forked from rpms/openssh
coverity upgrade
wipe off nonfunctional nss selinux sandbox tweaking
This commit is contained in:
parent
c870e661c7
commit
cff1d0c39d
@ -1,75 +0,0 @@
|
|||||||
diff -up openssh-5.8p1/log.h.wIm openssh-5.8p1/log.h
|
|
||||||
--- openssh-5.8p1/log.h.wIm 2008-06-13 02:22:54.000000000 +0200
|
|
||||||
+++ openssh-5.8p1/log.h 2011-02-22 09:21:58.000000000 +0100
|
|
||||||
@@ -63,6 +63,8 @@ void verbose(const char *, ...) __at
|
|
||||||
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
|
|
||||||
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
|
|
||||||
+void _debug_wIm_body(const char *, const char *, const char *, int);
|
|
||||||
+#define debug_wIm(a) _debug_wIm_body(a,__func__,__FILE__,__LINE__)
|
|
||||||
|
|
||||||
void do_log(LogLevel, const char *, va_list);
|
|
||||||
void cleanup_exit(int) __attribute__((noreturn));
|
|
||||||
diff -up openssh-5.8p1/Makefile.in.wIm openssh-5.8p1/Makefile.in
|
|
||||||
--- openssh-5.8p1/Makefile.in.wIm 2011-02-04 01:42:13.000000000 +0100
|
|
||||||
+++ openssh-5.8p1/Makefile.in 2011-02-22 09:20:18.000000000 +0100
|
|
||||||
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
|
||||||
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
|
|
||||||
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
|
||||||
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
|
|
||||||
- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
|
|
||||||
+ readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \
|
|
||||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
|
||||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
|
||||||
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
|
||||||
diff -up openssh-5.8p1/sshd.c.wIm openssh-5.8p1/sshd.c
|
|
||||||
--- openssh-5.8p1/sshd.c.wIm 2011-01-11 07:20:31.000000000 +0100
|
|
||||||
+++ openssh-5.8p1/sshd.c 2011-02-22 09:20:18.000000000 +0100
|
|
||||||
@@ -139,6 +139,9 @@ int deny_severity;
|
|
||||||
|
|
||||||
extern char *__progname;
|
|
||||||
|
|
||||||
+/* trace of fork processes */
|
|
||||||
+extern int whereIam;
|
|
||||||
+
|
|
||||||
/* Server configuration options. */
|
|
||||||
ServerOptions options;
|
|
||||||
|
|
||||||
@@ -652,6 +655,7 @@ privsep_preauth(Authctxt *authctxt)
|
|
||||||
} else {
|
|
||||||
/* child */
|
|
||||||
|
|
||||||
+ whereIam = 1;
|
|
||||||
close(pmonitor->m_sendfd);
|
|
||||||
|
|
||||||
/* Demote the child */
|
|
||||||
@@ -693,6 +697,7 @@ privsep_postauth(Authctxt *authctxt)
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ whereIam = 2;
|
|
||||||
close(pmonitor->m_sendfd);
|
|
||||||
|
|
||||||
/* Demote the private keys to public keys. */
|
|
||||||
@@ -1302,6 +1307,8 @@ main(int ac, char **av)
|
|
||||||
Key *key;
|
|
||||||
Authctxt *authctxt;
|
|
||||||
|
|
||||||
+ whereIam = 0;
|
|
||||||
+
|
|
||||||
#ifdef HAVE_SECUREWARE
|
|
||||||
(void)set_auth_parameters(ac, av);
|
|
||||||
#endif
|
|
||||||
diff -up openssh-5.8p1/whereIam.c.wIm openssh-5.8p1/whereIam.c
|
|
||||||
--- openssh-5.8p1/whereIam.c.wIm 2011-02-22 09:20:18.000000000 +0100
|
|
||||||
+++ openssh-5.8p1/whereIam.c 2011-02-22 09:24:01.000000000 +0100
|
|
||||||
@@ -0,0 +1,9 @@
|
|
||||||
+
|
|
||||||
+int whereIam = -1;
|
|
||||||
+
|
|
||||||
+void _debug_wIm_body(const char *txt, const char *func, const char *file, int line)
|
|
||||||
+{
|
|
||||||
+ debug("%s: %s(%s:%d) wIm = %d, uid=%d, euid=%d", txt, func, file, line, whereIam, getuid(), geteuid());
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p0/auth.h.2auth openssh-5.9p0/auth.h
|
diff -up openssh-5.9p1/auth.h.2auth openssh-5.9p1/auth.h
|
||||||
--- openssh-5.9p0/auth.h.2auth 2011-05-29 13:39:38.000000000 +0200
|
--- openssh-5.9p1/auth.h.2auth 2011-05-29 13:39:38.000000000 +0200
|
||||||
+++ openssh-5.9p0/auth.h 2011-09-05 13:16:00.550626991 +0200
|
+++ openssh-5.9p1/auth.h 2011-09-13 20:25:22.250474950 +0200
|
||||||
@@ -149,6 +149,8 @@ int auth_root_allowed(char *);
|
@@ -149,6 +149,8 @@ int auth_root_allowed(char *);
|
||||||
|
|
||||||
char *auth2_read_banner(void);
|
char *auth2_read_banner(void);
|
||||||
@ -10,9 +10,9 @@ diff -up openssh-5.9p0/auth.h.2auth openssh-5.9p0/auth.h
|
|||||||
void privsep_challenge_enable(void);
|
void privsep_challenge_enable(void);
|
||||||
|
|
||||||
int auth2_challenge(Authctxt *, char *);
|
int auth2_challenge(Authctxt *, char *);
|
||||||
diff -up openssh-5.9p0/auth2.c.2auth openssh-5.9p0/auth2.c
|
diff -up openssh-5.9p1/auth2.c.2auth openssh-5.9p1/auth2.c
|
||||||
--- openssh-5.9p0/auth2.c.2auth 2011-05-05 06:04:11.000000000 +0200
|
--- openssh-5.9p1/auth2.c.2auth 2011-05-05 06:04:11.000000000 +0200
|
||||||
+++ openssh-5.9p0/auth2.c 2011-09-05 13:16:00.640626827 +0200
|
+++ openssh-5.9p1/auth2.c 2011-09-13 20:25:22.348458588 +0200
|
||||||
@@ -290,6 +290,23 @@ input_userauth_request(int type, u_int32
|
@@ -290,6 +290,23 @@ input_userauth_request(int type, u_int32
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -61,9 +61,9 @@ diff -up openssh-5.9p0/auth2.c.2auth openssh-5.9p0/auth2.c
|
|||||||
methods = authmethods_get();
|
methods = authmethods_get();
|
||||||
packet_start(SSH2_MSG_USERAUTH_FAILURE);
|
packet_start(SSH2_MSG_USERAUTH_FAILURE);
|
||||||
packet_put_cstring(methods);
|
packet_put_cstring(methods);
|
||||||
diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
|
diff -up openssh-5.9p1/monitor.c.2auth openssh-5.9p1/monitor.c
|
||||||
--- openssh-5.9p0/monitor.c.2auth 2011-08-05 22:15:18.000000000 +0200
|
--- openssh-5.9p1/monitor.c.2auth 2011-09-13 20:25:18.031458843 +0200
|
||||||
+++ openssh-5.9p0/monitor.c 2011-09-05 13:37:35.468502112 +0200
|
+++ openssh-5.9p1/monitor.c 2011-09-13 20:53:29.345644462 +0200
|
||||||
@@ -165,6 +165,7 @@ int mm_answer_jpake_step1(int, Buffer *)
|
@@ -165,6 +165,7 @@ int mm_answer_jpake_step1(int, Buffer *)
|
||||||
int mm_answer_jpake_step2(int, Buffer *);
|
int mm_answer_jpake_step2(int, Buffer *);
|
||||||
int mm_answer_jpake_key_confirm(int, Buffer *);
|
int mm_answer_jpake_key_confirm(int, Buffer *);
|
||||||
@ -80,7 +80,7 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
|
|||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -378,9 +380,9 @@ monitor_child_preauth(Authctxt *_authctx
|
@@ -378,7 +380,7 @@ monitor_child_preauth(Authctxt *_authctx
|
||||||
}
|
}
|
||||||
|
|
||||||
/* The first few requests do not require asynchronous access */
|
/* The first few requests do not require asynchronous access */
|
||||||
@ -89,9 +89,7 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
|
|||||||
auth_method = "unknown";
|
auth_method = "unknown";
|
||||||
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
|
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
|
||||||
if (authenticated) {
|
if (authenticated) {
|
||||||
if (!(ent->flags & MON_AUTHDECIDE))
|
@@ -390,7 +392,7 @@ monitor_child_preauth(Authctxt *_authctx
|
||||||
fatal("%s: unexpected authentication from %d",
|
|
||||||
@@ -390,7 +393,7 @@ monitor_child_preauth(Authctxt *_authctx
|
|
||||||
authenticated = 0;
|
authenticated = 0;
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
/* PAM needs to perform account checks after auth */
|
/* PAM needs to perform account checks after auth */
|
||||||
@ -100,7 +98,7 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
|
|||||||
Buffer m;
|
Buffer m;
|
||||||
|
|
||||||
buffer_init(&m);
|
buffer_init(&m);
|
||||||
@@ -2000,6 +2006,19 @@ monitor_reinit(struct monitor *mon)
|
@@ -2001,6 +2003,24 @@ monitor_reinit(struct monitor *mon)
|
||||||
monitor_openfds(mon, 0);
|
monitor_openfds(mon, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -114,15 +112,20 @@ diff -up openssh-5.9p0/monitor.c.2auth openssh-5.9p0/monitor.c
|
|||||||
+
|
+
|
||||||
+ userauth_restart(method);
|
+ userauth_restart(method);
|
||||||
+
|
+
|
||||||
|
+ xfree(method);
|
||||||
|
+ buffer_clear(m);
|
||||||
|
+
|
||||||
+ mm_request_send(sock, MONITOR_ANS_USERAUTH_RESTART, m);
|
+ mm_request_send(sock, MONITOR_ANS_USERAUTH_RESTART, m);
|
||||||
|
+
|
||||||
|
+ return (0);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
int
|
int
|
||||||
mm_answer_gss_setup_ctx(int sock, Buffer *m)
|
mm_answer_gss_setup_ctx(int sock, Buffer *m)
|
||||||
diff -up openssh-5.9p0/monitor.h.2auth openssh-5.9p0/monitor.h
|
diff -up openssh-5.9p1/monitor.h.2auth openssh-5.9p1/monitor.h
|
||||||
--- openssh-5.9p0/monitor.h.2auth 2011-06-20 06:42:23.000000000 +0200
|
--- openssh-5.9p1/monitor.h.2auth 2011-06-20 06:42:23.000000000 +0200
|
||||||
+++ openssh-5.9p0/monitor.h 2011-09-05 13:16:00.855502353 +0200
|
+++ openssh-5.9p1/monitor.h 2011-09-13 20:25:22.615458574 +0200
|
||||||
@@ -66,6 +66,7 @@ enum monitor_reqtype {
|
@@ -66,6 +66,7 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
|
MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
|
||||||
MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
|
MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
|
||||||
@ -131,9 +134,9 @@ diff -up openssh-5.9p0/monitor.h.2auth openssh-5.9p0/monitor.h
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct mm_master;
|
struct mm_master;
|
||||||
diff -up openssh-5.9p0/monitor_wrap.c.2auth openssh-5.9p0/monitor_wrap.c
|
diff -up openssh-5.9p1/monitor_wrap.c.2auth openssh-5.9p1/monitor_wrap.c
|
||||||
--- openssh-5.9p0/monitor_wrap.c.2auth 2011-06-20 06:42:23.000000000 +0200
|
--- openssh-5.9p1/monitor_wrap.c.2auth 2011-06-20 06:42:23.000000000 +0200
|
||||||
+++ openssh-5.9p0/monitor_wrap.c 2011-09-05 13:16:00.968503257 +0200
|
+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 20:25:22.735468462 +0200
|
||||||
@@ -1173,6 +1173,26 @@ mm_auth_rsa_verify_response(Key *key, BI
|
@@ -1173,6 +1173,26 @@ mm_auth_rsa_verify_response(Key *key, BI
|
||||||
return (success);
|
return (success);
|
||||||
}
|
}
|
||||||
@ -161,9 +164,9 @@ diff -up openssh-5.9p0/monitor_wrap.c.2auth openssh-5.9p0/monitor_wrap.c
|
|||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
void
|
void
|
||||||
mm_audit_event(ssh_audit_event_t event)
|
mm_audit_event(ssh_audit_event_t event)
|
