c.audit2a openssh-5.8p1/sshlogin.c -diff -up openssh-5.8p1/sshlogin.h.audit2a openssh-5.8p1/sshlogin.h -diff -up openssh-5.8p1/ssh-pkcs11.c.audit2a openssh-5.8p1/ssh-pkcs11.c -diff -up openssh-5.8p1/ssh-pkcs11-client.c.audit2a openssh-5.8p1/ssh-pkcs11-client.c -diff -up openssh-5.8p1/ssh-pkcs11.h.audit2a openssh-5.8p1/ssh-pkcs11.h -diff -up openssh-5.8p1/ssh-pkcs11-helper.c.audit2a openssh-5.8p1/ssh-pkcs11-helper.c -diff -up openssh-5.8p1/sshpty.c.audit2a openssh-5.8p1/sshpty.c -diff -up openssh-5.8p1/sshpty.h.audit2a openssh-5.8p1/sshpty.h -diff -up openssh-5.8p1/ssh-rand-helper.c.audit2a openssh-5.8p1/ssh-rand-helper.c -diff -up openssh-5.8p1/ssh-rsa.c.audit2a openssh-5.8p1/ssh-rsa.c -diff -up openssh-5.8p1/sshtty.c.audit2a openssh-5.8p1/sshtty.c -diff -up openssh-5.8p1/ttymodes.c.audit2a openssh-5.8p1/ttymodes.c -diff -up openssh-5.8p1/ttymodes.h.audit2a openssh-5.8p1/ttymodes.h -diff -up openssh-5.8p1/uidswap.c.audit2a openssh-5.8p1/uidswap.c -diff -up openssh-5.8p1/uidswap.h.audit2a openssh-5.8p1/uidswap.h -diff -up openssh-5.8p1/umac.c.audit2a openssh-5.8p1/umac.c -diff -up openssh-5.8p1/umac.h.audit2a openssh-5.8p1/umac.h -diff -up openssh-5.8p1/uuencode.c.audit2a openssh-5.8p1/uuencode.c -diff -up openssh-5.8p1/uuencode.h.audit2a openssh-5.8p1/uuencode.h -diff -up openssh-5.8p1/version.h.audit2a openssh-5.8p1/version.h -diff -up openssh-5.8p1/xmalloc.c.audit2a openssh-5.8p1/xmalloc.c -diff -up openssh-5.8p1/xmalloc.h.audit2a openssh-5.8p1/xmalloc.h diff --git a/openssh-5.8p1-audit3.patch b/openssh-5.8p1-audit3.patch index 2bdfa66..7683c00 100644 --- a/openssh-5.8p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit3 2011-02-21 18:28:25.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:28:25.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:09:33.000000000 +0100 @@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } @@ -13,15 +13,23 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c +} + +void -+audit_kex_body(int ctos, char *enc, char *mac, char *compress) ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid) +{ + /* not implemented */ +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit3 2011-02-21 18:28:25.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 18:28:25.000000000 +0100 -@@ -36,6 +36,8 @@ +--- openssh-5.8p1/audit.c.audit3 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 20:09:33.000000000 +0100 +@@ -28,6 +28,7 @@ + + #include + #include ++#include + + #ifdef SSH_AUDIT_EVENTS + +@@ -36,6 +37,8 @@ #include "key.h" #include "hostfile.h" #include "auth.h" @@ -30,7 +38,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c #include "xmalloc.h" /* -@@ -128,6 +130,18 @@ audit_key(int host_user, int *rv, const +@@ -128,6 +131,18 @@ audit_key(int host_user, int *rv, const xfree(fp); } @@ -43,13 +51,13 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c +void +audit_kex(int ctos, char *enc, char *mac, char *comp) +{ -+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); ++ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); +} + # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -211,5 +225,24 @@ audit_keyusage(int host_user, const char +@@ -211,5 +226,26 @@ audit_keyusage(int host_user, const char debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); } @@ -67,16 +75,18 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c + * This will be called on succesfull protocol negotiation. + */ +void -+audit_kex_body(int ctos, char *enc, char *mac, char *compress) ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, ++ uid_t uid) +{ -+ debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s", -+ geteuid(), ctos, enc, mac, compress); ++ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u", ++ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, ++ (unsigned)uid); +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit3 2011-02-21 18:28:25.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 18:28:25.000000000 +0100 +--- openssh-5.8p1/audit.h.audit3 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 20:09:33.000000000 +0100 @@ -56,5 +56,9 @@ void audit_run_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); int audit_keyusage(int, const char *, unsigned, char *, int); @@ -84,12 +94,12 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h +void audit_unsupported(int); +void audit_kex(int, char *, char *, char *); +void audit_unsupported_body(int); -+void audit_kex_body(int, char *, char *, char *); ++void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit3 2011-02-21 18:28:25.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:28:59.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit3 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 20:09:33.000000000 +0100 @@ -40,6 +40,8 @@ #include "auth.h" #include "servconf.h" @@ -99,7 +109,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c #define AUDIT_LOG_SIZE 128 -@@ -243,4 +245,54 @@ audit_event(ssh_audit_event_t event) +@@ -243,4 +245,56 @@ audit_event(ssh_audit_event_t event) } } @@ -125,7 +135,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c +} + +void -+audit_kex_body(int ctos, char *enc, char *mac, char *compress) ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, ++ uid_t uid) +{ +#ifdef AUDIT_CRYPTO_SESSION + char buf[AUDIT_LOG_SIZE]; @@ -133,8 +144,9 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + const static char *direction[] = { "from-server", "from-client", "both" }; + Cipher *cipher = cipher_by_name(enc); + -+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d", ++ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", + direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, ++ (intmax_t)pid, (intmax_t)uid, + get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); + audit_fd = audit_open(); + if (audit_fd < 0) { @@ -155,8 +167,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit3 2011-02-21 18:28:25.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-21 18:28:25.