forked from rpms/openssh
Drop unused function from audit
This commit is contained in:
parent
316553ade0
commit
32dc9bd1cd
@ -39,7 +39,7 @@ diff -up openssh-7.6p1/audit-bsm.c.audit openssh-7.6p1/audit-bsm.c
|
|||||||
void
|
void
|
||||||
audit_event(ssh_audit_event_t event)
|
audit_event(ssh_audit_event_t event)
|
||||||
{
|
{
|
||||||
@@ -452,4 +471,40 @@ audit_event(ssh_audit_event_t event)
|
@@ -452,4 +471,34 @@ audit_event(ssh_audit_event_t event)
|
||||||
debug("%s: unhandled event %d", __func__, event);
|
debug("%s: unhandled event %d", __func__, event);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -72,12 +72,6 @@ diff -up openssh-7.6p1/audit-bsm.c.audit openssh-7.6p1/audit-bsm.c
|
|||||||
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
|
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
|
||||||
+{
|
+{
|
||||||
+ /* not implemented */
|
+ /* not implemented */
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+audit_generate_ephemeral_server_key(const char *fp)
|
|
||||||
+{
|
|
||||||
+ /* not implemented */
|
|
||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
|
diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
|
||||||
@ -183,7 +177,7 @@ diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
|
|||||||
* Called when a user session is started. Argument is the tty allocated to
|
* Called when a user session is started. Argument is the tty allocated to
|
||||||
* the session, or NULL if no tty was allocated.
|
* the session, or NULL if no tty was allocated.
|
||||||
*
|
*
|
||||||
@@ -172,13 +218,91 @@ audit_session_close(struct logininfo *li
|
@@ -172,13 +218,82 @@ audit_session_close(struct logininfo *li
|
||||||
/*
|
/*
|
||||||
* This will be called when a user runs a non-interactive command. Note that
|
* This will be called when a user runs a non-interactive command. Note that
|
||||||
* it may be called multiple times for a single connection since SSH2 allows
|
* it may be called multiple times for a single connection since SSH2 allows
|
||||||
@ -265,15 +259,6 @@ diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
|
|||||||
+{
|
+{
|
||||||
+ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
|
+ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
|
||||||
+ geteuid(), fp, (long)pid, (unsigned)uid);
|
+ geteuid(), fp, (long)pid, (unsigned)uid);
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * This will be called on generation of the ephemeral server key
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+audit_generate_ephemeral_server_key(const char *)
|
|
||||||
+{
|
|
||||||
+ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
|
|
||||||
}
|
}
|
||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
@ -288,7 +273,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
|
|||||||
|
|
||||||
enum ssh_audit_event_type {
|
enum ssh_audit_event_type {
|
||||||
SSH_LOGIN_EXCEED_MAXTRIES,
|
SSH_LOGIN_EXCEED_MAXTRIES,
|
||||||
@@ -43,13 +44,33 @@ enum ssh_audit_event_type {
|
@@ -43,13 +44,32 @@ enum ssh_audit_event_type {
|
||||||
SSH_CONNECTION_ABANDON, /* closed without completing auth */
|
SSH_CONNECTION_ABANDON, /* closed without completing auth */
|
||||||
SSH_AUDIT_UNKNOWN
|
SSH_AUDIT_UNKNOWN
|
||||||
};
|
};
|
||||||
@ -320,7 +305,6 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
|
|||||||
+void audit_session_key_free(int ctos);
|
+void audit_session_key_free(int ctos);
|
||||||
+void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
+void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
||||||
+void audit_destroy_sensitive_data(const char *, pid_t, uid_t);
|
+void audit_destroy_sensitive_data(const char *, pid_t, uid_t);
|
||||||
+void audit_generate_ephemeral_server_key(const char *);
|
|
||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
||||||
@ -529,7 +513,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -103,24 +231,180 @@ audit_event(ssh_audit_event_t event)
|
@@ -103,24 +231,158 @@ audit_event(ssh_audit_event_t event)
|
||||||
|
|
||||||
switch(event) {
|
switch(event) {
|
||||||
case SSH_AUTH_SUCCESS:
|
case SSH_AUTH_SUCCESS:
|
||||||
@ -690,28 +674,6 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||||||
+ /* do not abort if the error is EPERM and sshd is run as non root user */
|
+ /* do not abort if the error is EPERM and sshd is run as non root user */
|
||||||
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
|
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
|
||||||
+ error("cannot write into audit");
|
+ error("cannot write into audit");
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+audit_generate_ephemeral_server_key(const char *fp)
|
|
||||||
+{
|
|
||||||
+ char buf[AUDIT_LOG_SIZE];
|
|
||||||
+ int audit_fd, audit_ok;
|
|
||||||
+
|
|
||||||
+ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=? ", fp);
|
|
||||||
+ audit_fd = audit_open();
|
|
||||||
+ if (audit_fd < 0) {
|
|
||||||
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
|
|
||||||
+ errno != EAFNOSUPPORT)
|
|
||||||
+ error("cannot open audit");
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
|
|
||||||
+ buf, NULL, 0, NULL, 1);
|
|
||||||
+ audit_close(audit_fd);
|
|
||||||
+ /* do not abort if the error is EPERM and sshd is run as non root user */
|
|
||||||
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
|
|
||||||
+ error("cannot write into audit");
|
|
||||||
+}
|
+}
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-7.6p1/auditstub.c.audit openssh-7.6p1/auditstub.c
|
diff -up openssh-7.6p1/auditstub.c.audit openssh-7.6p1/auditstub.c
|
||||||
|
Loading…
Reference in New Issue
Block a user