||||||
diff -up openssh-5.9p0/monitor_wrap.h.2auth openssh-5.9p0/monitor_wrap.h
|
diff -up openssh-5.9p1/monitor_wrap.h.2auth openssh-5.9p1/monitor_wrap.h
|
||||||
--- openssh-5.9p0/monitor_wrap.h.2auth 2011-06-20 06:42:23.000000000 +0200
|
--- openssh-5.9p1/monitor_wrap.h.2auth 2011-06-20 06:42:23.000000000 +0200
|
||||||
+++ openssh-5.9p0/monitor_wrap.h 2011-09-05 13:16:01.074502211 +0200
|
+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 20:25:22.847457505 +0200
|
||||||
@@ -53,6 +53,7 @@ int mm_key_verify(Key *, u_char *, u_int
|
@@ -53,6 +53,7 @@ int mm_key_verify(Key *, u_char *, u_int
|
||||||
int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
|
int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
|
||||||
int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
|
int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
|
||||||
@ -172,9 +175,9 @@ diff -up openssh-5.9p0/monitor_wrap.h.2auth openssh-5.9p0/monitor_wrap.h
|
|||||||
|
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
|
||||||
diff -up openssh-5.9p0/servconf.c.2auth openssh-5.9p0/servconf.c
|
diff -up openssh-5.9p1/servconf.c.2auth openssh-5.9p1/servconf.c
|
||||||
--- openssh-5.9p0/servconf.c.2auth 2011-06-23 00:30:03.000000000 +0200
|
--- openssh-5.9p1/servconf.c.2auth 2011-09-13 20:25:18.836495701 +0200
|
||||||
+++ openssh-5.9p0/servconf.c 2011-09-05 13:16:01.223441110 +0200
|
+++ openssh-5.9p1/servconf.c 2011-09-13 20:25:22.994584169 +0200
|
||||||
@@ -92,6 +92,13 @@ initialize_server_options(ServerOptions
|
@@ -92,6 +92,13 @@ initialize_server_options(ServerOptions
|
||||||
options->hostbased_uses_name_from_packet_only = -1;
|
options->hostbased_uses_name_from_packet_only = -1;
|
||||||
options->rsa_authentication = -1;
|
options->rsa_authentication = -1;
|
||||||
@ -328,9 +331,9 @@ diff -up openssh-5.9p0/servconf.c.2auth openssh-5.9p0/servconf.c
|
|||||||
dump_cfg_fmtint(sPrintMotd, o->print_motd);
|
dump_cfg_fmtint(sPrintMotd, o->print_motd);
|
||||||
dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
|
dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
|
||||||
dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
|
dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
|
||||||
diff -up openssh-5.9p0/servconf.h.2auth openssh-5.9p0/servconf.h
|
diff -up openssh-5.9p1/servconf.h.2auth openssh-5.9p1/servconf.h
|
||||||
--- openssh-5.9p0/servconf.h.2auth 2011-06-23 00:30:03.000000000 +0200
|
--- openssh-5.9p1/servconf.h.2auth 2011-06-23 00:30:03.000000000 +0200
|
||||||
+++ openssh-5.9p0/servconf.h 2011-09-05 13:16:01.352564530 +0200
|
+++ openssh-5.9p1/servconf.h 2011-09-13 20:25:23.103459846 +0200
|
||||||
@@ -112,6 +112,14 @@ typedef struct {
|
@@ -112,6 +112,14 @@ typedef struct {
|
||||||
/* If true, permit jpake auth */
|
/* If true, permit jpake auth */
|
||||||
int permit_empty_passwd; /* If false, do not permit empty
|
int permit_empty_passwd; /* If false, do not permit empty
|
||||||
@ -346,9 +349,9 @@ diff -up openssh-5.9p0/servconf.h.2auth openssh-5.9p0/servconf.h
|
|||||||
int permit_user_env; /* If true, read ~/.ssh/environment */
|
int permit_user_env; /* If true, read ~/.ssh/environment */
|
||||||
int use_login; /* If true, login(1) is used */
|
int use_login; /* If true, login(1) is used */
|
||||||
int compression; /* If true, compression is allowed */
|
int compression; /* If true, compression is allowed */
|
||||||
diff -up openssh-5.9p0/sshd_config.2auth openssh-5.9p0/sshd_config
|
diff -up openssh-5.9p1/sshd_config.2auth openssh-5.9p1/sshd_config
|
||||||
--- openssh-5.9p0/sshd_config.2auth 2011-05-29 13:39:39.000000000 +0200
|
--- openssh-5.9p1/sshd_config.2auth 2011-05-29 13:39:39.000000000 +0200
|
||||||
+++ openssh-5.9p0/sshd_config 2011-09-05 13:16:01.461565750 +0200
|
+++ openssh-5.9p1/sshd_config 2011-09-13 20:25:23.221458447 +0200
|
||||||
@@ -87,6 +87,13 @@ AuthorizedKeysFile .ssh/authorized_keys
|
@@ -87,6 +87,13 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||||
# and ChallengeResponseAuthentication to 'no'.
|
# and ChallengeResponseAuthentication to 'no'.
|
||||||
#UsePAM no
|
#UsePAM no
|
||||||
@ -363,9 +366,9 @@ diff -up openssh-5.9p0/sshd_config.2auth openssh-5.9p0/sshd_config
|
|||||||
#AllowAgentForwarding yes
|
#AllowAgentForwarding yes
|
||||||
#AllowTcpForwarding yes
|
#AllowTcpForwarding yes
|
||||||
#GatewayPorts no
|
#GatewayPorts no
|
||||||
diff -up openssh-5.9p0/sshd_config.5.2auth openssh-5.9p0/sshd_config.5
|
diff -up openssh-5.9p1/sshd_config.5.2auth openssh-5.9p1/sshd_config.5
|
||||||
--- openssh-5.9p0/sshd_config.5.2auth 2011-08-05 22:17:33.000000000 +0200
|
--- openssh-5.9p1/sshd_config.5.2auth 2011-08-05 22:17:33.000000000 +0200
|
||||||
+++ openssh-5.9p0/sshd_config.5 2011-09-05 13:16:01.572564496 +0200
|
+++ openssh-5.9p1/sshd_config.5 2011-09-13 20:25:23.416458539 +0200
|
||||||
@@ -726,6 +726,12 @@ Available keywords are
|
@@ -726,6 +726,12 @@ Available keywords are
|
||||||
.Cm PubkeyAuthentication ,
|
.Cm PubkeyAuthentication ,
|
||||||
.Cm RhostsRSAAuthentication ,
|
.Cm RhostsRSAAuthentication ,
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
|
diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
|
||||||
--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 19:27:15.369501615 +0200
|
--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-14 07:24:40.876512251 +0200
|
||||||
+++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 19:30:32.958509941 +0200
|
+++ openssh-5.9p1/auth2-pubkey.c 2011-09-14 07:24:43.318458515 +0200
|
||||||
@@ -27,6 +27,7 @@
|
@@ -27,6 +27,7 @@
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
@ -241,8 +241,8 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
|
|||||||
return 0;
|
return 0;
|
||||||
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
|
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
|
||||||
diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
|
diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
|
||||||
--- openssh-5.9p1/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
|
--- openssh-5.9p1/configure.ac.akc 2011-09-14 07:24:42.863494886 +0200
|
||||||
+++ openssh-5.9p1/configure.ac 2011-09-09 19:27:17.548440048 +0200
|
+++ openssh-5.9p1/configure.ac 2011-09-14 07:24:43.441583848 +0200
|
||||||
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
|
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
|
||||||
esac ]
|
esac ]
|
||||||
)
|
)
|
||||||
@ -262,7 +262,7 @@ diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
|
|||||||
dnl Checks for library functions. Please keep in alphabetical order
|
dnl Checks for library functions. Please keep in alphabetical order
|
||||||
AC_CHECK_FUNCS([ \
|
AC_CHECK_FUNCS([ \
|
||||||
arc4random \
|
arc4random \
|
||||||
@@ -4235,6 +4247,7 @@ echo " SELinux support
|
@@ -4239,6 +4251,7 @@ echo " SELinux support
|
||||||
echo " Smartcard support: $SCARD_MSG"
|
echo " Smartcard support: $SCARD_MSG"
|
||||||
echo " S/KEY support: $SKEY_MSG"
|
echo " S/KEY support: $SKEY_MSG"
|
||||||
echo " TCP Wrappers support: $TCPW_MSG"
|
echo " TCP Wrappers support: $TCPW_MSG"
|
||||||
@ -271,8 +271,8 @@ diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
|
|||||||
echo " libedit support: $LIBEDIT_MSG"
|
echo " libedit support: $LIBEDIT_MSG"
|
||||||
echo " Solaris process contract support: $SPC_MSG"
|
echo " Solaris process contract support: $SPC_MSG"
|
||||||
diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
||||||
--- openssh-5.9p1/servconf.c.akc 2011-09-09 19:27:03.490455245 +0200
|
--- openssh-5.9p1/servconf.c.akc 2011-09-14 07:24:29.402475399 +0200
|
||||||
+++ openssh-5.9p1/servconf.c 2011-09-09 19:27:17.666565662 +0200
|
+++ openssh-5.9p1/servconf.c 2011-09-14 07:56:27.158585590 +0200
|
||||||
@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
|
@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
|
||||||
options->num_permitted_opens = -1;
|
options->num_permitted_opens = -1;
|
||||||
options->adm_forced_command = NULL;
|
options->adm_forced_command = NULL;
|
||||||
@ -304,7 +304,7 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
|||||||
{ NULL, sBadOption, 0 }
|
{ NULL, sBadOption, 0 }
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -1462,6 +1472,20 @@ process_server_config_line(ServerOptions
|
@@ -1462,6 +1472,24 @@ process_server_config_line(ServerOptions
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -318,6 +318,10 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
|||||||
+ charptr = &options->authorized_keys_command_runas;
|
+ charptr = &options->authorized_keys_command_runas;
|
||||||
+
|
+
|
||||||
+ arg = strdelim(&cp);
|
+ arg = strdelim(&cp);
|
||||||
|
+ if (!arg || *arg == '\0')
|
||||||
|
+ fatal("%s line %d: missing account.",
|
||||||
|
+ filename, linenum);
|
||||||
|
+
|
||||||
+ if (*activep && *charptr == NULL)
|
+ if (*activep && *charptr == NULL)
|
||||||
+ *charptr = xstrdup(arg);
|
+ *charptr = xstrdup(arg);
|
||||||
+ break;
|
+ break;
|
||||||
@ -325,7 +329,7 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
|||||||
case sDeprecated:
|
case sDeprecated:
|
||||||
logit("%s line %d: Deprecated option %s",
|
logit("%s line %d: Deprecated option %s",
|
||||||
filename, linenum, arg);
|
filename, linenum, arg);
|
||||||
@@ -1573,6 +1597,8 @@ copy_set_server_options(ServerOptions *d
|
@@ -1573,6 +1601,8 @@ copy_set_server_options(ServerOptions *d
|
||||||
M_CP_INTOPT(zero_knowledge_password_authentication);
|
M_CP_INTOPT(zero_knowledge_password_authentication);
|
||||||
M_CP_INTOPT(second_zero_knowledge_password_authentication);
|
M_CP_INTOPT(second_zero_knowledge_password_authentication);
|
||||||
M_CP_INTOPT(two_factor_authentication);
|
M_CP_INTOPT(two_factor_authentication);
|
||||||
@ -334,7 +338,7 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
|||||||
M_CP_INTOPT(permit_root_login);
|
M_CP_INTOPT(permit_root_login);
|
||||||
M_CP_INTOPT(permit_empty_passwd);
|
M_CP_INTOPT(permit_empty_passwd);
|
||||||
|
|
||||||
@@ -1839,6 +1865,8 @@ dump_config(ServerOptions *o)
|