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit3 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-21 20:09:33.000000000 +0100 @@ -0,0 +1,39 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -199,7 +211,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c + diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-21 20:09:33.000000000 +0100 @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); @@ -219,7 +231,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-21 20:09:33.000000000 +0100 @@ -61,7 +61,16 @@ typedef struct Cipher Cipher; typedef struct CipherContext CipherContext; @@ -240,7 +252,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h EVP_CIPHER_CTX evp; diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.c 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-21 20:09:33.000000000 +0100 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "monitor.h" @@ -305,7 +317,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-21 20:09:33.000000000 +0100 @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ @@ -316,8 +328,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit3 2011-02-21 18:28:25.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 18:28:25.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit3 2011-02-21 20:09:33.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 20:09:33.000000000 +0100 @@ -89,6 +89,7 @@ #include "ssh2.h" #include "jpake.h" @@ -371,7 +383,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2206,3 +2217,40 @@ mm_answer_jpake_check_confirm(int sock, +@@ -2206,3 +2217,44 @@ mm_answer_jpake_check_confirm(int sock, } #endif /* JPAKE */ @@ -397,13 +409,17 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c +{ + int ctos, len; + char *cipher, *mac, *compress; ++ pid_t pid; ++ uid_t uid; + + ctos = buffer_get_int(m); + cipher = buffer_get_string(m, &len); + mac = buffer_get_string(m, &len); + compress = buffer_get_string(m, &len); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); + -+ audit_kex_body(ctos, cipher, mac, compress); ++ audit_kex_body(ctos, cipher, mac, compress, pid, uid); + + buffer_clear(m); + @@ -414,7 +430,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h --- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-21 20:09:33.000000000 +0100 @@ -66,6 +66,8 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, @@ -426,8 +442,8 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c --- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:28:25.000000000 +0100 -@@ -1412,3 +1412,38 @@ mm_jpake_check_confirm(const BIGNUM *k, ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:09:33.000000000 +0100 +@@ -1412,3 +1412,41 @@ mm_jpake_check_confirm(const BIGNUM *k, return success; } #endif /* JPAKE */ @@ -449,7 +465,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +} + +void -+mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress) ++mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid, ++ uid_t uid) +{ + Buffer m; + @@ -458,6 +475,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c + buffer_put_cstring(&m, cipher); + buffer_put_cstring(&m, mac); + buffer_put_cstring(&m, compress); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX, @@ -468,19 +487,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h --- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:09:33.000000000 +0100 @@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *); #include "audit.h" void mm_audit_event(ssh_audit_event_t); void mm_audit_run_command(const char *); +void mm_audit_unsupported_body(int); -+void mm_audit_kex_body(int, char *, char *, char *); ++void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); #endif struct Session; diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c --- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 18:28:25.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 20:09:33.000000000 +0100 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" diff --git a/openssh-5.8p1-audit3a.patch b/openssh-5.8p1-audit3a.patch index 66cd62a..e69de29 100644 --- a/openssh-5.8p1-audit3a.patch +++ b/openssh-5.8p1-audit3a.patch @@ -1,139 +0,0 @@ -diff -up openssh-5.8p1/audit-bsm.c.audit3a openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit3a 2011-02-21 18:29:45.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:29:45.000000000 +0100 -@@ -391,7 +391,7 @@ audit_unsupported_body(int what) - } - - void --audit_kex_body(int ctos, char *enc, char *mac, char *compress) -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid) - { - /* not implemented */ - } -diff -up openssh-5.8p1/audit.c.audit3a openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit3a 2011-02-21 18:29:45.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 18:29:45.000000000 +0100 -@@ -28,6 +28,7 @@ - - #include - #include -+#include - - #ifdef SSH_AUDIT_EVENTS - -@@ -139,7 +140,7 @@ audit_unsupported(int what) - void - audit_kex(int ctos, char *enc, char *mac, char *comp) - { -- PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); -+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); - } - - # ifndef CUSTOM_SSH_AUDIT_EVENTS -@@ -239,10 +240,12 @@ audit_unsupported_body(int what) - * This will be called on succesfull protocol negotiation. - */ - void --audit_kex_body(int ctos, char *enc, char *mac, char *compress) -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, -+ uid_t uid) - { -- debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s", -- geteuid(), ctos, enc, mac, compress); -+ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u", -+ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, -+ (unsigned)uid); - } - # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.8p1/audit.h.audit3a openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit3a 2011-02-21 18:29:45.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 18:29:45.000000000 +0100 -@@ -59,6 +59,6 @@ void audit_key(int, int *, const Key *); - void audit_unsupported(int); - void audit_kex(int, char *, char *, char *); - void audit_unsupported_body(int); --void audit_kex_body(int, char *, char *, char *); -+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); - - #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.8p1/audit-linux.c.audit3a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit3a 2011-02-21 18:29:45.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:29:45.000000000 +0100 -@@ -267,7 +267,8 @@ audit_unsupported_body(int what) - } - - void --audit_kex_body(int ctos, char *enc, char *mac, char *compress) -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, -+ uid_t uid) - { - #ifdef AUDIT_CRYPTO_SESSION - char buf[AUDIT_LOG_SIZE]; -@@ -275,8 +276,9 @@ audit_kex_body(int ctos, char *enc, char - const static char *direction[] = { "from-server", "from-client", "both" }; - Cipher *cipher = cipher_by_name(enc); - -- snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d", -+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", - direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, -+ (intmax_t)pid, (intmax_t)uid, - get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); - audit_fd = audit_open(); - if (audit_fd < 0) { -diff -up openssh-5.8p1/monitor.c.audit3a openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit3a 2011-02-21 18:29:45.