From 825921b7f3fb60b617b3d4c086028f783fd5e756 Mon Sep 17 00:00:00 2001 From: Jan F Date: Fri, 4 Mar 2011 15:22:12 +0100 Subject: [PATCH] improove ssk-keycat (documentation) --- openssh-5.8p1-audit0.patch | 17 ++ openssh-5.8p1-audit0a.patch | 17 -- openssh-5.8p1-audit1.patch | 353 +++++++++++++++++++++++------ openssh-5.8p1-audit1a.patch | 429 ------------------------------------ openssh-5.8p1-audit2.patch | 140 ++++++++++-- openssh-5.8p1-audit2a.patch | 153 ------------- openssh-5.8p1-keycat.patch | 139 +++++++++++- openssh-5.8p1-keycat2.patch | 132 ----------- openssh.spec | 6 +- ssh-keycat.pam | 4 +- 10 files changed, 561 insertions(+), 829 deletions(-) diff --git a/openssh-5.8p1-audit0.patch b/openssh-5.8p1-audit0.patch index e69de29..9a0f37c 100644 --- a/openssh-5.8p1-audit0.patch +++ b/openssh-5.8p1-audit0.patch @@ -0,0 +1,17 @@ +Don't audit SSH_INVALID_USER twice. + +PRIVSEP(getpwnamallow()) a few lines above already did this. + +diff -ur openssh/auth2.c openssh-5.8p1/auth2.c +--- openssh/auth2.c 2011-03-02 02:32:52.383773622 +0100 ++++ openssh-5.8p1/auth2.c 2011-03-02 03:32:34.585110911 +0100 +@@ -250,9 +250,6 @@ + } else { + logit("input_userauth_request: invalid user %s", user); + authctxt->pw = fakepw(); +-#ifdef SSH_AUDIT_EVENTS +- PRIVSEP(audit_event(SSH_INVALID_USER)); +-#endif + } + #ifdef USE_PAM + if (options.use_pam) diff --git a/openssh-5.8p1-audit0a.patch b/openssh-5.8p1-audit0a.patch index 9a0f37c..e69de29 100644 --- a/openssh-5.8p1-audit0a.patch +++ b/openssh-5.8p1-audit0a.patch @@ -1,17 +0,0 @@ -Don't audit SSH_INVALID_USER twice. - -PRIVSEP(getpwnamallow()) a few lines above already did this. - -diff -ur openssh/auth2.c openssh-5.8p1/auth2.c ---- openssh/auth2.c 2011-03-02 02:32:52.383773622 +0100 -+++ openssh-5.8p1/auth2.c 2011-03-02 03:32:34.585110911 +0100 -@@ -250,9 +250,6 @@ - } else { - logit("input_userauth_request: invalid user %s", user); - authctxt->pw = fakepw(); --#ifdef SSH_AUDIT_EVENTS -- PRIVSEP(audit_event(SSH_INVALID_USER)); --#endif - } - #ifdef USE_PAM - if (options.use_pam) diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch index 08674a9..a4ac470 100644 --- a/openssh-5.8p1-audit1.patch +++ b/openssh-5.8p1-audit1.patch @@ -1,55 +1,103 @@ diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c --- openssh-5.8p1/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-28 22:39:02.000000000 +0100 -@@ -305,6 +305,12 @@ audit_run_command(const char *command) ++++ openssh-5.8p1/audit-bsm.c 2011-03-04 14:16:25.000000000 +0100 +@@ -298,10 +298,23 @@ audit_connection_from(const char *host, + #endif } - void -+audit_end_command(const char *command) +-void ++int + audit_run_command(const char *command) + { + /* not implemented */ ++ return 0; ++} ++ ++void ++audit_end_command(int handle, const char *command) +{ + /* not implemented */ +} + +void - audit_session_open(struct logininfo *li) - { - /* not implemented */ ++audit_count_session_open(void) ++{ ++ /* not necessary */ + } + + void diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c --- openssh-5.8p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-28 22:39:02.000000000 +0100 -@@ -182,5 +182,18 @@ audit_run_command(const char *command) ++++ openssh-5.8p1/audit.c 2011-03-04 14:16:25.000000000 +0100 +@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event) + } + + /* ++ * Called when a child process has called, or will soon call, ++ * audit_session_open. ++ */ ++void ++audit_count_session_open(void) ++{ ++ debug("audit count session open euid %d user %s", geteuid(), ++ audit_username()); ++} ++ ++/* + * Called when a user session is started. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * +@@ -174,13 +185,29 @@ audit_session_close(struct logininfo *li + /* + * This will be called when a user runs a non-interactive command. Note that + * it may be called multiple times for a single connection since SSH2 allows +- * multiple sessions within a single connection. ++ * multiple sessions within a single connection. Returns a "handle" for ++ * audit_end_command. + */ +-void ++int + audit_run_command(const char *command) + { debug("audit run command euid %d user %s command '%.200s'", geteuid(), audit_username(), command); - } ++ return 0; ++} + +/* + * This will be called when the non-interactive command finishes. Note that + * it may be called multiple times for a single connection since SSH2 allows -+ * multiple sessions within a single connection. ++ * multiple sessions within a single connection. "handle" should come from ++ * the corresponding audit_run_command. + */ +void -+audit_end_command(const char *command) ++audit_end_command(int handle, const char *command) +{ + debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(), + audit_username(), command); -+} + } + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h --- openssh-5.8p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-28 22:39:02.000000000 +0100 -@@ -52,6 +52,7 @@ void audit_event(ssh_audit_event_t); ++++ openssh-5.8p1/audit.h 2011-03-04 14:16:25.000000000 +0100 +@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au + + void audit_connection_from(const char *, int); + void audit_event(ssh_audit_event_t); ++void audit_count_session_open(void); void audit_session_open(struct logininfo *); void audit_session_close(struct logininfo *); - void audit_run_command(const char *); -+void audit_end_command(const char *); +-void audit_run_command(const char *); ++int audit_run_command(const char *); ++void audit_end_command(int, const char *); ssh_audit_event_t audit_classify_auth(const char *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c --- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-28 22:39:02.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-03-04 14:16:25.000000000 +0100 @@ -35,13 +35,20 @@ #include "log.h" @@ -89,7 +137,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c NULL, "login", username ? username : "(unknown)", username == NULL ? uid : -1, hostname, ip, ttyn, success); saved_errno = errno; -@@ -65,35 +72,112 @@ linux_audit_record_event(int uid, const +@@ -65,35 +72,119 @@ linux_audit_record_event(int uid, const if ((rc == -EPERM) && (geteuid() != 0)) rc = 0; errno = saved_errno; @@ -163,7 +211,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c /* not implemented */ +} - void +-void ++int audit_run_command(const char *command) { - /* not implemented */ @@ -172,16 +221,23 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c + NULL, "ssh", 1, AUDIT_USER_LOGIN); + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_START); ++ return 0; +} + +void -+audit_end_command(const char *command) ++audit_end_command(int handle, const char *command) +{ + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_END); + if (user_login_count && !