@@ -1839,6 +1869,8 @@ dump_config(ServerOptions *o)
|
||||||
dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
|
dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
|
||||||
dump_cfg_string(sAuthorizedPrincipalsFile,
|
dump_cfg_string(sAuthorizedPrincipalsFile,
|
||||||
o->authorized_principals_file);
|
o->authorized_principals_file);
|
||||||
@ -344,8 +348,8 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
|
|||||||
/* string arguments requiring a lookup */
|
/* string arguments requiring a lookup */
|
||||||
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
|
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
|
||||||
diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
|
diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
|
||||||
--- openssh-5.9p1/servconf.h.akc 2011-09-09 19:27:03.614494286 +0200
|
--- openssh-5.9p1/servconf.h.akc 2011-09-14 07:24:29.511480441 +0200
|
||||||
+++ openssh-5.9p1/servconf.h 2011-09-09 19:27:18.043502934 +0200
|
+++ openssh-5.9p1/servconf.h 2011-09-14 07:24:43.678459183 +0200
|
||||||
@@ -174,6 +174,8 @@ typedef struct {
|
@@ -174,6 +174,8 @@ typedef struct {
|
||||||
char *revoked_keys_file;
|
char *revoked_keys_file;
|
||||||
char *trusted_user_ca_keys;
|
char *trusted_user_ca_keys;
|
||||||
@ -357,7 +361,7 @@ diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
|
|||||||
/*
|
/*
|
||||||
diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
|
diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
|
||||||
--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200
|
--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200
|
||||||
+++ openssh-5.9p1/sshd_config.0 2011-09-09 19:27:18.168626976 +0200
|
+++ openssh-5.9p1/sshd_config.0 2011-09-14 07:24:43.791460201 +0200
|
||||||
@@ -71,6 +71,23 @@ DESCRIPTION
|
@@ -71,6 +71,23 @@ DESCRIPTION
|
||||||
|
|
||||||
See PATTERNS in ssh_config(5) for more information on patterns.
|
See PATTERNS in ssh_config(5) for more information on patterns.
|
||||||
@ -393,8 +397,8 @@ diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
|
|||||||
GSSAPIAuthentication, HostbasedAuthentication,
|
GSSAPIAuthentication, HostbasedAuthentication,
|
||||||
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
|
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
|
||||||
diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
|
diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
|
||||||
--- openssh-5.9p1/sshd_config.5.akc 2011-09-09 19:27:03.912515059 +0200
|
--- openssh-5.9p1/sshd_config.5.akc 2011-09-14 07:24:29.793520372 +0200
|
||||||
+++ openssh-5.9p1/sshd_config.5 2011-09-09 19:27:18.292494317 +0200
|
+++ openssh-5.9p1/sshd_config.5 2011-09-14 07:24:43.912583678 +0200
|
||||||
@@ -706,6 +706,8 @@ Available keywords are
|
@@ -706,6 +706,8 @@ Available keywords are
|
||||||
.Cm AllowAgentForwarding ,
|
.Cm AllowAgentForwarding ,
|
||||||
.Cm AllowTcpForwarding ,
|
.Cm AllowTcpForwarding ,
|
||||||
@ -434,8 +438,8 @@ diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
|
|||||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||||
with successful RSA host authentication is allowed.
|
with successful RSA host authentication is allowed.
|
||||||
diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
|
diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
|
||||||
--- openssh-5.9p1/sshd_config.akc 2011-09-09 19:27:03.754502770 +0200
|
--- openssh-5.9p1/sshd_config.akc 2011-09-14 07:24:29.620461608 +0200
|
||||||
+++ openssh-5.9p1/sshd_config 2011-09-09 19:27:18.446471121 +0200
|
+++ openssh-5.9p1/sshd_config 2011-09-14 07:24:44.034462546 +0200
|
||||||
@@ -49,6 +49,9 @@
|
@@ -49,6 +49,9 @@
|
||||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||||
AuthorizedKeysFile .ssh/authorized_keys
|
AuthorizedKeysFile .ssh/authorized_keys
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p0/Makefile.in.audit3 openssh-5.9p0/Makefile.in
|
diff -up openssh-5.9p1/Makefile.in.audit3 openssh-5.9p1/Makefile.in
|
||||||
--- openssh-5.9p0/Makefile.in.audit3 2011-08-05 22:15:18.000000000 +0200
|
--- openssh-5.9p1/Makefile.in.audit3 2011-08-05 22:15:18.000000000 +0200
|
||||||
+++ openssh-5.9p0/Makefile.in 2011-09-03 19:28:53.226036039 +0200
|
+++ openssh-5.9p1/Makefile.in 2011-09-14 07:05:58.337520327 +0200
|
||||||
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
||||||
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
||||||
@ -10,9 +10,9 @@ diff -up openssh-5.9p0/Makefile.in.audit3 openssh-5.9p0/Makefile.in
|
|||||||
|
|
||||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||||
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
||||||
diff -up openssh-5.9p0/audit-bsm.c.audit3 openssh-5.9p0/audit-bsm.c
|
diff -up openssh-5.9p1/audit-bsm.c.audit3 openssh-5.9p1/audit-bsm.c
|
||||||
--- openssh-5.9p0/audit-bsm.c.audit3 2011-09-03 19:28:51.922034646 +0200
|
--- openssh-5.9p1/audit-bsm.c.audit3 2011-09-14 07:05:56.719459048 +0200
|
||||||
+++ openssh-5.9p0/audit-bsm.c 2011-09-03 19:28:53.475151642 +0200
|
+++ openssh-5.9p1/audit-bsm.c 2011-09-14 07:05:58.430520147 +0200
|
||||||
@@ -396,4 +396,16 @@ audit_event(ssh_audit_event_t event)
|
@@ -396,4 +396,16 @@ audit_event(ssh_audit_event_t event)
|
||||||
debug("%s: unhandled event %d", __func__, event);
|
debug("%s: unhandled event %d", __func__, event);
|
||||||
}
|
}
|
||||||
@ -30,9 +30,9 @@ diff -up openssh-5.9p0/audit-bsm.c.audit3 openssh-5.9p0/audit-bsm.c
|
|||||||
+ /* not implemented */
|
+ /* not implemented */
|
||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
|
diff -up openssh-5.9p1/audit-linux.c.audit3 openssh-5.9p1/audit-linux.c
|
||||||
--- openssh-5.9p0/audit-linux.c.audit3 2011-09-03 19:28:52.053030306 +0200
|
--- openssh-5.9p1/audit-linux.c.audit3 2011-09-14 07:05:56.820460613 +0200
|
||||||
+++ openssh-5.9p0/audit-linux.c 2011-09-03 19:28:53.583026470 +0200
|
+++ openssh-5.9p1/audit-linux.c 2011-09-14 07:07:29.651459660 +0200
|
||||||
@@ -40,6 +40,8 @@
|
@@ -40,6 +40,8 @@
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
@ -42,7 +42,7 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
|
|||||||
|
|
||||||
#define AUDIT_LOG_SIZE 128
|
#define AUDIT_LOG_SIZE 128
|
||||||
|
|
||||||
@@ -269,4 +271,56 @@ audit_event(ssh_audit_event_t event)
|
@@ -269,4 +271,60 @@ audit_event(ssh_audit_event_t event)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -52,11 +52,13 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
|
|||||||
+#ifdef AUDIT_CRYPTO_SESSION
|
+#ifdef AUDIT_CRYPTO_SESSION
|
||||||
+ char buf[AUDIT_LOG_SIZE];
|
+ char buf[AUDIT_LOG_SIZE];
|
||||||
+ const static char *name[] = { "cipher", "mac", "comp" };
|
+ const static char *name[] = { "cipher", "mac", "comp" };
|
||||||
|
+ char *s;
|
||||||
+ int audit_fd;
|
+ int audit_fd;
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ",
|
+ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ",
|
||||||
+ name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()),
|
+ name[what], get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())),
|
||||||
+ get_local_port());
|
+ get_local_port());
|
||||||
|
+ xfree(s);
|
||||||
+ audit_fd = audit_open();
|
+ audit_fd = audit_open();
|
||||||
+ if (audit_fd < 0)
|
+ if (audit_fd < 0)
|
||||||
+ /* no problem, the next instruction will be fatal() */
|
+ /* no problem, the next instruction will be fatal() */
|
||||||
@ -76,11 +78,13 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
|
|||||||
+ int audit_fd, audit_ok;
|
+ int audit_fd, audit_ok;
|
||||||
+ const static char *direction[] = { "from-server", "from-client", "both" };
|
+ const static char *direction[] = { "from-server", "from-client", "both" };
|
||||||
+ Cipher *cipher = cipher_by_name(enc);
|
+ Cipher *cipher = cipher_by_name(enc);
|
||||||
|
+ char *s;
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
||||||
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
|
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
|
||||||
+ (intmax_t)pid, (intmax_t)uid,
|
+ (intmax_t)pid, (intmax_t)uid,
|
||||||
+ get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
|
+ get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())), get_local_port());
|
||||||
|
+ xfree(s);
|
||||||
+ audit_fd = audit_open();
|
+ audit_fd = audit_open();
|
||||||
+ if (audit_fd < 0) {
|
+ if (audit_fd < 0) {
|
||||||
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
|
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
|
||||||
@ -99,9 +103,9 @@ diff -up openssh-5.9p0/audit-linux.c.audit3 openssh-5.9p0/audit-linux.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-5.9p0/audit.c.audit3 openssh-5.9p0/audit.c
|
diff -up openssh-5.9p1/audit.c.audit3 openssh-5.9p1/audit.c
|
||||||
--- openssh-5.9p0/audit.c.audit3 2011-09-03 19:28:52.166026259 +0200
|
--- openssh-5.9p1/audit.c.audit3 2011-09-14 07:05:56.937585272 +0200
|
||||||
+++ openssh-5.9p0/audit.c 2011-09-03 19:28:53.673151432 +0200
|
+++ openssh-5.9p1/audit.c 2011-09-14 07:05:58.646521393 +0200
|
||||||
@@ -28,6 +28,7 @@
|
@@ -28,6 +28,7 @@
|
||||||
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
@ -165,9 +169,9 @@ diff -up openssh-5.9p0/audit.c.audit3 openssh-5.9p0/audit.c
|
|||||||
+}
|
+}
|
||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p0/audit.h.audit3 openssh-5.9p0/audit.h
|
diff -up openssh-5.9p1/audit.h.audit3 openssh-5.9p1/audit.h
|
||||||
--- openssh-5.9p0/audit.h.audit3 2011-09-03 19:28:52.286024211 +0200
|
--- openssh-5.9p1/audit.h.audit3 2011-09-14 07:05:57.391522394 +0200
|
||||||
+++ openssh-5.9p0/audit.h 2011-09-03 19:28:53.783027870 +0200
|
+++ openssh-5.9p1/audit.h 2011-09-14 07:05:58.766586362 +0200
|
||||||
@@ -58,5 +58,9 @@ void audit_end_command(int, const char
|
@@ -58,5 +58,9 @@ void audit_end_command(int, const char
|
||||||
ssh_audit_event_t audit_classify_auth(const char *);
|
ssh_audit_event_t audit_classify_auth(const char *);
|
||||||
int audit_keyusage(int, const char *, unsigned, char *, int);
|
int audit_keyusage(int, const char *, unsigned, char *, int);
|
||||||