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 18:29:45.000000000 +0100 -@@ -2239,13 +2239,17 @@ mm_answer_audit_kex_body(int sock, Buffe - { - int ctos, len; - char *cipher, *mac, *compress; -+ pid_t pid; -+ uid_t uid; - - ctos = buffer_get_int(m); - cipher = buffer_get_string(m, &len); - mac = buffer_get_string(m, &len); - compress = buffer_get_string(m, &len); -+ pid = buffer_get_int64(m); -+ uid = buffer_get_int64(m); - -- audit_kex_body(ctos, cipher, mac, compress); -+ audit_kex_body(ctos, cipher, mac, compress, pid, uid); - - buffer_clear(m); - -diff -up openssh-5.8p1/monitor_wrap.c.audit3a openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit3a 2011-02-21 18:29:45.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:29:45.000000000 +0100 -@@ -1430,7 +1430,8 @@ mm_audit_unsupported_body(int what) - } - - void --mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress) -+mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid, -+ uid_t uid) - { - Buffer m; - -@@ -1439,6 +1440,8 @@ mm_audit_kex_body(int ctos, char *cipher - buffer_put_cstring(&m, cipher); - buffer_put_cstring(&m, mac); - buffer_put_cstring(&m, compress); -+ buffer_put_int64(&m, pid); -+ buffer_put_int64(&m, uid); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX, -diff -up openssh-5.8p1/monitor_wrap.h.audit3a openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit3a 2011-02-21 18:33:57.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:34:18.000000000 +0100 -@@ -75,7 +75,7 @@ void mm_sshpam_free_ctx(void *); - void mm_audit_event(ssh_audit_event_t); - void mm_audit_run_command(const char *); - void mm_audit_unsupported_body(int); --void mm_audit_kex_body(int, char *, char *, char *); -+void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); - #endif - - struct Session; diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index aba3c06..a8108f5 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -1,20 +1,20 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:14:10.000000000 +0100 @@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ } + +void -+audit_session_key_free_body(int ctos) ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) +{ + /* not implemented */ +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/audit.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 20:14:10.000000000 +0100 @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } @@ -22,13 +22,13 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c +void +audit_session_key_free(int ctos) +{ -+ PRIVSEP(audit_session_key_free_body(ctos)); ++ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid())); +} + # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -247,5 +253,14 @@ audit_kex_body(int ctos, char *enc, char +@@ -247,5 +253,15 @@ audit_kex_body(int ctos, char *enc, char (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, (unsigned)uid); } @@ -37,26 +37,27 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c + * This will be called on succesfull session key discard + */ +void -+audit_session_key_free_body(int ctos) ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) +{ -+ debug("audit session key discard euid %d direction %d", geteuid(), ctos); ++ debug("audit session key discard euid %u direction %d from pid %ld uid %u", ++ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/audit.h.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 20:14:10.000000000 +0100 @@ -60,5 +60,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); +void audit_session_key_free(int ctos); -+void audit_session_key_free_body(int ctos); ++void audit_session_key_free_body(int ctos, pid_t, uid_t); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 20:14:10.000000000 +0100 @@ -266,6 +266,8 @@ audit_unsupported_body(int what) #endif } @@ -74,18 +75,19 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c Cipher *cipher = cipher_by_name(enc); snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", -@@ -297,4 +298,29 @@ audit_kex_body(int ctos, char *enc, char +@@ -297,4 +298,30 @@ audit_kex_body(int ctos, char *enc, char #endif } +void -+audit_session_key_free_body(int ctos) ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) +{ + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + -+ snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d", -+ direction[ctos], get_remote_port(), ++ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d", ++ direction[ctos], (intmax_t)pid, (intmax_t)uid, ++ get_remote_port(), + get_local_ipaddr(packet_get_connection_in()), + get_local_port()); + audit_fd = audit_open(); @@ -105,8 +107,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-21 20:14:10.000000000 +0100 @@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac { } @@ -116,8 +118,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +{ +} diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c ---- openssh-5.8p1/kex.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/kex.c 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/kex.