--user_login_count) + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_LOGOUT); ++} ++ ++void ++audit_count_session_open(void) ++{ ++ user_login_count++; } void @@ -209,7 +265,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c } void -@@ -101,21 +185,43 @@ audit_event(ssh_audit_event_t event) +@@ -101,21 +192,43 @@ audit_event(ssh_audit_event_t event) { switch(event) { case SSH_AUTH_SUCCESS: @@ -259,7 +315,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c default: diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c --- openssh-5.8p1/monitor.c.audit1 2010-09-10 03:23:34.000000000 +0200 -+++ openssh-5.8p1/monitor.c 2011-02-28 22:39:02.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-04 14:16:25.000000000 +0100 @@ -177,6 +177,7 @@ int mm_answer_gss_checkmic(int, Buffer * #ifdef SSH_AUDIT_EVENTS int mm_answer_audit_event(int, Buffer *); @@ -284,126 +340,295 @@ diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -1618,6 +1621,20 @@ mm_answer_audit_command(int socket, Buff - xfree(cmd); - return (0); +@@ -1288,6 +1291,12 @@ mm_session_close(Session *s) + debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); + session_pty_cleanup2(s); + } ++#ifdef SSH_AUDIT_EVENTS ++ if (s->command != NULL) { ++ debug3("%s: command %d", __func__, s->command_handle); ++ session_end_command2(s); ++ } ++#endif + session_unused(s->self); } + +@@ -1610,11 +1619,44 @@ mm_answer_audit_command(int socket, Buff + { + u_int len; + char *cmd; ++ Session *s; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); ++ + /* sanity check command, if so how? */ +- audit_run_command(cmd); ++ s = session_new(); ++ if (s == NULL) ++ fatal("%s: error allocating a session", __func__); ++ s->command = cmd; ++ s->command_handle = audit_run_command(cmd); ++ ++ buffer_clear(m); ++ buffer_put_int(m, s->self); ++ ++ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m); ++ ++ return (0); ++} + +int +mm_answer_audit_end_command(int socket, Buffer *m) +{ ++ int handle; + u_int len; + char *cmd; ++ Session *s; + + debug3("%s entering", __func__); ++ handle = buffer_get_int(m); + cmd = buffer_get_string(m, &len); -+ /* sanity check command, if so how? */ -+ audit_end_command(cmd); -+ xfree(cmd); -+ return (0); -+} - #endif /* SSH_AUDIT_EVENTS */ - - void ++ ++ s = session_by_id(handle); ++ if (s == NULL || s->ttyfd != -1 || s->command == NULL || ++ strcmp(s->command, cmd) != 0) ++ fatal("%s: invalid handle", __func__); ++ mm_session_close(s); ++ + xfree(cmd); + return (0); + } diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h --- openssh-5.8p1/monitor.h.audit1 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-28 22:39:02.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-03-04 14:16:25.000000000 +0100 @@ -60,6 +60,7 @@ enum monitor_reqtype { MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, -+ MONITOR_REQ_AUDIT_END_COMMAND, ++ MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND, MONITOR_REQ_TERM, MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c --- openssh-5.8p1/monitor_wrap.c.audit1 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-28 22:39:02.000000000 +0100 -@@ -1163,6 +1163,20 @@ mm_audit_run_command(const char *command - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); ++++ openssh-5.8p1/monitor_wrap.c 2011-03-04 14:16:25.000000000 +0100 +@@ -1150,10 +1150,11 @@ mm_audit_event(ssh_audit_event_t event) buffer_free(&m); } + +-void ++int + mm_audit_run_command(const char *command) + { + Buffer m; ++ int handle; + + debug3("%s entering command %s", __func__, command); + +@@ -1161,6 +1162,26 @@ mm_audit_run_command(const char *command + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m); ++ ++ handle = buffer_get_int(&m); ++ buffer_free(&m); ++ ++ return (handle); ++} + +void -+mm_audit_end_command(const char *command) ++mm_audit_end_command(int handle, const char *command) +{ + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); ++ buffer_put_int(&m, handle); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m); -+ buffer_free(&m); -+} + buffer_free(&m); + } #endif /* SSH_AUDIT_EVENTS */ - - #ifdef GSSAPI diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h --- openssh-5.8p1/monitor_wrap.h.audit1 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-28 22:39:02.000000000 +0100 -@@ -74,6 +74,7 @@ void mm_sshpam_free_ctx(void *); ++++ openssh-5.8p1/monitor_wrap.h 2011-03-04 14:16:25.000000000 +0100 +@@ -73,7 +73,8 @@ void mm_sshpam_free_ctx(void *); + #ifdef SSH_AUDIT_EVENTS #include "audit.h" void mm_audit_event(ssh_audit_event_t); - void mm_audit_run_command(const char *); -+void mm_audit_end_command(const char *); +-void mm_audit_run_command(const char *); ++int mm_audit_run_command(const char *); ++void mm_audit_end_command(int, const char *); #endif struct Session; diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c --- openssh-5.8p1/session.c.audit1 2010-12-01 02:02:59.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-28 22:39:02.000000000 +0100 -@@ -809,14 +809,16 @@ do_exec(Session *s, const char *command) ++++ openssh-5.8p1/session.c 2011-03-04 14:16:25.000000000 +0100 +@@ -738,6 +738,14 @@ do_exec_pty(Session *s, const char *comm + /* Parent. Close the slave side of the pseudo tty. */ + close(ttyfd); + ++#ifndef HAVE_OSF_SIA ++ /* do_login in the child did not affect state in this process, ++ compensate. From an architectural standpoint, this is extremely ++ ugly. */ ++ if (!(options.use_login && command == NULL)) ++ audit_count_session_open(); ++#endif ++ + /* Enter interactive session. */ + s->ptymaster = ptymaster; + packet_set_interactive(1, +@@ -809,15 +817,19 @@ do_exec(Session *s, const char *command) } #ifdef SSH_AUDIT_EVENTS -- if (command != NULL) -+ if (command != NULL) { - PRIVSEP(audit_run_command(command)); -- else if (s->ttyfd == -1) { ++ if (s->command != NULL || s->command_handle != -1) ++ fatal("do_exec: command already set"); + if (command != NULL) +- PRIVSEP(audit_run_command(command)); + s->command = xstrdup(command); -+ } else if (s->ttyfd == -1) { + else if (s->ttyfd == -1) { char *shell = s->pw->pw_shell; if (shell[0] == '\0') /* empty shell means /bin/sh */ shell =_PATH_BSHELL; - PRIVSEP(audit_run_command(shell)); +- PRIVSEP(audit_run_command(shell)); + s->command = xstrdup(shell); } ++ if (s->command != NULL) ++ s->command_handle = PRIVSEP(audit_run_command(s->command)); #endif if (s->ttyfd != -1) -@@ -2456,6 +2458,12 @@ session_close(Session *s) + ret = do_exec_pty(s, command); +@@ -1841,6 +1853,7 @@ session_unused(int id) + sessions[id].ttyfd = -1; + sessions[id].ptymaster = -1; + sessions[id].x11_chanids = NULL; ++ sessions[id].command_handle = -1; + sessions[id].next_unused = sessions_first_unused; + sessions_first_unused = id; + } +@@ -1923,6 +1936,19 @@ session_open(Authctxt *authctxt, int cha + } + + Session * ++session_by_id(int id) ++{ ++ if (id >= 0 && id < sessions_nalloc) { ++ Session *s = &sessions[id]; ++ if (s->used) ++ return s; ++ } ++ debug("session_by_id: unknown id %d", id); ++ session_dump(); ++ return NULL; ++} ++ ++Session * + session_by_tty(char *tty) + { + int i; +@@ -2448,6 +2474,30 @@ session_exit_message(Session *s, int sta + chan_write_failed(c); + } + ++#ifdef SSH_AUDIT_EVENTS ++void ++session_end_command2(Session *s) ++{ ++ if (s->command != NULL) { ++ audit_end_command(s->command_handle, s->command); ++ xfree(s->command); ++ s->command = NULL; ++ s->command_handle = -1; ++ } ++} ++ ++static void ++session_end_command(Session *s) ++{ ++ if (s->command != NULL) { ++ PRIVSEP(audit_end_command(s->command_handle, s->command)); ++ xfree(s->command); ++ s->command = NULL; ++ s->command_handle = -1; ++ } ++} ++#endif ++ + void + session_close(Session *s) + { +@@ -2456,6 +2506,10 @@ session_close(Session *s) debug("session_close: session %d pid %ld", s->self, (long)s->pid); if (s->ttyfd != -1) session_pty_cleanup(s); +#ifdef SSH_AUDIT_EVENTS -+ if (s->command) { -+ PRIVSEP(audit_end_command(s->command)); -+ xfree(s->command); -+ } ++ if (s->command) ++ session_end_command(s); +#endif if (s->term) xfree(s->term); if (s->display) +@@ -2675,6 +2729,15 @@ do_authenticated2(Authctxt *authctxt) + server_loop2(authctxt); + } + ++static void ++do_cleanup_one_session(Session *s) ++{ ++ session_pty_cleanup2(s); ++#ifdef SSH_AUDIT_EVENTS ++ session_end_command2(s); ++#endif ++} ++ + void + do_cleanup(Authctxt *authctxt) + { +@@ -2723,5 +2786,5 @@ do_cleanup(Authctxt *authctxt) + * or if running in monitor. + */ + if (!use_privsep || mm_is_monitor()) +- session_destroy_all(session_pty_cleanup2); ++ session_destroy_all(do_cleanup_one_session); + } diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h --- openssh-5.8p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200 -+++ openssh-5.8p1/session.h 2011-02-28 22:39:02.000000000 +0100 -@@ -60,6 +60,11 @@ struct Session { ++++ openssh-5.8p1/session.h 2011-03-04 14:16:25.000000000 +0100 +@@ -60,6 +60,12 @@ struct Session { char *name; char *val; } *env; + + /* exec */ +#ifdef SSH_AUDIT_EVENTS ++ int command_handle; + char *command; +#endif }; void do_authenticated(Authctxt *); +@@ -72,8 +78,10 @@ void session_close_by_pid(pid_t, int); + void session_close_by_channel(int, void *); + void session_destroy_all(void (*)(Session *)); + void session_pty_cleanup2(Session *); ++void session_end_command2(Session *); + + Session *session_new(void); ++Session *session_by_id(int); + Session *session_by_tty(char *); + void session_close(Session *); + void do_setusercontext(struct passwd *); diff -up openssh-5.8p1/sshd.c.audit1 openssh-5.8p1/sshd.c --- openssh-5.8p1/sshd.c.audit1 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-28 22:39:02.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-03-04 14:16:25.000000000 +0100 @@ -2342,7 +2342,8 @@ cleanup_exit(int i) do_cleanup(the_authctxt); #ifdef SSH_AUDIT_EVENTS diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch index 850f51b..e69de29 100644 --- a/openssh-5.8p1-audit1a.patch +++ b/openssh-5.8p1-audit1a.patch @@ -1,429 +0,0 @@ -diff -up openssh-5.8p1/audit-bsm.c.audit1a openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-03-02 09:37:14.000000000 +0100 -@@ -298,19 +298,26 @@ audit_connection_from(const char *host, - #endif - } - --void -+int - audit_run_command(const char *command) - { - /* not implemented */ -+ return 0; - } - - void --audit_end_command(const char *command) -+audit_end_command(int handle, const char *command) - { - /* not implemented */ - } - - void -+audit_count_session_open(void) -+{ -+ /* not necessary */ -+} -+ -+void - audit_session_open(struct logininfo *li) - { - /* not implemented */ -diff -up openssh-5.8p1/audit.c.audit1a openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-03-02 09:37:14.000000000 +0100 -@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event) - } - - /* -+ * Called when a child process has called, or will soon call, -+ * audit_session_open. -+ */ -+void -+audit_count_session_open(void) -+{ -+ debug("audit count session open euid %d user %s", geteuid(), -+ audit_username()); -+} -+ -+/* - * Called when a user session is started. Argument is the tty allocated to - * the session, or NULL if no tty was allocated. - * -@@ -174,22 +185,25 @@ audit_session_close(struct logininfo *li - /* - * This will be called when a user runs a non-interactive command. Note that - * it may be called multiple times for a single connection since SSH2 allows -- * multiple sessions within a single connection. -+ * multiple sessions within a single connection. Returns a "handle" for -+ * audit_end_command. - */ --void -+int - audit_run_command(const char *command) - { - debug("audit run command euid %d user %s command '%.200s'", geteuid(), - audit_username(), command); -+ return 0; - } - - /* - * This will be called when the non-interactive command finishes. Note that - * it may be called multiple times for a single connection since SSH2 allows -- * multiple sessions within a single connection. -+ * multiple sessions within a single connection. "handle" should come from -+ * the corresponding audit_run_command. - */ - void --audit_end_command(const char *command) -+audit_end_command(int handle, const char *command) - { - debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(), - audit_username(), command); -diff -up openssh-5.8p1/audit.h.audit1a openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-03-02 09:37:14.000000000 +0100 -@@ -49,10 +49,11 @@ typedef enum ssh_audit_event_type ssh_au - - void audit_connection_from(const char *, int); - void audit_event(ssh_audit_event_t); -+void audit_count_session_open(void); - void audit_session_open(struct logininfo *); - void audit_session_close(struct logininfo *); --void audit_run_command(const char *); --void audit_end_command(const char *); -+int audit_run_command(const char *); -+void audit_end_command(int, const char *); - ssh_audit_event_t audit_classify_auth(const char *); - - #endif /* _SSH_AUDIT_H */ -diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-03-02 09:37:14.000000000 +0100 -@@ -140,7 +140,7 @@ audit_connection_from(const char *host, - /* not implemented */ - } - --void -+int - audit_run_command(const char *command) - { - if (!user_login_count++) -@@ -148,10 +148,11 @@ audit_run_command(const char *command) - NULL, "ssh", 1, AUDIT_USER_LOGIN); - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), - NULL, "ssh", 1, AUDIT_USER_START); -+ return 0; - } - - void --audit_end_command(const char *command) -+audit_end_command(int handle, const char *command) - { - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), - NULL, "ssh", 1, AUDIT_USER_END); -@@ -161,6 +162,12 @@ audit_end_command(const char *command) - } - - void -+audit_count_session_open(void) -+{ -+ user_login_count++; -+} -+ -+void - audit_session_open(struct logininfo *li) - { - if (!user_login_count++) -diff -up openssh-5.8p1/monitor.c.audit1a openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-03-02 09:37:14.000000000 +0100 -@@ -1291,6 +1291,12 @@ mm_session_close(Session *s) - debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); - session_pty_cleanup2(s); - } -+#ifdef SSH_AUDIT_EVENTS -+ if (s->command != NULL) { -+ debug3("%s: command %d", __func__, s->command_handle); -+ session_end_command2(s); -+ } -+#endif - session_unused(s->self); - } - -@@ -1613,25 +1619,44 @@ mm_answer_audit_command(int socket, Buff - { - u_int len; - char *cmd; -+ Session *s; - - debug3("%s entering", __func__); - cmd = buffer_get_string(m, &len); -+ - /* sanity check command, if so how? */ -- audit_run_command(cmd); -- xfree(cmd); -+ s = session_new(); -+ if (s == NULL) -+ fatal("%s: error allocating a session", __func__); -+ s->command = cmd; -+ s->command_handle = audit_run_command(cmd); -+ -+ buffer_clear(m); -+ buffer_put_int(m, s->self); -+ -+ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m); -+ - return (0); - } - - int - mm_answer_audit_end_command(int socket, Buffer *m) - { -+ int handle; - u_int len; - char *cmd; -+ Session *s; - - debug3("%s entering", __func__); -+ handle = buffer_get_int(m); - cmd = buffer_get_string(m, &len); -- /* sanity check command, if so how? */ -- audit_end_command(cmd); -+ -+ s = session_by_id(handle); -+ if (s == NULL || s->ttyfd != -1 || s->command == NULL || -+ strcmp(s->command, cmd) != 0) -+ fatal("%s: invalid handle", __func__); -+ mm_session_close(s); -+ - xfree(cmd); - return (0); - } -diff -up openssh-5.8p1/monitor.h.audit1a openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-03-02 09:37:15.000000000 +0100 -@@ -60,7 +60,7 @@ enum monitor_reqtype { - MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, - MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, - MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, -- MONITOR_REQ_AUDIT_END_COMMAND, -+ MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND, - MONITOR_REQ_TERM, - MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, - MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, -diff -up openssh-5.8p1/monitor_wrap.c.audit1a openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-03-02 09:37:15.000000000 +0100 -@@ -1150,10 +1150,11 @@ mm_audit_event(ssh_audit_event_t event) - buffer_free(&m); - } - --void -+int - mm_audit_run_command(const char *command) - { - Buffer m; -+ int handle; - - debug3("%s entering command %s", __func__, command); - -@@ -1161,17 +1162,23 @@ mm_audit_run_command(const char *command - buffer_put_cstring(&m, command); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); -+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m); -+ -+ handle = buffer_get_int(&m); - buffer_free(&m); -+ -+ return (handle); - } - - void --mm_audit_end_command(const char *command) -+mm_audit_end_command(int handle, const char *command) - { - Buffer m; - - debug3("%s entering command %s", __func__, command); - - buffer_init(&m); -+ buffer_put_int(&m, handle); - buffer_put_cstring(&m, command); - - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m); -diff -up openssh-5.8p1/monitor_wrap.h.audit1a openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit1a 2011-03-02 09:41:17.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-03-02 09:44:35.000000000 +0100 -@@ -73,8 +73,8 @@ void mm_sshpam_free_ctx(void *); - #ifdef SSH_AUDIT_EVENTS - #include "audit.h" - void mm_audit_event(ssh_audit_event_t); --void mm_audit_run_command(const char *); --void mm_audit_end_command(const char *); -+int mm_audit_run_command(const char *); -+void mm_audit_end_command(int, const char *); - #endif - - struct Session; -diff -up openssh-5.8p1/session.c.audit1a openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-03-02 09:37:15.000000000 +0100 -@@ -738,6 +738,14 @@ do_exec_pty(Session *s, const char *comm - /* Parent. Close the slave side of the pseudo tty. */ - close(ttyfd); - -+#ifndef HAVE_OSF_SIA -+ /* do_login in the child did not affect state in this process, -+ compensate. From an architectural standpoint, this is extremely -+ ugly. */ -+ if (!(options.use_login && command == NULL)) -+ audit_count_session_open(); -+#endif -+ - /* Enter interactive session. */ - s->ptymaster = ptymaster; - packet_set_interactive(1, -@@ -809,17 +817,19 @@ do_exec(Session *s, const char *command) - } - - #ifdef SSH_AUDIT_EVENTS -- if (command != NULL) { -- PRIVSEP(audit_run_command(command)); -+ if (s->command != NULL || s->command_handle != -1) -+ fatal("do_exec: command already set"); -+ if (command != NULL) - s->command = xstrdup(command); -- } else if (s->ttyfd == -1) { -+ else if (s->ttyfd == -1) { - char *shell = s->pw->pw_shell; - - if (shell[0] == '\0') /* empty shell means /bin/sh */ - shell =_PATH_BSHELL; -- PRIVSEP(audit_run_command(shell)); - s->command = xstrdup(shell); - } -+ if (s->command != NULL) -+ s->command_handle = PRIVSEP(audit_run_command(s->command)); - #endif - if (s->ttyfd != -1) - ret = do_exec_pty(s, command); -@@ -1843,6 +1853,7 @@ session_unused(int id) - sessions[id].ttyfd = -1; - sessions[id].ptymaster = -1; - sessions[id].x11_chanids = NULL; -+ sessions[id].command_handle = -1; - sessions[id].next_unused = sessions_first_unused; - sessions_first_unused = id; - } -@@ -1925,6 +1936,19 @@ session_open(Authctxt *authctxt, int cha - } - - Session * -+session_by_id(int id) -+{ -+ if (id >= 0 && id < sessions_nalloc) { -+ Session *s = &sessions[id]; -+ if (s->used) -+ return s; -+ } -+ debug("session_by_id: unknown id %d", id); -+ session_dump(); -+ return NULL; -+} -+ -+Session * - session_by_tty(char *tty) - { - int i; -@@ -2450,6 +2474,30 @@ session_exit_message(Session *s, int sta - chan_write_failed(c); - } - -+#ifdef SSH_AUDIT_EVENTS -+void -+session_end_command2(Session *s) -+{ -+ if (s->command != NULL) { -+ audit_end_command(s->command_handle, s->command); -+ xfree(s->command); -+ s->command = NULL; -+ s->command_handle = -1; -+ } -+} -+ -+static void -+session_end_command(Session *s) -+{ -+ if (s->command != NULL) { -+ PRIVSEP(audit_end_command(s->command_handle, s->command)); -+ xfree(s->command); -+ s->command = NULL; -+ s->command_handle = -1; -+ } -+} -+#endif -+ - void - session_close(Session *s) - { -@@ -2459,10 +2507,8 @@ session_close(Session *s) - if (s->ttyfd != -1) - session_pty_cleanup(s); - #ifdef SSH_AUDIT_EVENTS -- if (s->command) { -- PRIVSEP(audit_end_command(s->command)); -- xfree(s->command); -- } -+ if (s->command) -+ session_end_command(s); - #endif - if (s->term) - xfree(s->term); -@@ -2683,6 +2729,15 @@ do_authenticated2(Authctxt *authctxt) - server_loop2(authctxt); - } - -+static void -+do_cleanup_one_session(Session *s) -+{ -+ session_pty_cleanup2(s); -+#ifdef SSH_AUDIT_EVENTS -+ session_end_command2(s); -+#endif -+} -+ - void - do_cleanup(Authctxt *authctxt) - { -@@ -2731,5 +2786,5 @@ do_cleanup(Authctxt *authctxt) - * or if running in monitor. - */ - if (!use_privsep || mm_is_monitor()) -- session_destroy_all(session_pty_cleanup2); -+ session_destroy_all(do_cleanup_one_session); - } -diff -up openssh-5.8p1/session.h.audit1a openssh-5.8p1/session.h ---- openssh-5.8p1/session.h.audit1a 2011-03-02 09:37:14.000000000 +0100 -+++ openssh-5.8p1/session.h 2011-03-02 09:37:15.000000000 +0100 -@@ -63,6 +63,7 @@ struct Session { - - /* exec */ - #ifdef SSH_AUDIT_EVENTS -+ int command_handle; - char *command; - #endif - }; -@@ -77,8 +78,10 @@ void session_close_by_pid(pid_t, int); - void session_close_by_channel(int, void *); - void session_destroy_all(void (*)(Session *)); - void session_pty_cleanup2(Session *); -+void session_end_command2(Session *); - - Session *session_new(void); -+Session *session_by_id(int); - Session *session_by_tty(char *); - void session_close(Session *); - void do_setusercontext(struct passwd *); diff --git a/openssh-5.8p1-audit2.patch b/openssh-5.8p1-audit2.patch index 8568daa..c832593 100644 --- a/openssh-5.8p1-audit2.patch +++ b/openssh-5.8p1-audit2.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit2 2011-03-02 08:23:54.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-03-02 08:23:54.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-03-04 14:28:17.000000000 +0100 @@ -329,6 +329,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -15,8 +15,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c audit_event(ssh_audit_event_t event) { diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit2 2011-03-02 08:23:54.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-03-02 08:23:55.000000000 +0100 +--- openssh-5.8p1/audit.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-03-04 14:28:17.000000000 +0100 @@ -36,6 +36,7 @@ #include "key.h" #include "hostfile.h" @@ -67,8 +67,8 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit2 2011-03-02 08:23:54.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-03-02 08:25:02.000000000 +0100 +--- openssh-5.8p1/audit.h.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-03-04 14:28:17.000000000 +0100 @@ -28,6 +28,7 @@ # define _SSH_AUDIT_H @@ -86,8 +86,8 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit2 2011-03-02 08:23:54.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-03-02 08:23:55.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-03-04 14:28:17.000000000 +0100 @@ -41,6 +41,8 @@ #include "servconf.h" #include "canohost.h" @@ -136,14 +136,23 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c /* Below is the sshd audit API code */ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c ---- openssh-5.8p1/auth2-hostbased.c.audit2 2011-03-02 08:23:53.000000000 +0100 -+++ openssh-5.8p1/auth2-hostbased.c 2011-03-02 08:23:55.000000000 +0100 +--- openssh-5.8p1/auth2-hostbased.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-03-04 14:28:17.000000000 +0100 +@@ -119,7 +119,7 @@ userauth_hostbased(Authctxt *authctxt) + /* test for allowed key and correct signature */ + authenticated = 0; + if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && +- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), ++ PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) + authenticated = 1; + @@ -136,6 +136,18 @@ done: return authenticated; } +int -+hostkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) ++hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) +{ + int rv; + @@ -158,14 +167,23 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.audit2 2011-03-02 08:23:53.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-03-02 08:23:55.000000000 +0100 +--- openssh-5.8p1/auth2-pubkey.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-03-04 14:28:17.000000000 +0100 +@@ -140,7 +140,7 @@ userauth_pubkey(Authctxt *authctxt) + /* test for correct signature */ + authenticated = 0; + if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && +- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), ++ PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) + authenticated = 1; + buffer_free(&b); @@ -177,6 +177,18 @@ done: return authenticated; } +int -+pubkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) ++user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) +{ + int rv; + @@ -181,12 +199,12 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c { diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 -+++ openssh-5.8p1/auth.h 2011-03-02 08:23:55.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-03-04 14:28:17.000000000 +0100 @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); char *authorized_principals_file(struct passwd *); -+int pubkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); ++int user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); FILE *auth_openkeyfile(const char *, struct passwd *, int); FILE *auth_openprincipals(const char *, struct passwd *, int); @@ -194,13 +212,13 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h Key *get_hostkey_private_by_type(int); int get_hostkey_index(Key *); int ssh1_session_key(BIGNUM *); -+int hostkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); ++int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c ---- openssh-5.8p1/auth-rsa.c.audit2 2011-03-02 08:23:53.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-03-02 08:23:55.000000000 +0100 +--- openssh-5.8p1/auth-rsa.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-03-04 14:28:17.000000000 +0100 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU { u_char buf[32], mdbuf[16]; @@ -238,19 +256,40 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c /* diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit2 2011-03-02 08:23:54.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-03-02 08:23:55.000000000 +0100 -@@ -1238,7 +1238,17 @@ mm_answer_keyverify(int sock, Buffer *m) +--- openssh-5.8p1/monitor.