@ -178,9 +182,9 @@ diff -up openssh-5.9p0/audit.h.audit3 openssh-5.9p0/audit.h
|
|||||||
+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-5.9p0/auditstub.c.audit3 openssh-5.9p0/auditstub.c
|
diff -up openssh-5.9p1/auditstub.c.audit3 openssh-5.9p1/auditstub.c
|
||||||
--- openssh-5.9p0/auditstub.c.audit3 2011-09-03 19:28:53.879026270 +0200
|
--- openssh-5.9p1/auditstub.c.audit3 2011-09-14 07:05:58.866461077 +0200
|
||||||
+++ openssh-5.9p0/auditstub.c 2011-09-03 19:28:53.882025491 +0200
|
+++ openssh-5.9p1/auditstub.c 2011-09-14 07:05:58.870569033 +0200
|
||||||
@@ -0,0 +1,39 @@
|
@@ -0,0 +1,39 @@
|
||||||
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
|
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
|
||||||
+
|
+
|
||||||
@ -221,9 +225,9 @@ diff -up openssh-5.9p0/auditstub.c.audit3 openssh-5.9p0/auditstub.c
|
|||||||
+{
|
+{
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff -up openssh-5.9p0/cipher.c.audit3 openssh-5.9p0/cipher.c
|
diff -up openssh-5.9p1/cipher.c.audit3 openssh-5.9p1/cipher.c
|
||||||
--- openssh-5.9p0/cipher.c.audit3 2011-08-30 10:34:01.000000000 +0200
|
--- openssh-5.9p1/cipher.c.audit3 2011-09-07 15:05:09.000000000 +0200
|
||||||
+++ openssh-5.9p0/cipher.c 2011-09-03 19:28:53.966162869 +0200
|
+++ openssh-5.9p1/cipher.c 2011-09-14 07:05:58.955582581 +0200
|
||||||
@@ -60,15 +60,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
|
@@ -60,15 +60,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
|
||||||
extern const EVP_CIPHER *evp_aes_128_ctr(void);
|
extern const EVP_CIPHER *evp_aes_128_ctr(void);
|
||||||
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||||
@ -241,9 +245,9 @@ diff -up openssh-5.9p0/cipher.c.audit3 openssh-5.9p0/cipher.c
|
|||||||
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
|
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
|
||||||
{ "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
|
{ "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
|
||||||
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
|
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
|
||||||
diff -up openssh-5.9p0/cipher.h.audit3 openssh-5.9p0/cipher.h
|
diff -up openssh-5.9p1/cipher.h.audit3 openssh-5.9p1/cipher.h
|
||||||
--- openssh-5.9p0/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
|
--- openssh-5.9p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
|
||||||
+++ openssh-5.9p0/cipher.h 2011-09-03 19:28:54.068070077 +0200
|
+++ openssh-5.9p1/cipher.h 2011-09-14 07:05:59.063459363 +0200
|
||||||
@@ -61,7 +61,16 @@
|
@@ -61,7 +61,16 @@
|
||||||
typedef struct Cipher Cipher;
|
typedef struct Cipher Cipher;
|
||||||
typedef struct CipherContext CipherContext;
|
typedef struct CipherContext CipherContext;
|
||||||
@ -262,9 +266,9 @@ diff -up openssh-5.9p0/cipher.h.audit3 openssh-5.9p0/cipher.h
|
|||||||
struct CipherContext {
|
struct CipherContext {
|
||||||
int plaintext;
|
int plaintext;
|
||||||
EVP_CIPHER_CTX evp;
|
EVP_CIPHER_CTX evp;
|
||||||
diff -up openssh-5.9p0/kex.c.audit3 openssh-5.9p0/kex.c
|
diff -up openssh-5.9p1/kex.c.audit3 openssh-5.9p1/kex.c
|
||||||
--- openssh-5.9p0/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
|
--- openssh-5.9p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
|
||||||
+++ openssh-5.9p0/kex.c 2011-09-03 19:28:54.177212272 +0200
|
+++ openssh-5.9p1/kex.c 2011-09-14 07:05:59.171457800 +0200
|
||||||
@@ -49,6 +49,7 @@
|
@@ -49,6 +49,7 @@
|
||||||
#include "dispatch.h"
|
#include "dispatch.h"
|
||||||
#include "monitor.h"
|
#include "monitor.h"
|
||||||
@ -327,9 +331,9 @@ diff -up openssh-5.9p0/kex.c.audit3 openssh-5.9p0/kex.c
|
|||||||
}
|
}
|
||||||
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
|
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
|
||||||
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||||
diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
|
diff -up openssh-5.9p1/monitor.c.audit3 openssh-5.9p1/monitor.c
|
||||||
--- openssh-5.9p0/monitor.c.audit3 2011-09-03 19:28:52.851088094 +0200
|
--- openssh-5.9p1/monitor.c.audit3 2011-09-14 07:05:57.952459820 +0200
|
||||||
+++ openssh-5.9p0/monitor.c 2011-09-03 19:28:54.298087612 +0200
|
+++ openssh-5.9p1/monitor.c 2011-09-14 07:05:59.272520466 +0200
|
||||||
@@ -97,6 +97,7 @@
|
@@ -97,6 +97,7 @@
|
||||||
#include "ssh2.h"
|
#include "ssh2.h"
|
||||||
#include "jpake.h"
|
#include "jpake.h"
|
||||||
@ -383,7 +387,7 @@ diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -2380,3 +2391,44 @@ mm_answer_jpake_check_confirm(int sock,
|
@@ -2383,3 +2394,47 @@ mm_answer_jpake_check_confirm(int sock,
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* JPAKE */
|
#endif /* JPAKE */
|
||||||
@ -421,6 +425,9 @@ diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
|
|||||||
+
|
+
|
||||||
+ audit_kex_body(ctos, cipher, mac, compress, pid, uid);
|
+ audit_kex_body(ctos, cipher, mac, compress, pid, uid);
|
||||||
+
|
+
|
||||||
|
+ xfree(cipher);
|
||||||
|
+ xfree(mac);
|
||||||
|
+ xfree(compress);
|
||||||
+ buffer_clear(m);
|
+ buffer_clear(m);
|
||||||
+
|
+
|
||||||
+ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m);
|
+ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m);
|
||||||
@ -428,9 +435,9 @@ diff -up openssh-5.9p0/monitor.c.audit3 openssh-5.9p0/monitor.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+#endif /* SSH_AUDIT_EVENTS */
|
+#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p0/monitor.h.audit3 openssh-5.9p0/monitor.h
|
diff -up openssh-5.9p1/monitor.h.audit3 openssh-5.9p1/monitor.h
|
||||||
--- openssh-5.9p0/monitor.h.audit3 2011-09-03 19:28:51.000000000 +0200
|
--- openssh-5.9p1/monitor.h.audit3 2011-09-14 07:05:55.510580908 +0200
|
||||||
+++ openssh-5.9p0/monitor.h 2011-09-03 19:29:52.565211520 +0200
|
+++ openssh-5.9p1/monitor.h 2011-09-14 07:05:59.378647273 +0200
|
||||||
@@ -61,6 +61,8 @@ enum monitor_reqtype {
|
@@ -61,6 +61,8 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
|
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
|
||||||
MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
|
MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
|
||||||
@ -440,9 +447,9 @@ diff -up openssh-5.9p0/monitor.h.audit3 openssh-5.9p0/monitor.h
|
|||||||
MONITOR_REQ_TERM,
|
MONITOR_REQ_TERM,
|
||||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
||||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
||||||
diff -up openssh-5.9p0/monitor_wrap.c.audit3 openssh-5.9p0/monitor_wrap.c
|
diff -up openssh-5.9p1/monitor_wrap.c.audit3 openssh-5.9p1/monitor_wrap.c
|
||||||
--- openssh-5.9p0/monitor_wrap.c.audit3 2011-09-03 19:28:52.963088596 +0200
|
--- openssh-5.9p1/monitor_wrap.c.audit3 2011-09-14 07:05:58.059501118 +0200
|
||||||
+++ openssh-5.9p0/monitor_wrap.c 2011-09-03 19:28:54.602024893 +0200
|
+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 07:05:59.511503364 +0200
|
||||||
@@ -1505,3 +1505,41 @@ mm_jpake_check_confirm(const BIGNUM *k,
|
@@ -1505,3 +1505,41 @@ mm_jpake_check_confirm(const BIGNUM *k,
|
||||||
return success;
|
return success;
|
||||||
}
|
}
|
||||||
@ -485,9 +492,9 @@ diff -up openssh-5.9p0/monitor_wrap.c.audit3 openssh-5.9p0/monitor_wrap.c
|
|||||||
+ buffer_free(&m);
|
+ buffer_free(&m);
|
||||||
+}
|
+}
|
||||||
+#endif /* SSH_AUDIT_EVENTS */
|
+#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p0/monitor_wrap.h.audit3 openssh-5.9p0/monitor_wrap.h
|
diff -up openssh-5.9p1/monitor_wrap.h.audit3 openssh-5.9p1/monitor_wrap.h
|
||||||
--- openssh-5.9p0/monitor_wrap.h.audit3 2011-09-03 19:28:53.069087341 +0200
|
--- openssh-5.9p1/monitor_wrap.h.audit3 2011-09-14 07:05:58.171521245 +0200
|
||||||
+++ openssh-5.9p0/monitor_wrap.h 2011-09-03 19:28:54.704055439 +0200
|
+++ openssh-5.9p1/monitor_wrap.h 2011-09-14 07:05:59.624646515 +0200
|
||||||
@@ -78,6 +78,8 @@ void mm_sshpam_free_ctx(void *);
|
@@ -78,6 +78,8 @@ void mm_sshpam_free_ctx(void *);
|
||||||
void mm_audit_event(ssh_audit_event_t);
|
void mm_audit_event(ssh_audit_event_t);
|
||||||
int mm_audit_run_command(const char *);
|
int mm_audit_run_command(const char *);
|
||||||
@ -497,9 +504,9 @@ diff -up openssh-5.9p0/monitor_wrap.h.audit3 openssh-5.9p0/monitor_wrap.h
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-5.9p0/sshd.c.audit3 openssh-5.9p0/sshd.c
|
diff -up openssh-5.9p1/sshd.c.audit3 openssh-5.9p1/sshd.c
|
||||||
--- openssh-5.9p0/sshd.c.audit3 2011-09-03 19:28:51.758025429 +0200
|
--- openssh-5.9p1/sshd.c.audit3 2011-09-14 07:05:56.554583874 +0200
|
||||||
+++ openssh-5.9p0/sshd.c 2011-09-03 19:28:54.835049403 +0200
|
+++ openssh-5.9p1/sshd.c 2011-09-14 07:05:59.828466112 +0200
|
||||||
@@ -118,6 +118,7 @@
|
@@ -118,6 +118,7 @@
|
||||||
#endif
|
#endif
|
||||||
#include "monitor_wrap.h"
|
#include "monitor_wrap.h"
|
||||||
@ -508,7 +515,7 @@ diff -up openssh-5.9p0/sshd.c.audit3 openssh-5.9p0/sshd.c
|
|||||||
#include "ssh-sandbox.h"
|
#include "ssh-sandbox.h"
|
||||||
#include "version.h"
|
#include "version.h"
|
||||||
|
|
||||||
@@ -2204,6 +2205,10 @@ do_ssh1_kex(void)
|
@@ -2209,6 +2210,10 @@ do_ssh1_kex(void)
|
||||||
if (cookie[i] != packet_get_char())
|
if (cookie[i] != packet_get_char())
|
||||||
packet_disconnect("IP Spoofing check bytes do not match.");
|
packet_disconnect("IP Spoofing check bytes do not match.");
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
|
diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
|
||||||
--- openssh-5.9p1/audit-bsm.c.audit4 2011-09-13 07:36:58.921674464 +0200
|
--- openssh-5.9p1/audit-bsm.c.audit4 2011-09-14 07:20:13.580471755 +0200
|
||||||
+++ openssh-5.9p1/audit-bsm.c 2011-09-13 07:36:59.171674206 +0200
|
+++ openssh-5.9p1/audit-bsm.c 2011-09-14 07:20:15.087521491 +0200
|
||||||
@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
|
@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
|
||||||
{
|
{
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
@ -13,9 +13,9 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
|
|||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
|
diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
|
||||||