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-21 20:14:10.000000000 +0100 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -155,7 +157,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c + diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.h 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-02-21 20:14:10.000000000 +0100 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -167,7 +169,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.8p1/mac.c 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-21 20:14:10.000000000 +0100 @@ -162,6 +162,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -191,15 +193,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c int diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.8p1/mac.h 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/mac.h 2011-02-21 20:14:10.000000000 +0100 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 20:14:10.000000000 +0100 @@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *) int mm_answer_audit_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); @@ -240,7 +242,7 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2257,4 +2262,18 @@ mm_answer_audit_kex_body(int sock, Buffe +@@ -2257,4 +2262,22 @@ mm_answer_audit_kex_body(int sock, Buffe return 0; } @@ -248,10 +250,14 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +mm_answer_audit_session_key_free_body(int sock, Buffer *m) +{ + int ctos; ++ pid_t pid; ++ uid_t uid; + + ctos = buffer_get_int(m); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); + -+ audit_session_key_free_body(ctos); ++ audit_session_key_free_body(ctos, pid, uid); + + buffer_clear(m); + @@ -260,8 +266,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-21 20:14:10.000000000 +0100 @@ -68,6 +68,7 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -271,20 +277,22 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:38:45.000000000 +0100 -@@ -1449,4 +1449,17 @@ mm_audit_kex_body(int ctos, char *cipher +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:14:10.000000000 +0100 +@@ -1449,4 +1449,19 @@ mm_audit_kex_body(int ctos, char *cipher buffer_free(&m); } + +void -+mm_audit_session_key_free_body(int ctos) ++mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) +{ + Buffer m; + + buffer_init(&m); + buffer_put_int(&m, ctos); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, + &m); @@ -292,19 +300,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:39:26.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:14:10.000000000 +0100 @@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t); void mm_audit_run_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); -+void mm_audit_session_key_free_body(int); ++void mm_audit_session_key_free_body(int, pid_t, uid_t); #endif struct Session; diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 -+++ openssh-5.8p1/packet.c 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/packet.c 2011-02-21 20:14:10.000000000 +0100 @@ -497,6 +497,7 @@ packet_close(void) } cipher_cleanup(&active_state->send_context); @@ -399,7 +407,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 -+++ openssh-5.8p1/packet.h 2011-02-21 18:38:45.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-02-21 20:14:10.000000000 +0100 @@ -125,4 +125,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); @@ -407,8 +415,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h +void packet_destroy_all(void); #endif /* PACKET_H */ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4 2011-02-21 18:38:45.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 18:38:45.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit4 2011-02-21 20:14:09.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 20:14:10.000000000 +0100 @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) return (0); } @@ -425,7 +433,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c + newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_IN]); + packet_destroy_all(); -+ audit_session_key_free_body(2); ++ audit_session_key_free_body(2, getpid(), getuid()); monitor_child_postauth(pmonitor); /* NEVERREACHED */ diff --git a/openssh-5.8p1-audit4a.patch b/openssh-5.8p1-audit4a.patch index 07939a1..e69de29 100644 --- a/openssh-5.8p1-audit4a.patch +++ b/openssh-5.8p1-audit4a.patch @@ -1,131 +0,0 @@ -diff -up openssh-5.8p1/audit-bsm.c.audit4a openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4a 2011-02-21 18:42:14.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:42:14.000000000 +0100 -@@ -397,7 +397,7 @@ audit_kex_body(int ctos, char *enc, char - } - - void --audit_session_key_free_body(int ctos) -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) - { - /* not implemented */ - } -diff -up openssh-5.8p1/audit.c.audit4a openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4a 2011-02-21 18:42:14.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 18:42:14.000000000 +0100 -@@ -146,7 +146,7 @@ audit_kex(int ctos, char *enc, char *mac - void - audit_session_key_free(int ctos) - { -- PRIVSEP(audit_session_key_free_body(ctos)); -+ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid())); - } - - # ifndef CUSTOM_SSH_AUDIT_EVENTS -@@ -258,9 +258,10 @@ audit_kex_body(int ctos, char *enc, char - * This will be called on succesfull session key discard - */ - void --audit_session_key_free_body(int ctos) -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) - { -- debug("audit session key discard euid %d direction %d", geteuid(), ctos); -+ debug("audit session key discard euid %u direction %d from pid %ld uid %u", -+ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); - } - # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.8p1/audit.h.audit4a openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4a 2011-02-21 18:42:14.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 18:42:14.000000000 +0100 -@@ -61,6 +61,6 @@ void audit_kex(int, char *, char *, char - void audit_unsupported_body(int); - void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); - void audit_session_key_free(int ctos); --void audit_session_key_free_body(int ctos); -+void audit_session_key_free_body(int ctos, pid_t, uid_t); - - #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.8p1/audit-linux.c.audit4a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4a 2011-02-21 18:42:14.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:42:14.000000000 +0100 -@@ -299,13 +299,14 @@ audit_kex_body(int ctos, char *enc, char - } - - void --audit_session_key_free_body(int ctos) -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) - { - char buf[AUDIT_LOG_SIZE]; - int audit_fd, audit_ok; - -- snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d", -- direction[ctos], get_remote_port(), -+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d", -+ direction[ctos], (intmax_t)pid, (intmax_t)uid, -+ get_remote_port(), - get_local_ipaddr(packet_get_connection_in()), - get_local_port()); - audit_fd = audit_open(); -diff -up openssh-5.8p1/monitor.c.audit4a openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4a 2011-02-21 18:42:14.