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-04 14:28:17.000000000 +0100 +@@ -1208,9 +1208,11 @@ mm_answer_keyverify(int sock, Buffer *m) + Key *key; + u_char *signature, *data, *blob; + u_int signaturelen, datalen, bloblen; ++ int type = 0; + int verified = 0; + int valid_data = 0; + ++ type = buffer_get_int(m); + blob = buffer_get_string(m, &bloblen); + signature = buffer_get_string(m, &signaturelen); + data = buffer_get_string(m, &datalen); +@@ -1218,6 +1220,8 @@ mm_answer_keyverify(int sock, Buffer *m) + if (hostbased_cuser == NULL || hostbased_chost == NULL || + !monitor_allowed_key(blob, bloblen)) + fatal("%s: bad key, not previously allowed", __func__); ++ if (type != key_blobtype) ++ fatal("%s: bad key type", __func__); + + key = key_from_blob(blob, bloblen); + if (key == NULL) +@@ -1238,7 +1242,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); - verified = key_verify(key, signature, signaturelen, data, datalen); + switch (key_blobtype) { + case MM_USERKEY: -+ verified = pubkey_key_verify(key, signature, signaturelen, data, datalen); ++ verified = user_key_verify(key, signature, signaturelen, data, datalen); + break; + case MM_HOSTKEY: -+ verified = hostkey_key_verify(key, signature, signaturelen, data, datalen); ++ verified = hostbased_key_verify(key, signature, signaturelen, data, datalen); + break; + default: + verified = 0; @@ -259,3 +298,56 @@ diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c debug3("%s: key %p signature %s", __func__, key, (verified == 1) ? "verified" : "unverified"); +diff -up openssh-5.8p1/monitor_wrap.c.audit2 openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-03-04 14:28:17.000000000 +0100 +@@ -393,7 +393,7 @@ mm_key_allowed(enum mm_keytype type, cha + */ + + int +-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) + { + Buffer m; + u_char *blob; +@@ -407,6 +407,7 @@ mm_key_verify(Key *key, u_char *sig, u_i + return (0); + + buffer_init(&m); ++ buffer_put_int(&m, type); + buffer_put_string(&m, blob, len); + buffer_put_string(&m, sig, siglen); + buffer_put_string(&m, data, datalen); +@@ -424,6 +425,19 @@ mm_key_verify(Key *key, u_char *sig, u_i + return (verified); + } + ++int ++mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++{ ++ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen); ++} ++ ++int ++mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++{ ++ return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen); ++} ++ ++ + /* Export key state after authentication */ + Newkeys * + mm_newkeys_from_blob(u_char *blob, int blen) +diff -up openssh-5.8p1/monitor_wrap.h.audit2 openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit2 2011-03-04 14:28:16.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-03-04 14:28:17.000000000 +0100 +@@ -48,7 +48,8 @@ int mm_key_allowed(enum mm_keytype, char + int mm_user_key_allowed(struct passwd *, Key *); + int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); + int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); +-int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); ++int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int); ++int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int); + int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); + int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); + BIGNUM *mm_auth_rsa_generate_challenge(Key *); diff --git a/openssh-5.8p1-audit2a.patch b/openssh-5.8p1-audit2a.patch index 4a7ce0a..e69de29 100644 --- a/openssh-5.8p1-audit2a.patch +++ b/openssh-5.8p1-audit2a.patch @@ -1,153 +0,0 @@ -diff -up openssh-5.8p1/auth2-hostbased.c.audit2a openssh-5.8p1/auth2-hostbased.c ---- openssh-5.8p1/auth2-hostbased.c.audit2a 2011-03-02 08:26:16.000000000 +0100 -+++ openssh-5.8p1/auth2-hostbased.c 2011-03-02 08:26:17.000000000 +0100 -@@ -119,7 +119,7 @@ userauth_hostbased(Authctxt *authctxt) - /* test for allowed key and correct signature */ - authenticated = 0; - if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && -- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), -+ PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b))) == 1) - authenticated = 1; - -@@ -137,7 +137,7 @@ done: - } - - int --hostkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) -+hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) - { - int rv; - -diff -up openssh-5.8p1/auth2-pubkey.c.audit2a openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.audit2a 2011-03-02 08:26:16.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-03-02 08:26:17.000000000 +0100 -@@ -140,7 +140,7 @@ userauth_pubkey(Authctxt *authctxt) - /* test for correct signature */ - authenticated = 0; - if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && -- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), -+ PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b), - buffer_len(&b))) == 1) - authenticated = 1; - buffer_free(&b); -@@ -178,7 +178,7 @@ done: - } - - int --pubkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) -+user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) - { - int rv; - -diff -up openssh-5.8p1/auth.h.audit2a openssh-5.8p1/auth.h ---- openssh-5.8p1/auth.h.audit2a 2011-03-02 08:26:16.000000000 +0100 -+++ openssh-5.8p1/auth.h 2011-03-02 08:26:17.000000000 +0100 -@@ -170,7 +170,7 @@ void abandon_challenge_response(Authctxt - char *authorized_keys_file(struct passwd *); - char *authorized_keys_file2(struct passwd *); - char *authorized_principals_file(struct passwd *); --int pubkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -+int user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); - - FILE *auth_openkeyfile(const char *, struct passwd *, int); - FILE *auth_openprincipals(const char *, struct passwd *, int); -@@ -186,7 +186,7 @@ Key *get_hostkey_public_by_type(int); - Key *get_hostkey_private_by_type(int); - int get_hostkey_index(Key *); - int ssh1_session_key(BIGNUM *); --int hostkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -+int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); - - /* debug messages during authentication */ - void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); -diff -up openssh-5.8p1/monitor.c.audit2a openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit2a 2011-03-02 08:26:17.