--- openssh-5.9p1/audit-linux.c.audit4 2011-09-13 07:36:58.938720835 +0200
|
--- openssh-5.9p1/audit-linux.c.audit4 2011-09-14 07:20:13.692465249 +0200
|
||||||
+++ openssh-5.9p1/audit-linux.c 2011-09-13 07:36:59.187673990 +0200
|
+++ openssh-5.9p1/audit-linux.c 2011-09-14 07:21:51.559462876 +0200
|
||||||
@@ -292,6 +292,8 @@ audit_unsupported_body(int what)
|
@@ -294,6 +294,8 @@ audit_unsupported_body(int what)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -24,15 +24,15 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
|
|||||||
void
|
void
|
||||||
audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
|
audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
|
||||||
uid_t uid)
|
uid_t uid)
|
||||||
@@ -299,7 +301,6 @@ audit_kex_body(int ctos, char *enc, char
|
@@ -301,7 +303,6 @@ audit_kex_body(int ctos, char *enc, char
|
||||||
#ifdef AUDIT_CRYPTO_SESSION
|
#ifdef AUDIT_CRYPTO_SESSION
|
||||||
char buf[AUDIT_LOG_SIZE];
|
char buf[AUDIT_LOG_SIZE];
|
||||||
int audit_fd, audit_ok;
|
int audit_fd, audit_ok;
|
||||||
- const static char *direction[] = { "from-server", "from-client", "both" };
|
- const static char *direction[] = { "from-server", "from-client", "both" };
|
||||||
Cipher *cipher = cipher_by_name(enc);
|
Cipher *cipher = cipher_by_name(enc);
|
||||||
|
char *s;
|
||||||
|
|
||||||
snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
@@ -327,4 +328,32 @@ audit_kex_body(int ctos, char *enc, char
|
||||||
@@ -323,4 +324,30 @@ audit_kex_body(int ctos, char *enc, char
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -41,12 +41,14 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
|
|||||||
+{
|
+{
|
||||||
+ char buf[AUDIT_LOG_SIZE];
|
+ char buf[AUDIT_LOG_SIZE];
|
||||||
+ int audit_fd, audit_ok;
|
+ int audit_fd, audit_ok;
|
||||||
|
+ char *s;
|
||||||
+
|
+
|
||||||
+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
|
||||||
+ direction[ctos], (intmax_t)pid, (intmax_t)uid,
|
+ direction[ctos], (intmax_t)pid, (intmax_t)uid,
|
||||||
+ get_remote_port(),
|
+ get_remote_port(),
|
||||||
+ get_local_ipaddr(packet_get_connection_in()),
|
+ (s = get_local_ipaddr(packet_get_connection_in())),
|
||||||
+ get_local_port());
|
+ get_local_port());
|
||||||
|
+ xfree(s);
|
||||||
+ audit_fd = audit_open();
|
+ audit_fd = audit_open();
|
||||||
+ if (audit_fd < 0) {
|
+ if (audit_fd < 0) {
|
||||||
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
|
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
|
||||||
@ -64,8 +66,8 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
|
|||||||
+
|
+
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
|
diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
|
||||||
--- openssh-5.9p1/audit.c.audit4 2011-09-13 07:36:58.954674484 +0200
|
--- openssh-5.9p1/audit.c.audit4 2011-09-14 07:20:13.787520896 +0200
|
||||||
+++ openssh-5.9p1/audit.c 2011-09-13 07:36:59.202799426 +0200
|
+++ openssh-5.9p1/audit.c 2011-09-14 07:20:15.619521843 +0200
|
||||||
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
|
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
|
||||||
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
||||||
}
|
}
|
||||||
@ -96,8 +98,8 @@ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
|
|||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
|
diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
|
||||||
--- openssh-5.9p1/audit.h.audit4 2011-09-13 07:36:58.971799421 +0200
|
--- openssh-5.9p1/audit.h.audit4 2011-09-14 07:20:13.893524944 +0200
|
||||||
+++ openssh-5.9p1/audit.h 2011-09-13 07:36:59.216674281 +0200
|
+++ openssh-5.9p1/audit.h 2011-09-14 07:20:15.739523476 +0200
|
||||||
@@ -62,5 +62,7 @@ void audit_unsupported(int);
|
@@ -62,5 +62,7 @@ void audit_unsupported(int);
|
||||||
void audit_kex(int, char *, char *, char *);
|
void audit_kex(int, char *, char *, char *);
|
||||||
void audit_unsupported_body(int);
|
void audit_unsupported_body(int);
|
||||||
@ -107,8 +109,8 @@ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
|
|||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
|
diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
|
||||||
--- openssh-5.9p1/auditstub.c.audit4 2011-09-13 07:36:58.986674407 +0200
|
--- openssh-5.9p1/auditstub.c.audit4 2011-09-14 07:20:13.993523515 +0200
|
||||||
+++ openssh-5.9p1/auditstub.c 2011-09-13 07:36:59.230674500 +0200
|
+++ openssh-5.9p1/auditstub.c 2011-09-14 07:20:15.843531733 +0200
|
||||||
@@ -27,6 +27,8 @@
|
@@ -27,6 +27,8 @@
|
||||||
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
|
* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
|
||||||
*/
|
*/
|
||||||
@ -132,8 +134,8 @@ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
|
|||||||
+{
|
+{
|
||||||
+}
|
+}
|
||||||
diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
|
diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
|
||||||
--- openssh-5.9p1/kex.c.audit4 2011-09-13 07:36:59.032798982 +0200
|
--- openssh-5.9p1/kex.c.audit4 2011-09-14 07:20:14.294645864 +0200
|
||||||
+++ openssh-5.9p1/kex.c 2011-09-13 07:36:59.243799057 +0200
|
+++ openssh-5.9p1/kex.c 2011-09-14 07:20:15.948646500 +0200
|
||||||
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
|
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
|
||||||
fprintf(stderr, "\n");
|
fprintf(stderr, "\n");
|
||||||
}
|
}
|
||||||
@ -171,7 +173,7 @@ diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
|
|||||||
+
|
+
|
||||||
diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
|
diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
|
||||||
--- openssh-5.9p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
--- openssh-5.9p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
||||||
+++ openssh-5.9p1/kex.h 2011-09-13 07:36:59.259674391 +0200
|
+++ openssh-5.9p1/kex.h 2011-09-14 07:20:16.045521582 +0200
|
||||||
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
|
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
|
||||||
void kexecdh_client(Kex *);
|
void kexecdh_client(Kex *);
|
||||||
void kexecdh_server(Kex *);
|
void kexecdh_server(Kex *);
|
||||||
@ -183,7 +185,7 @@ diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
|
|||||||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||||
diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
|
diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
|
||||||
--- openssh-5.9p1/mac.c.audit4 2011-08-17 02:29:03.000000000 +0200
|
--- openssh-5.9p1/mac.c.audit4 2011-08-17 02:29:03.000000000 +0200
|
||||||
+++ openssh-5.9p1/mac.c 2011-09-13 07:36:59.273799275 +0200
|
+++ openssh-5.9p1/mac.c 2011-09-14 07:20:16.173477847 +0200
|
||||||
@@ -168,6 +168,20 @@ mac_clear(Mac *mac)
|
@@ -168,6 +168,20 @@ mac_clear(Mac *mac)
|
||||||
mac->umac_ctx = NULL;
|
mac->umac_ctx = NULL;
|
||||||
}
|
}
|
||||||
@ -207,15 +209,15 @@ diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
|
|||||||
int
|
int
|
||||||
diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h
|
diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h
|
||||||
--- openssh-5.9p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
--- openssh-5.9p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
||||||
+++ openssh-5.9p1/mac.h 2011-09-13 07:36:59.286674543 +0200
|
+++ openssh-5.9p1/mac.h 2011-09-14 07:20:16.287522108 +0200
|
||||||
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
||||||
int mac_init(Mac *);
|
int mac_init(Mac *);
|
||||||
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
||||||
void mac_clear(Mac *);
|
void mac_clear(Mac *);
|
||||||
+void mac_destroy(Mac *);
|
+void mac_destroy(Mac *);
|
||||||
diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
||||||
--- openssh-5.9p1/monitor.c.audit4 2011-09-13 07:36:59.058688802 +0200
|
--- openssh-5.9p1/monitor.c.audit4 2011-09-14 07:20:14.404521153 +0200
|
||||||
+++ openssh-5.9p1/monitor.c 2011-09-13 07:38:37.825674060 +0200
|
+++ openssh-5.9p1/monitor.c 2011-09-14 07:20:16.400462714 +0200
|
||||||
@@ -190,6 +190,7 @@ int mm_answer_audit_command(int, Buffer
|
@@ -190,6 +190,7 @@ int mm_answer_audit_command(int, Buffer
|
||||||
int mm_answer_audit_end_command(int, Buffer *);
|
int mm_answer_audit_end_command(int, Buffer *);
|
||||||
int mm_answer_audit_unsupported_body(int, Buffer *);
|
int mm_answer_audit_unsupported_body(int, Buffer *);
|
||||||
@ -261,7 +263,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
- /* Drain any buffered messages from the child */
|
- /* Drain any buffered messages from the child */
|
||||||
- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
|
- while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
|
||||||
- ;
|
- ;
|
||||||
-
|
-
|
||||||
if (!authctxt->valid)
|
if (!authctxt->valid)
|
||||||
@ -297,13 +299,13 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
|||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
+ /* Drain any buffered messages from the child */
|
+ /* Drain any buffered messages from the child */
|
||||||
+ while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
|
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
|
||||||
+ ;
|
+ ;
|
||||||
+
|
+
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -2429,4 +2447,22 @@ mm_answer_audit_kex_body(int sock, Buffe
|
@@ -2437,4 +2455,22 @@ mm_answer_audit_kex_body(int sock, Buffe
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -327,8 +329,8 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
|
diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
|
||||||
--- openssh-5.9p1/monitor.h.audit4 2011-09-13 07:36:59.076799458 +0200
|
--- openssh-5.9p1/monitor.h.audit4 2011-09-14 07:20:14.518521791 +0200
|
||||||
+++ openssh-5.9p1/monitor.h 2011-09-13 07:36:59.322799576 +0200
|
+++ openssh-5.9p1/monitor.h 2011-09-14 07:20:16.512585387 +0200
|
||||||
@@ -63,6 +63,7 @@ enum monitor_reqtype {
|
@@ -63,6 +63,7 @@ enum monitor_reqtype {
|
||||||
MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
|
MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
|
||||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||||