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 18:42:14.000000000 +0100 -@@ -2266,10 +2266,14 @@ int - mm_answer_audit_session_key_free_body(int sock, Buffer *m) - { - int ctos; -+ pid_t pid; -+ uid_t uid; - - ctos = buffer_get_int(m); -+ pid = buffer_get_int64(m); -+ uid = buffer_get_int64(m); - -- audit_session_key_free_body(ctos); -+ audit_session_key_free_body(ctos, pid, uid); - - buffer_clear(m); - -diff -up openssh-5.8p1/monitor_wrap.c.audit4a openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4a 2011-02-21 18:42:14.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:42:14.000000000 +0100 -@@ -1451,12 +1451,14 @@ mm_audit_kex_body(int ctos, char *cipher - } - - void --mm_audit_session_key_free_body(int ctos) -+mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) - { - Buffer m; - - buffer_init(&m); - buffer_put_int(&m, ctos); -+ buffer_put_int64(&m, pid); -+ buffer_put_int64(&m, uid); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, - &m); -diff -up openssh-5.8p1/monitor_wrap.h.audit4a openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4a 2011-02-21 18:42:14.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:42:14.000000000 +0100 -@@ -76,7 +76,7 @@ void mm_audit_event(ssh_audit_event_t); - void mm_audit_run_command(const char *); - void mm_audit_unsupported_body(int); - void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); --void mm_audit_session_key_free_body(int); -+void mm_audit_session_key_free_body(int, pid_t, uid_t); - #endif - - struct Session; -diff -up openssh-5.8p1/sshd.c.audit4a openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4a 2011-02-21 18:48:30.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 18:48:41.000000000 +0100 -@@ -693,7 +693,7 @@ privsep_postauth(Authctxt *authctxt) - newkeys_destroy(current_keys[MODE_OUT]); - newkeys_destroy(current_keys[MODE_IN]); - packet_destroy_all(); -- audit_session_key_free_body(2); -+ audit_session_key_free_body(2, getpid(), getuid()); - monitor_child_postauth(pmonitor); - - /* NEVERREACHED */ diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index f0013b2..7d97e76 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:54:03.000000000 +0100 -@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:16:34.000000000 +0100 +@@ -401,4 +401,22 @@ audit_session_key_free_body(int ctos, pi { /* not implemented */ } @@ -11,11 +11,23 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c +{ + /* not implemented */ +} ++ ++void ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) ++{ ++ /* not implemented */ ++} ++ ++void ++audit_generate_ephemeral_server_key(const char *fp) ++{ ++ /* not implemented */ ++} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 18:54:03.000000000 +0100 -@@ -263,5 +263,14 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit.c.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-21 20:16:34.000000000 +0100 +@@ -263,5 +263,24 @@ audit_session_key_free_body(int ctos, pi debug("audit session key discard euid %u direction %d from pid %ld uid %u", (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); } @@ -24,36 +36,88 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c + * This will be called on destroy private part of the server key + */ +void -+audit_destroy_sensitive_data(const char *fp) ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) +{ -+ debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp); ++ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u", ++ geteuid(), fp, (long)pid, (unsigned)uid); ++} ++ ++/* ++ * This will be called on generation of the ephemeral server key ++ */ ++void ++audit_generate_ephemeral_server_key(const char *) ++{ ++ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp); +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 18:54:03.000000000 +0100 -@@ -62,5 +62,6 @@ void audit_unsupported_body(int); +--- openssh-5.8p1/audit.h.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-21 20:16:34.000000000 +0100 +@@ -48,6 +48,8 @@ enum ssh_audit_event_type { + }; + typedef enum ssh_audit_event_type ssh_audit_event_t; + ++int listening_for_clients(void); ++ + void audit_connection_from(const char *, int); + void audit_event(ssh_audit_event_t); + void audit_session_open(struct logininfo *); +@@ -62,5 +64,7 @@ void audit_unsupported_body(int); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void audit_session_key_free(int ctos); void audit_session_key_free_body(int ctos, pid_t, uid_t); -+void audit_destroy_sensitive_data(const char *); ++void audit_destroy_sensitive_data(const char *, pid_t, uid_t); ++void audit_generate_ephemeral_server_key(const char *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:54:03.000000000 +0100 -@@ -324,4 +324,26 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit-linux.c.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-21 20:16:34.000000000 +0100 +@@ -317,6 +317,31 @@ audit_session_key_free_body(int ctos, pi + return; + } + audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, ++ buf, NULL, ++ listening_for_clients() ? NULL : get_remote_ipaddr(), ++ NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ error("cannot write into audit"); ++} ++ ++void ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) ++{ ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, audit_ok; ++ ++ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd", ++ fp, (intmax_t)pid, (intmax_t)uid); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno != EINVAL && errno != EPROTONOSUPPORT && ++ errno != EAFNOSUPPORT) ++ error("cannot open audit"); ++ return; ++ } ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, + buf, NULL, get_remote_ipaddr(), NULL, 1); + audit_close(audit_fd); + /* do not abort if the error is EPERM and sshd is run as non root user */ +@@ -324,4 +349,25 @@ audit_session_key_free_body(int ctos, pi error("cannot write into audit"); } +void -+audit_destroy_sensitive_data(const char *fp) ++audit_generate_ephemeral_server_key(const char *fp) +{ + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + -+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp); ++ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=?", fp); + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno != EINVAL && errno != EPROTONOSUPPORT && @@ -62,17 +126,61 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c + return; + } + audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, -+ buf, NULL, get_remote_ipaddr(), NULL, 1); ++ buf, NULL, 0, NULL, 1); + audit_close(audit_fd); + /* do not abort if the error is EPERM and sshd is run as non root user */ + if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) + error("cannot write into audit"); +} -+ #endif /* USE_LINUX_AUDIT */ +diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c +--- openssh-5.8p1/key.c.audit5 2011-02-04 01:48:34.