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-03-02 08:26:17.000000000 +0100 -@@ -1208,9 +1208,11 @@ mm_answer_keyverify(int sock, Buffer *m) - Key *key; - u_char *signature, *data, *blob; - u_int signaturelen, datalen, bloblen; -+ int type = 0; - int verified = 0; - int valid_data = 0; - -+ type = buffer_get_int(m); - blob = buffer_get_string(m, &bloblen); - signature = buffer_get_string(m, &signaturelen); - data = buffer_get_string(m, &datalen); -@@ -1218,6 +1220,8 @@ mm_answer_keyverify(int sock, Buffer *m) - if (hostbased_cuser == NULL || hostbased_chost == NULL || - !monitor_allowed_key(blob, bloblen)) - fatal("%s: bad key, not previously allowed", __func__); -+ if (type != key_blobtype) -+ fatal("%s: bad key type", __func__); - - key = key_from_blob(blob, bloblen); - if (key == NULL) -@@ -1240,10 +1244,10 @@ mm_answer_keyverify(int sock, Buffer *m) - - switch (key_blobtype) { - case MM_USERKEY: -- verified = pubkey_key_verify(key, signature, signaturelen, data, datalen); -+ verified = user_key_verify(key, signature, signaturelen, data, datalen); - break; - case MM_HOSTKEY: -- verified = hostkey_key_verify(key, signature, signaturelen, data, datalen); -+ verified = hostbased_key_verify(key, signature, signaturelen, data, datalen); - break; - default: - verified = 0; -diff -up openssh-5.8p1/monitor_wrap.c.audit2a openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit2a 2011-03-02 08:26:16.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-03-02 08:26:17.000000000 +0100 -@@ -393,7 +393,7 @@ mm_key_allowed(enum mm_keytype type, cha - */ - - int --mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) -+mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) - { - Buffer m; - u_char *blob; -@@ -407,6 +407,7 @@ mm_key_verify(Key *key, u_char *sig, u_i - return (0); - - buffer_init(&m); -+ buffer_put_int(&m, type); - buffer_put_string(&m, blob, len); - buffer_put_string(&m, sig, siglen); - buffer_put_string(&m, data, datalen); -@@ -424,6 +425,19 @@ mm_key_verify(Key *key, u_char *sig, u_i - return (verified); - } - -+int -+mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) -+{ -+ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen); -+} -+ -+int -+mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) -+{ -+ return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen); -+} -+ -+ - /* Export key state after authentication */ - Newkeys * - mm_newkeys_from_blob(u_char *blob, int blen) -diff -up openssh-5.8p1/monitor_wrap.h.audit2a openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit2a 2011-03-02 08:26:16.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-03-02 08:26:17.000000000 +0100 -@@ -48,7 +48,8 @@ int mm_key_allowed(enum mm_keytype, char - int mm_user_key_allowed(struct passwd *, Key *); - int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); - int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); --int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); -+int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int); -+int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int); - int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); - int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); - BIGNUM *mm_auth_rsa_generate_challenge(Key *); diff --git a/openssh-5.8p1-keycat.patch b/openssh-5.8p1-keycat.patch index 53d7ec2..80707e9 100644 --- a/openssh-5.8p1-keycat.patch +++ b/openssh-5.8p1-keycat.patch @@ -1,6 +1,41 @@ +diff -up openssh-5.8p1/auth2-pubkey.c.keycat openssh-5.8p1/auth2-pubkey.c +--- openssh-5.8p1/auth2-pubkey.c.keycat 2011-03-04 14:40:23.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-03-04 14:40:23.000000000 +0100 +@@ -579,6 +579,14 @@ user_key_via_command_allowed2(struct pas + close(i); + } + ++#ifdef WITH_SELINUX ++ if (ssh_selinux_setup_env_variables() < 0) { ++ error ("failed to copy environment: %s", ++ strerror(errno)); ++ _exit(127); ++ } ++#endif ++ + execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL); + + /* if we got here, it didn't work */ +diff -up openssh-5.8p1/HOWTO.ssh-keycat.keycat openssh-5.8p1/HOWTO.ssh-keycat +--- openssh-5.8p1/HOWTO.ssh-keycat.keycat 2011-03-04 14:53:14.000000000 +0100 ++++ openssh-5.8p1/HOWTO.ssh-keycat 2011-03-04 14:56:39.000000000 +0100 +@@ -0,0 +1,13 @@ ++ ++The ssh-keycat returns the content of the ~/.ssh/authorized_keys ++in the stdandard out of any user in any environment, including ++polyinstatination and mls. ++ ++To use it set: ++ AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat ++ AuthorizedKeysCommandRunAs root ++ ++Do not forget to set ++ PubkeyAuthentication yes ++ ++ diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in ---- openssh-5.8p1/Makefile.in.keycat 2011-02-28 12:06:55.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-28 12:11:18.000000000 +0100 +--- openssh-5.8p1/Makefile.in.keycat 2011-03-04 14:40:23.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-03-04 14:40:23.000000000 +0100 @@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper @@ -18,7 +53,7 @@ diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ -@@ -173,6 +174,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) +@@ -172,6 +173,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) @@ -28,7 +63,7 @@ diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) -@@ -281,6 +285,7 @@ install-files: +@@ -280,6 +284,7 @@ install-files: $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \ fi @@ -36,10 +71,67 @@ diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 +diff -up openssh-5.8p1/openbsd-compat/port-linux.c.keycat openssh-5.8p1/openbsd-compat/port-linux.c +--- openssh-5.8p1/openbsd-compat/port-linux.c.keycat 2011-03-04 14:40:23.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-03-04 14:40:23.000000000 +0100 +@@ -309,7 +309,7 @@ ssh_selinux_getctxbyname(char *pwname, + + /* Setup environment variables for pam_selinux */ + static int +-ssh_selinux_setup_pam_variables(void) ++ssh_selinux_setup_variables(int(*set_it)(const char *, const char *)) + { + const char *reqlvl; + char *role; +@@ -320,16 +320,16 @@ ssh_selinux_setup_pam_variables(void) + + ssh_selinux_get_role_level(&role, &reqlvl); + +- rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : ""); ++ rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : ""); + + if (inetd_flag && !rexeced_flag) { + use_current = "1"; + } else { + use_current = ""; +- rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); ++ rv = rv || set_it("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); + } + +- rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current); ++ rv = rv || set_it("SELINUX_USE_CURRENT_RANGE", use_current); + + if (role != NULL) + xfree(role); +@@ -337,6 +337,24 @@ ssh_selinux_setup_pam_variables(void) + return rv; + } + ++static int ++ssh_selinux_setup_pam_variables(void) ++{ ++ return ssh_selinux_setup_variables(do_pam_putenv); ++} ++ ++static int ++do_setenv(char *name, char *value) ++{ ++ return setenv(name, value, 1); ++} ++ ++int ++ssh_selinux_setup_env_variables(void) ++{ ++ return ssh_selinux_setup_variables(do_setenv); ++} ++ + /* Set the execution context to the default for the specified user */ + void + ssh_selinux_setup_exec_context(char *pwname) diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c ---- openssh-5.8p1/ssh-keycat.c.keycat 2011-02-28 12:06:28.000000000 +0100 -+++ openssh-5.8p1/ssh-keycat.c 2011-02-25 18:46:31.000000000 +0100 -@@ -0,0 +1,205 @@ +--- openssh-5.8p1/ssh-keycat.c.keycat 2011-03-04 14:40:23.000000000 +0100 ++++ openssh-5.8p1/ssh-keycat.c 2011-03-04 14:40:23.000000000 +0100 +@@ -0,0 +1,238 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions @@ -107,6 +199,7 @@ diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c +#define ERR_FDOPEN 10 +#define ERR_STAT 11 +#define ERR_WRITE 12 ++#define ERR_PAM_PUTENV 13 +#define BUFLEN 4096 + +/* Just ignore the messages in the conversation function */ @@ -208,6 +301,34 @@ diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c + return rv; +} + ++static const char *env_names[] = { "SELINUX_ROLE_REQUESTED", ++ "SELINUX_LEVEL_REQUESTED", ++ "SELINUX_USE_CURRENT_RANGE" ++}; ++ ++extern char **environ; ++ ++int ++set_pam_environment(pam_handle_t *pamh) ++{ ++ int i; ++ size_t j; ++ ++ for (j = 0; j < sizeof(env_names)/sizeof(env_names[0]); ++j) { ++ int len = strlen(env_names[j]); ++ ++ for (i = 0; environ[i] != NULL; ++i) { ++ if (strncmp(env_names[j], environ[i], len) == 0 && ++ environ[i][len] == '=') { ++ if (pam_putenv(pamh, environ[i]) != PAM_SUCCESS) ++ return ERR_PAM_PUTENV; ++ } ++ } ++ } ++ ++ return 0; ++} ++ +int +main(int argc, char *argv[]) +{ @@ -225,6 +346,10 @@ diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c + return ERR_PAM_START; + } + ++ ev = set_pam_environment(pamh); ++ if (ev != 0) ++ goto finish; ++ + retval = pam_open_session(pamh, PAM_SILENT); + if (retval != PAM_SUCCESS) { + ev = ERR_OPEN_SESSION; diff --git a/openssh-5.8p1-keycat2.patch b/openssh-5.8p1-keycat2.patch index 9a88c9a..e69de29 100644 --- a/openssh-5.8p1-keycat2.patch +++ b/openssh-5.8p1-keycat2.patch @@ -1,132 +0,0 @@ -diff -up openssh-5.8p1/auth2-pubkey.c.keycat2 openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.keycat2 2011-03-01 06:57:03.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-03-01 07:25:04.000000000 +0100 -@@ -579,6 +579,14 @@ user_key_via_command_allowed2(struct pas - close(i); - } - -+#ifdef WITH_SELINUX -+ if (ssh_selinux_setup_env_variables() < 0) { -+ error ("failed to copy environment: %s", -+ strerror(errno)); -+ _exit(127); -+ } -+#endif -+ - execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL); - - /* if we got here, it didn't work */ -diff -up openssh-5.8p1/openbsd-compat/port-linux.c.keycat2 openssh-5.8p1/openbsd-compat/port-linux.c ---- openssh-5.8p1/openbsd-compat/port-linux.c.keycat2 2011-03-01 07:00:32.000000000 +0100 -+++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-03-01 07:23:13.000000000 +0100 -@@ -309,7 +309,7 @@ ssh_selinux_getctxbyname(char *pwname, - - /* Setup environment variables for pam_selinux */ - static int --ssh_selinux_setup_pam_variables(void) -+ssh_selinux_setup_variables(int(*set_it)(const char *, const char *)) - { - const char *reqlvl; - char *role; -@@ -320,16 +320,16 @@ ssh_selinux_setup_pam_variables(void) - - ssh_selinux_get_role_level(&role, &reqlvl); - -- rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : ""); -+ rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : ""); - - if (inetd_flag && !rexeced_flag) { - use_current = "1"; - } else { - use_current = ""; -- rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); -+ rv = rv || set_it("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); - } - -- rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current); -+ rv = rv || set_it("SELINUX_USE_CURRENT_RANGE", use_current); - - if (role != NULL) - xfree(role); -@@ -337,6 +337,24 @@ ssh_selinux_setup_pam_variables(void) - return rv; - } - -+static int -+ssh_selinux_setup_pam_variables(void) -+{ -+ return ssh_selinux_setup_variables(do_pam_putenv); -+} -+ -+static int -+do_setenv(char *name, char *value) -+{ -+ return setenv(name, value, 1); -+} -+ -+int -+ssh_selinux_setup_env_variables(void) -+{ -+ return ssh_selinux_setup_variables(do_setenv); -+} -+ - /* Set the execution context to the default for the specified user */ - void - ssh_selinux_setup_exec_context(char *pwname) -diff -up openssh-5.8p1/ssh-keycat.c.keycat2 openssh-5.8p1/ssh-keycat.c ---- openssh-5.8p1/ssh-keycat.c.keycat2 2011-03-01 06:56:02.000000000 +0100 -+++ openssh-5.8p1/ssh-keycat.c 2011-03-01 06:56:02.000000000 +0100 -@@ -65,6 +65,7 @@ - #define ERR_FDOPEN 10 - #define ERR_STAT 11 - #define ERR_WRITE 12 -+#define ERR_PAM_PUTENV 13 - #define BUFLEN 4096 - - /* Just ignore the messages in the conversation function */ -@@ -166,6 +167,34 @@ fail: - return rv; - } - -+static const char *env_names[] = { "SELINUX_ROLE_REQUESTED", -+ "SELINUX_LEVEL_REQUESTED", -+ "SELINUX_USE_CURRENT_RANGE" -+}; -+ -+extern char **environ; -+ -+int -+set_pam_environment(pam_handle_t *pamh) -+{ -+ int i; -+ size_t j; -+ -+ for (j = 0; j < sizeof(env_names)/sizeof(env_names[0]); ++j) { -+ int len = strlen(env_names[j]); -+ -+ for (i = 0; environ[i] != NULL; ++i) { -+ if (strncmp(env_names[j], environ[i], len) == 0 && -+ environ[i][len] == '=') { -+ if (pam_putenv(pamh, environ[i]) != PAM_SUCCESS) -+ return ERR_PAM_PUTENV; -+ } -+ } -+ } -+ -+ return 0; -+} -+ - int - main(int argc, char *argv[]) - { -@@ -183,6 +212,10 @@ main(int argc, char *argv[]) - return ERR_PAM_START; - } - -+ ev = set_pam_environment(pamh); -+ if (ev != 0) -+ goto finish; -+ - retval = pam_open_session(pamh, PAM_SILENT); - if (retval != PAM_SUCCESS) { - ev = ERR_OPEN_SESSION; diff --git a/openssh.spec b/openssh.spec index c2e0d46..aa54611 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 13 +%define openssh_rel 14 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -628,6 +628,7 @@ fi %files keycat %defattr(-,root,root) +%doc HOWTO.ssh-keycat %attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat %attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat @@ -648,6 +649,9 @@ fi %endif %changelog +* Fri Mar 4 2011 Jan F. Chadima - 5.8p1-14 + 0.9.2-30 +- improove ssk-keycat (documentation) + * Thu Mar 3 2011 Jan F. Chadima - 5.8p1-13 + 0.9.2-30 - improve audit of logins and auths diff --git a/ssh-keycat.pam b/ssh-keycat.pam index fac9f37..d7a3f67 100644 --- a/ssh-keycat.pam +++ b/ssh-keycat.pam @@ -2,7 +2,7 @@ # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so -# pam_selinux.so open should only be followed by sessions to be executed in the -user context +# pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session required pam_namespace.so +