@ -338,8 +340,8 @@ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
|
|||||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
||||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
||||||
diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
|
diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
|
||||||
--- openssh-5.9p1/monitor_wrap.c.audit4 2011-09-13 07:36:59.100724984 +0200
|
--- openssh-5.9p1/monitor_wrap.c.audit4 2011-09-14 07:20:14.713521378 +0200
|
||||||
+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 07:36:59.339674340 +0200
|
+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 07:20:16.640587362 +0200
|
||||||
@@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor
|
@@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor
|
||||||
fatal("%s: conversion of newkeys failed", __func__);
|
fatal("%s: conversion of newkeys failed", __func__);
|
||||||
|
|
||||||
@ -376,8 +378,8 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
|
diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
|
||||||
--- openssh-5.9p1/monitor_wrap.h.audit4 2011-09-13 07:36:59.118674223 +0200
|
--- openssh-5.9p1/monitor_wrap.h.audit4 2011-09-14 07:20:14.821520100 +0200
|
||||||
+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 07:36:59.353674499 +0200
|
+++ openssh-5.9p1/monitor_wrap.h 2011-09-14 07:20:16.749585355 +0200
|
||||||
@@ -80,6 +80,7 @@ int mm_audit_run_command(const char *);
|
@@ -80,6 +80,7 @@ int mm_audit_run_command(const char *);
|
||||||
void mm_audit_end_command(int, const char *);
|
void mm_audit_end_command(int, const char *);
|
||||||
void mm_audit_unsupported_body(int);
|
void mm_audit_unsupported_body(int);
|
||||||
@ -387,8 +389,8 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
|
|||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
||||||
--- openssh-5.9p1/packet.c.audit4 2011-09-13 07:36:58.244674109 +0200
|
--- openssh-5.9p1/packet.c.audit4 2011-09-14 07:20:09.337458270 +0200
|
||||||
+++ openssh-5.9p1/packet.c 2011-09-13 07:36:59.373710318 +0200
|
+++ openssh-5.9p1/packet.c 2011-09-14 07:20:16.892461022 +0200
|
||||||
@@ -60,6 +60,7 @@
|
@@ -60,6 +60,7 @@
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
|
|
||||||
@ -582,7 +584,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
|
|||||||
+
|
+
|
||||||
diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
|
diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
|
||||||
--- openssh-5.9p1/packet.h.audit4 2011-05-15 00:43:13.000000000 +0200
|
--- openssh-5.9p1/packet.h.audit4 2011-05-15 00:43:13.000000000 +0200
|
||||||
+++ openssh-5.9p1/packet.h 2011-09-13 07:36:59.390799281 +0200
|
+++ openssh-5.9p1/packet.h 2011-09-14 07:20:17.003583853 +0200
|
||||||
@@ -124,4 +124,5 @@ void packet_restore_state(void);
|
@@ -124,4 +124,5 @@ void packet_restore_state(void);
|
||||||
void *packet_get_input(void);
|
void *packet_get_input(void);
|
||||||
void *packet_get_output(void);
|
void *packet_get_output(void);
|
||||||
@ -590,8 +592,8 @@ diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
|
|||||||
+void packet_destroy_all(int, int);
|
+void packet_destroy_all(int, int);
|
||||||
#endif /* PACKET_H */
|
#endif /* PACKET_H */
|
||||||
diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
|
diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
|
||||||
--- openssh-5.9p1/session.c.audit4 2011-09-13 07:36:58.637798995 +0200
|
--- openssh-5.9p1/session.c.audit4 2011-09-14 07:20:11.774521404 +0200
|
||||||
+++ openssh-5.9p1/session.c 2011-09-13 07:36:59.411690264 +0200
|
+++ openssh-5.9p1/session.c 2011-09-14 07:20:17.134462420 +0200
|
||||||
@@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command
|
@@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command
|
||||||
|
|
||||||
/* remove hostkey from the child's memory */
|
/* remove hostkey from the child's memory */
|
||||||
@ -603,9 +605,9 @@ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
|
|||||||
/* Force a password change */
|
/* Force a password change */
|
||||||
if (s->authctxt->force_pwchange) {
|
if (s->authctxt->force_pwchange) {
|
||||||
diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
||||||
--- openssh-5.9p1/sshd.c.audit4 2011-09-13 07:36:59.143674103 +0200
|
--- openssh-5.9p1/sshd.c.audit4 2011-09-14 07:20:14.946521214 +0200
|
||||||
+++ openssh-5.9p1/sshd.c 2011-09-13 07:39:06.125718627 +0200
|
+++ openssh-5.9p1/sshd.c 2011-09-14 07:20:17.258458657 +0200
|
||||||
@@ -684,6 +684,8 @@ privsep_preauth(Authctxt *authctxt)
|
@@ -686,6 +686,8 @@ privsep_preauth(Authctxt *authctxt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -614,7 +616,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
|||||||
static void
|
static void
|
||||||
privsep_postauth(Authctxt *authctxt)
|
privsep_postauth(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
@@ -708,6 +710,10 @@ privsep_postauth(Authctxt *authctxt)
|
@@ -710,6 +712,10 @@ privsep_postauth(Authctxt *authctxt)
|
||||||
else if (pmonitor->m_pid != 0) {
|
else if (pmonitor->m_pid != 0) {
|
||||||
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
|
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
|
||||||
buffer_clear(&loginmsg);
|
buffer_clear(&loginmsg);
|
||||||
@ -625,7 +627,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
|||||||
monitor_child_postauth(pmonitor);
|
monitor_child_postauth(pmonitor);
|
||||||
|
|
||||||
/* NEVERREACHED */
|
/* NEVERREACHED */
|
||||||
@@ -1999,6 +2005,7 @@ main(int ac, char **av)
|
@@ -2001,6 +2007,7 @@ main(int ac, char **av)
|
||||||
*/
|
*/
|
||||||
if (use_privsep) {
|
if (use_privsep) {
|
||||||
mm_send_keystate(pmonitor);
|
mm_send_keystate(pmonitor);
|
||||||
@ -633,7 +635,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
|||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2051,6 +2058,8 @@ main(int ac, char **av)
|
@@ -2053,6 +2060,8 @@ main(int ac, char **av)
|
||||||
do_authenticated(authctxt);
|
do_authenticated(authctxt);
|
||||||
|
|
||||||
/* The connection has been terminated. */
|
/* The connection has been terminated. */
|
||||||
@ -642,7 +644,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
|
|||||||
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
|
||||||
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
|
||||||
verbose("Transferred: sent %llu, received %llu bytes",
|
verbose("Transferred: sent %llu, received %llu bytes",
|
||||||
@@ -2368,8 +2377,20 @@ do_ssh2_kex(void)
|
@@ -2370,8 +2379,20 @@ do_ssh2_kex(void)
|
||||||
void
|
void
|
||||||
cleanup_exit(int i)
|
cleanup_exit(int i)
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
|
diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
|
||||||
--- openssh-5.9p1/audit-bsm.c.audit5 2011-09-10 19:40:19.638521318 +0200
|
--- openssh-5.9p1/audit-bsm.c.audit5 2011-09-13 22:07:31.262575526 +0200
|
||||||
+++ openssh-5.9p1/audit-bsm.c 2011-09-10 19:40:21.675487204 +0200
|
+++ openssh-5.9p1/audit-bsm.c 2011-09-13 22:07:33.268491813 +0200
|
||||||
@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi
|
@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi
|
||||||
{
|
{
|
||||||
/* not implemented */
|
/* not implemented */
|
||||||
@ -25,8 +25,8 @@ diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
|
|||||||
+}
|
+}
|
||||||
#endif /* BSM */
|
#endif /* BSM */
|
||||||
diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
|
diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
|
||||||
--- openssh-5.9p1/audit-linux.c.audit5 2011-09-10 19:40:19.713521349 +0200
|
--- openssh-5.9p1/audit-linux.c.audit5 2011-09-13 22:07:31.400584308 +0200
|
||||||
+++ openssh-5.9p1/audit-linux.c 2011-09-10 19:40:21.765473529 +0200
|
+++ openssh-5.9p1/audit-linux.c 2011-09-13 22:07:33.357460348 +0200
|
||||||
@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi
|
@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi
|
||||||
error("cannot write into audit");
|
error("cannot write into audit");
|
||||||
}
|
}
|
||||||
@ -79,8 +79,8 @@ diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
|
|||||||
+}
|
+}
|
||||||
#endif /* USE_LINUX_AUDIT */
|
#endif /* USE_LINUX_AUDIT */
|
||||||
diff -up openssh-5.9p1/audit.c.audit5 openssh-5.9p1/audit.c
|
diff -up openssh-5.9p1/audit.c.audit5 openssh-5.9p1/audit.c
|
||||||
--- openssh-5.9p1/audit.c.audit5 2011-09-10 19:40:19.814646179 +0200
|
--- openssh-5.9p1/audit.c.audit5 2011-09-13 22:07:31.495458797 +0200
|
||||||
+++ openssh-5.9p1/audit.c 2011-09-10 19:40:21.872459880 +0200
|
+++ openssh-5.9p1/audit.c 2011-09-13 22:07:33.478458341 +0200
|
||||||
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
|
||||||
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
||||||
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
||||||
@ -107,8 +107,8 @@ diff -up openssh-5.9p1/audit.c.audit5 openssh-5.9p1/audit.c
|
|||||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/audit.h.audit5 openssh-5.9p1/audit.h
|
diff -up openssh-5.9p1/audit.h.audit5 openssh-5.9p1/audit.h
|
||||||
--- openssh-5.9p1/audit.h.audit5 2011-09-10 19:40:19.945521685 +0200
|
--- openssh-5.9p1/audit.h.audit5 2011-09-13 22:07:31.616459125 +0200
|
||||||
+++ openssh-5.9p1/audit.h 2011-09-10 19:40:21.990457118 +0200
|
+++ openssh-5.9p1/audit.h 2011-09-13 22:07:33.612458074 +0200
|
||||||
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
|
||||||
};
|
};
|
||||||
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
||||||
@ -127,8 +127,8 @@ diff -up openssh-5.9p1/audit.h.audit5 openssh-5.9p1/audit.h
|
|||||||
|
|
||||||
#endif /* _SSH_AUDIT_H */
|
#endif /* _SSH_AUDIT_H */
|
||||||
diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
|
diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
|
||||||
--- openssh-5.9p1/key.c.audit5 2011-09-10 19:40:11.396460430 +0200
|
--- openssh-5.9p1/key.c.audit5 2011-09-13 22:07:23.054490740 +0200
|
||||||
+++ openssh-5.9p1/key.c 2011-09-10 19:40:22.096459112 +0200
|
+++ openssh-5.9p1/key.c 2011-09-13 22:07:33.721583661 +0200
|
||||||
@@ -1799,6 +1799,30 @@ key_demote(const Key *k)
|