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-21 20:16:34.000000000 +0100 +@@ -1769,6 +1769,30 @@ key_demote(const Key *k) + } + + int ++key_is_private(const Key *k) ++{ ++ switch (k->type) { ++ case KEY_RSA_CERT_V00: ++ case KEY_RSA_CERT: ++ case KEY_RSA1: ++ case KEY_RSA: ++ return k->rsa->d != NULL; ++ case KEY_DSA_CERT_V00: ++ case KEY_DSA_CERT: ++ case KEY_DSA: ++ return k->dsa->priv_key != NULL; ++#ifdef OPENSSL_HAS_ECC ++ case KEY_ECDSA_CERT: ++ case KEY_ECDSA: ++ return EC_KEY_get0_private_key(k->ecdsa) != NULL; ++#endif ++ default: ++ fatal("key_is_private: bad key type %d", k->type); ++ return 1; ++ } ++} ++ ++int + key_is_cert(const Key *k) + { + if (k == NULL) +diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h +--- openssh-5.8p1/key.h.audit5 2010-11-05 00:19:49.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-02-21 20:16:34.000000000 +0100 +@@ -106,6 +106,7 @@ Key *key_generate(int, u_int); + Key *key_from_private(const Key *); + int key_type_from_name(char *); + int key_is_cert(const Key *); ++int key_is_private(const Key *k); + int key_type_plain(int); + int key_to_certified(Key *, int); + int key_drop_cert(Key *); diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 18:54:03.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-21 20:16:34.000000000 +0100 @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); @@ -113,7 +221,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2280,4 +2285,20 @@ mm_answer_audit_session_key_free_body(in +@@ -2280,4 +2285,24 @@ mm_answer_audit_session_key_free_body(in mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); return 0; } @@ -123,10 +231,14 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +{ + int len; + char *fp; ++ pid_t pid; ++ uid_t uid; + + fp = buffer_get_string(m, &len); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); + -+ audit_destroy_sensitive_data(fp); ++ audit_destroy_sensitive_data(fp, pid, uid); + + buffer_clear(m); + @@ -135,8 +247,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-21 18:54:03.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-21 20:16:34.000000000 +0100 @@ -69,6 +69,7 @@ enum monitor_reqtype { MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, @@ -146,20 +258,22 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:54:03.000000000 +0100 -@@ -1464,4 +1464,18 @@ mm_audit_session_key_free_body(int ctos, +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:16:34.000000000 +0100 +@@ -1464,4 +1464,20 @@ mm_audit_session_key_free_body(int ctos, &m); buffer_free(&m); } + +void -+mm_audit_destroy_sensitive_data(const char *fp) ++mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) +{ + Buffer m; + + buffer_init(&m); + buffer_put_cstring(&m, fp); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, @@ -168,19 +282,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:54:56.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:16:34.000000000 +0100 @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void mm_audit_session_key_free_body(int, pid_t, uid_t); -+void mm_audit_destroy_sensitive_data(const char *); ++void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t); #endif struct Session; diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c --- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-21 18:54:03.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-21 20:16:34.000000000 +0100 @@ -132,7 +132,7 @@ extern int log_stderr; extern int debug_flag; extern u_int utmp_len; @@ -200,8 +314,8 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5 2011-02-21 18:54:03.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 18:54:03.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit5 2011-02-21 20:16:34.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-21 20:16:34.000000000 +0100 @@ -253,7 +253,7 @@ Buffer loginmsg; struct passwd *privsep_pw = NULL; @@ -211,51 +325,119 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c void demote_sensitive_data(void); static void do_ssh1_kex(void); -@@ -534,7 +534,7 @@ sshd_exchange_identification(int sock_in +@@ -272,6 +272,15 @@ close_listen_socks(void) + num_listen_socks = -1; + } + ++/* ++ * Is this process listening for clients (i.e. not specific to any specific ++ * client connection?) ++ */ ++int listening_for_clients(void) ++{ ++ return num_listen_socks > 0; ++} ++ + static void + close_startup_pipes(void) + { +@@ -532,22 +541,47 @@ sshd_exchange_identification(int sock_in + } + } - /* Destroy the host and server keys. They will no longer be needed. */ +-/* Destroy the host and server keys. They will no longer be needed. */ ++/* ++ * Destroy the host and server keys. They will no longer be needed. Careful, ++ * this can be called from cleanup_exit() - i.e. from just about anywhere. ++ */ void -destroy_sensitive_data(void) +destroy_sensitive_data(int privsep) { int i; ++ pid_t pid; ++ uid_t uid; -@@ -544,8 +544,16 @@ destroy_sensitive_data(void) + if (sensitive_data.server_key) { + key_free(sensitive_data.server_key); + sensitive_data.server_key = NULL; } ++ pid = getpid(); ++ uid = getuid(); for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { + char *fp; + -+ fp = key_fingerprint(sensitive_data.host_keys[i], -+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); ++ if (key_is_private(sensitive_data.host_keys[i])) ++ fp = key_fingerprint(sensitive_data.host_keys[i], ++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ++ SSH_FP_HEX); ++ else ++ fp = NULL; key_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = NULL; -+ if (privsep) -+ PRIVSEP(audit_destroy_sensitive_data(fp)); -+ else -+ audit_destroy_sensitive_data(fp); ++ if (fp != NULL) { ++ if (privsep) ++ PRIVSEP(audit_destroy_sensitive_data(fp, ++ pid, uid)); ++ else ++ audit_destroy_sensitive_data(fp, ++ pid, uid); ++ xfree(fp); ++ } } - if (sensitive_data.host_certificates[i]) { +- if (sensitive_data.host_certificates[i]) { ++ if (sensitive_data.host_certificates ++ && sensitive_data.host_certificates[i]) { key_free(sensitive_data.host_certificates[i]); -@@ -571,11 +579,17 @@ demote_sensitive_data(void) + sensitive_data.host_certificates[i] = NULL; + } +@@ -561,6 +595,8 @@ void + demote_sensitive_data(void) + { + Key *tmp; ++ pid_t pid; ++ uid_t uid; + int i; + if (sensitive_data.server_key) { +@@ -569,13 +605,27 @@ demote_sensitive_data(void) + sensitive_data.server_key = tmp; + } + ++ pid = getpid(); ++ uid = getuid(); for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { + char *fp; + -+ fp = key_fingerprint(sensitive_data.host_keys[i], -+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); ++ if (key_is_private(sensitive_data.host_keys[i])) ++ fp = key_fingerprint(sensitive_data.host_keys[i], ++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, ++ SSH_FP_HEX); ++ else ++ fp = NULL; tmp = key_demote(sensitive_data.host_keys[i]); key_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = tmp; if (tmp->type == KEY_RSA1) sensitive_data.ssh1_host_key = tmp; -+ audit_destroy_sensitive_data(fp); -+ xfree(fp); ++ if (fp != NULL) { ++ audit_destroy_sensitive_data(fp, pid, uid); ++ xfree(fp); ++ } } /* Certs do not need demotion */ } -@@ -2024,7 +2038,7 @@ main(int ac, char **av) +@@ -1120,6 +1170,7 @@ server_accept_loop(int *sock_in, int *so + if (received_sigterm) { + logit("Received signal %d; terminating.", + (int) received_sigterm); ++ destroy_sensitive_data(0); + close_listen_socks(); + unlink(options.pid_file); + exit(255); +@@ -2024,7 +2075,7 @@ main(int ac, char **av) privsep_postauth(authctxt); /* the monitor process [priv] will not return */ if (!compat20) @@ -264,7 +446,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c } packet_set_timeout(options.client_alive_interval, -@@ -2264,7 +2278,7 @@ do_ssh1_kex(void) +@@ -2264,7 +2315,7 @@ do_ssh1_kex(void) session_id[i] = session_key[i] ^ session_key[i + 16]; } /* Destroy the private and public keys. No longer. */ @@ -273,3 +455,13 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c if (use_privsep) mm_ssh1_session_id(session_id); +@@ -2356,6 +2407,9 @@ cleanup_exit(int i) + { + if (the_authctxt) + do_cleanup(the_authctxt); ++ if (sensitive_data.host_keys != NULL) ++ destroy_sensitive_data(use_privsep && pmonitor != NULL && ++ !mm_is_monitor()); + #ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if (!use_privsep || mm_is_monitor()) diff --git a/openssh-5.8p1-audit5a.patch b/openssh-5.8p1-audit5a.patch index 3844295..e69de29 100644 --- a/openssh-5.8p1-audit5a.patch +++ b/openssh-5.8p1-audit5a.patch @@ -1,351 +0,0 @@ -diff -up openssh-5.8p1/audit-bsm.c.audit5a openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-21 19:11:32.000000000 +0100 -@@ -407,4 +407,16 @@ audit_destroy_sensitive_data(const char - { - /* not implemented */ - } -+ -+void -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) -+{ -+ /* not implemented */ -+} -+ -+void -+audit_generate_ephemeral_server_key(const char *fp) -+{ -+ /* not implemented */ -+} - #endif /* BSM */ -diff -up openssh-5.8p1/audit.c.audit5a openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 19:11:32.000000000 +0100 -@@ -268,9 +268,19 @@ audit_session_key_free_body(int ctos, pi - * This will be called on destroy private part of the server key - */ - void --audit_destroy_sensitive_data(const char *fp) -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) - { -- debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp); -+ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u", -+ geteuid(), fp, (long)pid, (unsigned)uid); -+} -+ -+/* -+ * This will be called on generation of the ephemeral server key -+ */ -+void -+audit_generate_ephemeral_server_key(const char *) -+{ -+ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp); - } - # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ - #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-5.8p1/audit.h.audit5a openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-21 19:11:32.000000000 +0100 -@@ -48,6 +48,8 @@ enum ssh_audit_event_type { - }; - typedef enum ssh_audit_event_type ssh_audit_event_t; - -+int listening_for_clients(void); -+ - void audit_connection_from(const char *, int); - void audit_event(ssh_audit_event_t); - void audit_session_open(struct logininfo *); -@@ -62,6 +64,7 @@ void audit_unsupported_body(int); - void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); - void audit_session_key_free(int ctos); - void audit_session_key_free_body(int ctos, pid_t, uid_t); --void audit_destroy_sensitive_data(const char *); -+void audit_destroy_sensitive_data(const char *, pid_t, uid_t); -+void audit_generate_ephemeral_server_key(const char *); - - #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.8p1/audit-linux.c.audit5a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-21 19:11:32.000000000 +0100 -@@ -317,7 +317,9 @@ audit_session_key_free_body(int ctos, pi - return; - } - audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, -- buf, NULL, get_remote_ipaddr(), NULL, 1); -+ buf, NULL, -+ listening_for_clients() ? NULL : get_remote_ipaddr(), -+ NULL, 1); - audit_close(audit_fd); - /* do not abort if the error is EPERM and sshd is run as non root user */ - if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) -@@ -325,12 +327,13 @@ audit_session_key_free_body(int ctos, pi - } - - void --audit_destroy_sensitive_data(const char *fp) -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) - { - char buf[AUDIT_LOG_SIZE]; - int audit_fd, audit_ok; - -- snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp); -+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd", -+ fp, (intmax_t)pid, (intmax_t)uid); - audit_fd = audit_open(); - if (audit_fd < 0) { - if (errno != EINVAL && errno != EPROTONOSUPPORT && -@@ -346,4 +349,25 @@ audit_destroy_sensitive_data(const char - error("cannot write into audit"); - } - -+void -+audit_generate_ephemeral_server_key(const char *fp) -+{ -+ char buf[AUDIT_LOG_SIZE]; -+ int audit_fd, audit_ok; -+ -+ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=?", fp); -+ audit_fd = audit_open(); -+ if (audit_fd < 0) { -+ if (errno != EINVAL && errno != EPROTONOSUPPORT && -+ errno != EAFNOSUPPORT) -+ error("cannot open audit"); -+ return; -+ } -+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, -+ buf, NULL, 0, NULL, 1); -+ audit_close(audit_fd); -+ /* do not abort if the error is EPERM and sshd is run as non root user */ -+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) -+ error("cannot write into audit"); -+} - #endif /* USE_LINUX_AUDIT */ -diff -up openssh-5.8p1/key.c.audit5a openssh-5.8p1/key.c ---- openssh-5.8p1/key.c.audit5a 2011-02-04 01:48:34.