@@ -1799,6 +1799,30 @@ key_demote(const Key *k)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -161,8 +161,8 @@ diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
|
|||||||
{
|
{
|
||||||
if (k == NULL)
|
if (k == NULL)
|
||||||
diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
|
diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
|
||||||
--- openssh-5.9p1/key.h.audit5 2011-09-10 19:40:11.510460018 +0200
|
--- openssh-5.9p1/key.h.audit5 2011-09-13 22:07:23.160459285 +0200
|
||||||
+++ openssh-5.9p1/key.h 2011-09-10 19:40:22.208459363 +0200
|
+++ openssh-5.9p1/key.h 2011-09-13 22:07:33.847459341 +0200
|
||||||
@@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
|
@@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
|
||||||
Key *key_from_private(const Key *);
|
Key *key_from_private(const Key *);
|
||||||
int key_type_from_name(char *);
|
int key_type_from_name(char *);
|
||||||
@ -172,8 +172,8 @@ diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
|
|||||||
int key_to_certified(Key *, int);
|
int key_to_certified(Key *, int);
|
||||||
int key_drop_cert(Key *);
|
int key_drop_cert(Key *);
|
||||||
diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
||||||
--- openssh-5.9p1/monitor.c.audit5 2011-09-10 19:40:20.635514835 +0200
|
--- openssh-5.9p1/monitor.c.audit5 2011-09-13 22:07:32.285495537 +0200
|
||||||
+++ openssh-5.9p1/monitor.c 2011-09-10 19:40:22.327585849 +0200
|
+++ openssh-5.9p1/monitor.c 2011-09-13 22:10:04.148554239 +0200
|
||||||
@@ -114,6 +114,8 @@ extern Buffer auth_debug;
|
@@ -114,6 +114,8 @@ extern Buffer auth_debug;
|
||||||
extern int auth_debug_init;
|
extern int auth_debug_init;
|
||||||
extern Buffer loginmsg;
|
extern Buffer loginmsg;
|
||||||
@ -223,7 +223,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
|||||||
#endif
|
#endif
|
||||||
{0, 0, NULL}
|
{0, 0, NULL}
|
||||||
};
|
};
|
||||||
@@ -1720,6 +1727,8 @@ mm_answer_term(int sock, Buffer *req)
|
@@ -1716,6 +1723,8 @@ mm_answer_term(int sock, Buffer *req)
|
||||||
sshpam_cleanup();
|
sshpam_cleanup();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -232,7 +232,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
|||||||
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
||||||
if (errno != EINTR)
|
if (errno != EINTR)
|
||||||
exit(1);
|
exit(1);
|
||||||
@@ -2466,4 +2475,24 @@ mm_answer_audit_session_key_free_body(in
|
@@ -2470,4 +2479,25 @@ mm_answer_audit_session_key_free_body(in
|
||||||
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
|
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -251,6 +251,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
|||||||
+
|
+
|
||||||
+ audit_destroy_sensitive_data(fp, pid, uid);
|
+ audit_destroy_sensitive_data(fp, pid, uid);
|
||||||
+
|
+
|
||||||
|
+ xfree(fp);
|
||||||
+ buffer_clear(m);
|
+ buffer_clear(m);
|
||||||
+
|
+
|
||||||
+ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m);
|
+ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m);
|
||||||
@ -258,8 +259,8 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
|
diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
|
||||||
--- openssh-5.9p1/monitor.h.audit5 2011-09-10 19:40:20.741522656 +0200
|
--- openssh-5.9p1/monitor.h.audit5 2011-09-13 22:07:32.385522626 +0200
|
||||||
+++ openssh-5.9p1/monitor.h 2011-09-10 19:40:22.440461159 +0200
|
+++ openssh-5.9p1/monitor.h 2011-09-13 22:07:34.098459356 +0200
|
||||||
@@ -64,6 +64,7 @@ enum monitor_reqtype {
|
@@ -64,6 +64,7 @@ enum monitor_reqtype {
|
||||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||||
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
||||||
@ -269,8 +270,8 @@ diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
|
|||||||
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
|
||||||
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
|
||||||
diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
|
diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
|
||||||
--- openssh-5.9p1/monitor_wrap.c.audit5 2011-09-10 19:40:20.871609482 +0200
|
--- openssh-5.9p1/monitor_wrap.c.audit5 2011-09-13 22:07:32.510521163 +0200
|
||||||
+++ openssh-5.9p1/monitor_wrap.c 2011-09-10 19:40:22.559458727 +0200
|
+++ openssh-5.9p1/monitor_wrap.c 2011-09-13 22:07:34.610458275 +0200
|
||||||
@@ -1559,4 +1559,20 @@ mm_audit_session_key_free_body(int ctos,
|
@@ -1559,4 +1559,20 @@ mm_audit_session_key_free_body(int ctos,
|
||||||
&m);
|
&m);
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
@ -293,8 +294,8 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
|
|||||||
+}
|
+}
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
|
diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
|
||||||
--- openssh-5.9p1/monitor_wrap.h.audit5 2011-09-10 19:40:20.983521729 +0200
|
--- openssh-5.9p1/monitor_wrap.h.audit5 2011-09-13 22:07:32.607520810 +0200
|
||||||
+++ openssh-5.9p1/monitor_wrap.h 2011-09-10 19:40:22.730460011 +0200
|
+++ openssh-5.9p1/monitor_wrap.h 2011-09-13 22:07:34.716458214 +0200
|
||||||
@@ -81,6 +81,7 @@ void mm_audit_end_command(int, const cha
|
@@ -81,6 +81,7 @@ void mm_audit_end_command(int, const cha
|
||||||
void mm_audit_unsupported_body(int);
|
void mm_audit_unsupported_body(int);
|
||||||
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
||||||
@ -304,8 +305,8 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
|
|||||||
|
|
||||||
struct Session;
|
struct Session;
|
||||||
diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
|
diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
|
||||||
--- openssh-5.9p1/session.c.audit5 2011-09-10 19:40:21.385531298 +0200
|
--- openssh-5.9p1/session.c.audit5 2011-09-13 22:07:32.973544819 +0200
|
||||||
+++ openssh-5.9p1/session.c 2011-09-10 19:40:22.903583654 +0200
|
+++ openssh-5.9p1/session.c 2011-09-13 22:07:34.849585578 +0200
|
||||||
@@ -136,7 +136,7 @@ extern int log_stderr;
|
@@ -136,7 +136,7 @@ extern int log_stderr;
|
||||||
extern int debug_flag;
|
extern int debug_flag;
|
||||||
extern u_int utmp_len;
|
extern u_int utmp_len;
|
||||||
@ -325,8 +326,8 @@ diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
|
|||||||
monitor over a single socket, with no synchronization. */
|
monitor over a single socket, with no synchronization. */
|
||||||
packet_destroy_all(0, 1);
|
packet_destroy_all(0, 1);
|
||||||
diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
||||||
--- openssh-5.9p1/sshd.c.audit5 2011-09-10 19:40:21.520510716 +0200
|
--- openssh-5.9p1/sshd.c.audit5 2011-09-13 22:07:33.106516378 +0200
|
||||||
+++ openssh-5.9p1/sshd.c 2011-09-10 19:42:06.573520393 +0200
|
+++ openssh-5.9p1/sshd.c 2011-09-13 22:07:34.989470331 +0200
|
||||||
@@ -254,7 +254,7 @@ Buffer loginmsg;
|
@@ -254,7 +254,7 @@ Buffer loginmsg;
|
||||||
struct passwd *privsep_pw = NULL;
|
struct passwd *privsep_pw = NULL;
|
||||||
|
|
||||||
@ -440,7 +441,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
|
|||||||
}
|
}
|
||||||
/* Certs do not need demotion */
|
/* Certs do not need demotion */
|
||||||
}
|
}
|
||||||
@@ -1143,6 +1193,7 @@ server_accept_loop(int *sock_in, int *so
|
@@ -1145,6 +1195,7 @@ server_accept_loop(int *sock_in, int *so
|
||||||
if (received_sigterm) {
|
if (received_sigterm) {
|
||||||
logit("Received signal %d; terminating.",
|
logit("Received signal %d; terminating.",
|
||||||
(int) received_sigterm);
|
(int) received_sigterm);
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
|
diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
|
||||||
--- openssh-5.9p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
|
--- openssh-5.9p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
|
||||||
+++ openssh-5.9p1/auth-pam.c 2011-09-13 08:41:24.635521346 +0200
|
+++ openssh-5.9p1/auth-pam.c 2011-09-14 08:09:47.074520582 +0200
|
||||||
@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
|
@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
|
||||||
if (sshpam_thread_status != -1)
|
if (sshpam_thread_status != -1)
|
||||||
return (sshpam_thread_status);
|
return (sshpam_thread_status);
|
||||||
@ -17,7 +17,7 @@ diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
|
|||||||
#endif
|
#endif
|
||||||
diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
|
diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
|
||||||
--- openssh-5.9p1/channels.c.coverity 2011-06-23 00:31:57.000000000 +0200
|
--- openssh-5.9p1/channels.c.coverity 2011-06-23 00:31:57.000000000 +0200
|
||||||
+++ openssh-5.9p1/channels.c 2011-09-13 08:26:11.771584519 +0200
|
+++ openssh-5.9p1/channels.c 2011-09-14 08:09:47.556582810 +0200
|
||||||
@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
|
@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
|
||||||
channel_max_fd = MAX(channel_max_fd, wfd);
|
channel_max_fd = MAX(channel_max_fd, wfd);
|
||||||
channel_max_fd = MAX(channel_max_fd, efd);
|
channel_max_fd = MAX(channel_max_fd, efd);
|
||||||
@ -50,8 +50,8 @@ diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
|
|||||||
}
|
}
|
||||||
diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
|
diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
|
||||||
--- openssh-5.9p1/clientloop.c.coverity 2011-06-23 00:31:58.000000000 +0200
|
--- openssh-5.9p1/clientloop.c.coverity 2011-06-23 00:31:58.000000000 +0200
|
||||||
+++ openssh-5.9p1/clientloop.c 2011-09-13 08:26:11.889458598 +0200
|
+++ openssh-5.9p1/clientloop.c 2011-09-14 08:17:41.556521887 +0200
|
||||||
@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
|
@@ -1970,14 +1970,15 @@ client_input_global_request(int type, u_
|
||||||
char *rtype;
|
char *rtype;
|
||||||
int want_reply;
|
int want_reply;
|
||||||
int success = 0;
|
int success = 0;
|
||||||
@ -59,9 +59,19 @@ diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
|
|||||||
|
|
||||||
rtype = packet_get_string(NULL);
|
rtype = packet_get_string(NULL);
|
||||||
want_reply = packet_get_char();
|
want_reply = packet_get_char();
|
||||||
|
debug("client_input_global_request: rtype %s want_reply %d",
|
||||||
|
rtype, want_reply);
|
||||||
|
if (want_reply) {
|
||||||
|
- packet_start(success ?