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-21 19:15:28.000000000 +0100 -@@ -1769,6 +1769,30 @@ key_demote(const Key *k) - } - - int -+key_is_private(const Key *k) -+{ -+ switch (k->type) { -+ case KEY_RSA_CERT_V00: -+ case KEY_RSA_CERT: -+ case KEY_RSA1: -+ case KEY_RSA: -+ return k->rsa->d != NULL; -+ case KEY_DSA_CERT_V00: -+ case KEY_DSA_CERT: -+ case KEY_DSA: -+ return k->dsa->priv_key != NULL; -+#ifdef OPENSSL_HAS_ECC -+ case KEY_ECDSA_CERT: -+ case KEY_ECDSA: -+ return EC_KEY_get0_private_key(k->ecdsa) != NULL; -+#endif -+ default: -+ fatal("key_is_private: bad key type %d", k->type); -+ return 1; -+ } -+} -+ -+int - key_is_cert(const Key *k) - { - if (k == NULL) -diff -up openssh-5.8p1/key.h.audit5a openssh-5.8p1/key.h ---- openssh-5.8p1/key.h.audit5a 2010-11-05 00:19:49.000000000 +0100 -+++ openssh-5.8p1/key.h 2011-02-21 19:15:34.000000000 +0100 -@@ -106,6 +106,7 @@ Key *key_generate(int, u_int); - Key *key_from_private(const Key *); - int key_type_from_name(char *); - int key_is_cert(const Key *); -+int key_is_private(const Key *k); - int key_type_plain(int); - int key_to_certified(Key *, int); - int key_drop_cert(Key *); -diff -up openssh-5.8p1/monitor.c.audit5a openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-21 19:11:32.000000000 +0100 -@@ -2291,10 +2291,14 @@ mm_answer_audit_server_key_free(int sock - { - int len; - char *fp; -+ pid_t pid; -+ uid_t uid; - - fp = buffer_get_string(m, &len); -+ pid = buffer_get_int64(m); -+ uid = buffer_get_int64(m); - -- audit_destroy_sensitive_data(fp); -+ audit_destroy_sensitive_data(fp, pid, uid); - - buffer_clear(m); - -diff -up openssh-5.8p1/monitor_wrap.c.audit5a openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 19:11:32.000000000 +0100 -@@ -1466,12 +1466,14 @@ mm_audit_session_key_free_body(int ctos, - } - - void --mm_audit_destroy_sensitive_data(const char *fp) -+mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) - { - Buffer m; - - buffer_init(&m); - buffer_put_cstring(&m, fp); -+ buffer_put_int64(&m, pid); -+ buffer_put_int64(&m, uid); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, -diff -up openssh-5.8p1/monitor_wrap.h.audit5a openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 19:11:32.000000000 +0100 -@@ -77,7 +77,7 @@ void mm_audit_run_command(const char *); - void mm_audit_unsupported_body(int); - void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); - void mm_audit_session_key_free_body(int, pid_t, uid_t); --void mm_audit_destroy_sensitive_data(const char *); -+void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t); - #endif - - struct Session; -diff -up openssh-5.8p1/sshd.c.audit5a openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5a 2011-02-21 19:11:32.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 19:11:32.000000000 +0100 -@@ -272,6 +272,15 @@ close_listen_socks(void) - num_listen_socks = -1; - } - -+/* -+ * Is this process listening for clients (i.e. not specific to any specific -+ * client connection?) -+ */ -+int listening_for_clients(void) -+{ -+ return num_listen_socks > 0; -+} -+ - static void - close_startup_pipes(void) - { -@@ -532,30 +541,47 @@ sshd_exchange_identification(int sock_in - } - } - --/* Destroy the host and server keys. They will no longer be needed. */ -+/* -+ * Destroy the host and server keys. They will no longer be needed. Careful, -+ * this can be called from cleanup_exit() - i.e. from just about anywhere. -+ */ - void - destroy_sensitive_data(int privsep) - { - int i; -+ pid_t pid; -+ uid_t uid; - - if (sensitive_data.server_key) { - key_free(sensitive_data.server_key); - sensitive_data.server_key = NULL; - } -+ pid = getpid(); -+ uid = getuid(); - for (i = 0; i < options.num_host_key_files; i++) { - if (sensitive_data.host_keys[i]) { - char *fp; - -- fp = key_fingerprint(sensitive_data.host_keys[i], -- FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ if (key_is_private(sensitive_data.host_keys[i])) -+ fp = key_fingerprint(sensitive_data.host_keys[i], -+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, -+ SSH_FP_HEX); -+ else -+ fp = NULL; - key_free(sensitive_data.host_keys[i]); - sensitive_data.host_keys[i] = NULL; -- if (privsep) -- PRIVSEP(audit_destroy_sensitive_data(fp)); -- else -- audit_destroy_sensitive_data(fp); -+ if (fp != NULL) { -+ if (privsep) -+ PRIVSEP(audit_destroy_sensitive_data(fp, -+ pid, uid)); -+ else -+ audit_destroy_sensitive_data(fp, -+ pid, uid); -+ xfree(fp); -+ } - } -- if (sensitive_data.host_certificates[i]) { -+ if (sensitive_data.host_certificates -+ && sensitive_data.host_certificates[i]) { - key_free(sensitive_data.host_certificates[i]); - sensitive_data.host_certificates[i] = NULL; - } -@@ -569,6 +595,8 @@ void - demote_sensitive_data(void) - { - Key *tmp; -+ pid_t pid; -+ uid_t uid; - int i; - - if (sensitive_data.server_key) { -@@ -577,19 +605,27 @@ demote_sensitive_data(void) - sensitive_data.server_key = tmp; - } - -+ pid = getpid(); -+ uid = getuid(); - for (i = 0; i < options.num_host_key_files; i++) { - if (sensitive_data.host_keys[i]) { - char *fp; - -- fp = key_fingerprint(sensitive_data.host_keys[i], -- FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ if (key_is_private(sensitive_data.host_keys[i])) -+ fp = key_fingerprint(sensitive_data.host_keys[i], -+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, -+ SSH_FP_HEX); -+ else -+ fp = NULL; - tmp = key_demote(sensitive_data.host_keys[i]); - key_free(sensitive_data.host_keys[i]); - sensitive_data.host_keys[i] = tmp; - if (tmp->type == KEY_RSA1) - sensitive_data.ssh1_host_key = tmp; -- audit_destroy_sensitive_data(fp); -- xfree(fp); -+ if (fp != NULL) { -+ audit_destroy_sensitive_data(fp, pid, uid); -+ xfree(fp); -+ } - } - /* Certs do not need demotion */ - } -@@ -1134,6 +1170,7 @@ server_accept_loop(int *sock_in, int *so - if (received_sigterm) { - logit("Received signal %d; terminating.", - (int) received_sigterm); -+ destroy_sensitive_data(0); - close_listen_socks(); - unlink(options.pid_file); - exit(255); -@@ -2370,6 +2407,9 @@ cleanup_exit(int i) - { - if (the_authctxt) - do_cleanup(the_authctxt); -+ if (sensitive_data.host_keys != NULL) -+ destroy_sensitive_data(use_privsep && pmonitor != NULL && -+ !mm_is_monitor()); - #ifdef SSH_AUDIT_EVENTS - /* done after do_cleanup so it can cancel the PAM auth 'thread' */ - if (!use_privsep || mm_is_monitor())