|
||||||
|
- SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
|
||||||
|
+ packet_start(/*success ?
|
||||||
|
+ SSH2_MSG_REQUEST_SUCCESS :*/ SSH2_MSG_REQUEST_FAILURE);
|
||||||
|
packet_send();
|
||||||
|
packet_write_wait();
|
||||||
|
}
|
||||||
diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
|
diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
|
||||||
--- openssh-5.9p1/key.c.coverity 2011-05-20 11:03:08.000000000 +0200
|
--- openssh-5.9p1/key.c.coverity 2011-05-20 11:03:08.000000000 +0200
|
||||||
+++ openssh-5.9p1/key.c 2011-09-13 08:26:12.000459857 +0200
|
+++ openssh-5.9p1/key.c 2011-09-14 08:09:47.803458435 +0200
|
||||||
@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
|
@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
|
||||||
success = 1;
|
success = 1;
|
||||||
/*XXXX*/
|
/*XXXX*/
|
||||||
@ -73,9 +83,19 @@ diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
|
|||||||
/* advance cp: skip whitespace and data */
|
/* advance cp: skip whitespace and data */
|
||||||
while (*cp == ' ' || *cp == '\t')
|
while (*cp == ' ' || *cp == '\t')
|
||||||
cp++;
|
cp++;
|
||||||
|
diff -up openssh-5.9p1/misc.c.coverity openssh-5.9p1/misc.c
|
||||||
diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
|
diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
|
||||||
--- openssh-5.9p1/monitor.c.coverity 2011-08-05 22:15:18.000000000 +0200
|
--- openssh-5.9p1/monitor.c.coverity 2011-08-05 22:15:18.000000000 +0200
|
||||||
+++ openssh-5.9p1/monitor.c 2011-09-13 08:26:12.132583409 +0200
|
+++ openssh-5.9p1/monitor.c 2011-09-14 08:09:47.914584009 +0200
|
||||||
|
@@ -420,7 +420,7 @@ monitor_child_preauth(Authctxt *_authctx
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Drain any buffered messages from the child */
|
||||||
|
- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
|
||||||
|
+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
|
||||||
|
;
|
||||||
|
|
||||||
|
if (!authctxt->valid)
|
||||||
@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
|
@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -97,9 +117,26 @@ diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
|
|||||||
buffer_clear(m);
|
buffer_clear(m);
|
||||||
buffer_put_int(m, allowed);
|
buffer_put_int(m, allowed);
|
||||||
buffer_put_int(m, forced_command != NULL);
|
buffer_put_int(m, forced_command != NULL);
|
||||||
|
diff -up openssh-5.9p1/monitor_wrap.c.coverity openssh-5.9p1/monitor_wrap.c
|
||||||
|
--- openssh-5.9p1/monitor_wrap.c.coverity 2011-09-14 08:11:36.480500123 +0200
|
||||||
|
+++ openssh-5.9p1/monitor_wrap.c 2011-09-14 08:14:11.279520598 +0200
|
||||||
|
@@ -707,10 +707,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
|
||||||
|
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
|
||||||
|
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
|
||||||
|
error("%s: cannot allocate fds for pty", __func__);
|
||||||
|
- if (tmp1 > 0)
|
||||||
|
+ if (tmp1 >= 0)
|
||||||
|
close(tmp1);
|
||||||
|
- if (tmp2 > 0)
|
||||||
|
- close(tmp2);
|
||||||
|
+ /*DEAD CODE if (tmp2 >= 0)
|
||||||
|
+ close(tmp2);*/
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
close(tmp1);
|
||||||
diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
|
diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
|
||||||
--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity 2010-12-03 00:50:26.000000000 +0100
|
--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity 2010-12-03 00:50:26.000000000 +0100
|
||||||
+++ openssh-5.9p1/openbsd-compat/bindresvport.c 2011-09-13 08:26:12.298464549 +0200
|
+++ openssh-5.9p1/openbsd-compat/bindresvport.c 2011-09-14 08:09:48.084459344 +0200
|
||||||
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
|
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
|
||||||
struct sockaddr_in6 *in6;
|
struct sockaddr_in6 *in6;
|
||||||
u_int16_t *portp;
|
u_int16_t *portp;
|
||||||
@ -111,7 +148,7 @@ diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/open
|
|||||||
if (sa == NULL) {
|
if (sa == NULL) {
|
||||||
diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
|
diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
|
||||||
--- openssh-5.9p1/packet.c.coverity 2011-05-15 00:58:15.000000000 +0200
|
--- openssh-5.9p1/packet.c.coverity 2011-05-15 00:58:15.000000000 +0200
|
||||||
+++ openssh-5.9p1/packet.c 2011-09-13 08:26:12.405461249 +0200
|
+++ openssh-5.9p1/packet.c 2011-09-14 08:09:48.184587842 +0200
|
||||||
@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
|
@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
|
||||||
case DEATTACK_DETECTED:
|
case DEATTACK_DETECTED:
|
||||||
packet_disconnect("crc32 compensation attack: "
|
packet_disconnect("crc32 compensation attack: "
|
||||||
@ -131,7 +168,7 @@ diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
|
|||||||
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
|
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
|
||||||
diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
|
diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
|
||||||
--- openssh-5.9p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
|
--- openssh-5.9p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
|
||||||
+++ openssh-5.9p1/progressmeter.c 2011-09-13 08:26:12.511520013 +0200
|
+++ openssh-5.9p1/progressmeter.c 2011-09-14 08:09:48.300586004 +0200
|
||||||
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
|
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
|
||||||
|
|
||||||
static time_t start; /* start progress */
|
static time_t start; /* start progress */
|
||||||
@ -152,7 +189,7 @@ diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
|
|||||||
file = f;
|
file = f;
|
||||||
diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
|
diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
|
||||||
--- openssh-5.9p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
|
--- openssh-5.9p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
|
||||||
+++ openssh-5.9p1/progressmeter.h 2011-09-13 08:26:12.630521541 +0200
|
+++ openssh-5.9p1/progressmeter.h 2011-09-14 08:09:48.420645724 +0200
|
||||||
@@ -23,5 +23,5 @@
|
@@ -23,5 +23,5 @@
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
@ -162,7 +199,7 @@ diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
|
|||||||
void stop_progress_meter(void);
|
void stop_progress_meter(void);
|
||||||
diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
|
diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
|
||||||
--- openssh-5.9p1/scp.c.coverity 2011-01-06 12:41:21.000000000 +0100
|
--- openssh-5.9p1/scp.c.coverity 2011-01-06 12:41:21.000000000 +0100
|
||||||
+++ openssh-5.9p1/scp.c 2011-09-13 08:26:12.748520967 +0200
|
+++ openssh-5.9p1/scp.c 2011-09-14 08:09:48.531505457 +0200
|
||||||
@@ -155,7 +155,7 @@ killchild(int signo)
|
@@ -155,7 +155,7 @@ killchild(int signo)
|
||||||
{
|
{
|
||||||
if (do_cmd_pid > 1) {
|
if (do_cmd_pid > 1) {
|
||||||
@ -174,7 +211,16 @@ diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
|
|||||||
if (signo)
|
if (signo)
|
||||||
diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
|
diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
|
||||||
--- openssh-5.9p1/servconf.c.coverity 2011-06-23 00:30:03.000000000 +0200
|
--- openssh-5.9p1/servconf.c.coverity 2011-06-23 00:30:03.000000000 +0200
|
||||||
+++ openssh-5.9p1/servconf.c 2011-09-13 08:26:12.854521290 +0200
|
+++ openssh-5.9p1/servconf.c 2011-09-14 08:30:17.557468182 +0200
|
||||||
|
@@ -609,7 +609,7 @@ match_cfg_line(char **condition, int lin
|
||||||
|
debug3("checking syntax for 'Match %s'", cp);
|
||||||
|
else
|
||||||
|
debug3("checking match for '%s' user %s host %s addr %s", cp,
|
||||||
|
- user ? user : "(null)", host ? host : "(null)",
|
||||||
|
+ user /* User is not NULL ? user : "(null)" */, host ? host : "(null)",
|
||||||
|
address ? address : "(null)");
|
||||||
|
|
||||||
|
while ((attrib = strdelim(&cp)) && *attrib != '\0') {
|
||||||
@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
|
@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
|
||||||
fatal("%s line %d: Missing subsystem name.",
|
fatal("%s line %d: Missing subsystem name.",
|
||||||
filename, linenum);
|
filename, linenum);
|
||||||
@ -184,9 +230,21 @@ diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
for (i = 0; i < options->num_subsystems; i++)
|
for (i = 0; i < options->num_subsystems; i++)
|
||||||
|
@@ -1262,8 +1262,9 @@ process_server_config_line(ServerOptions
|
||||||
|
if (*activep && *charptr == NULL) {
|
||||||
|
*charptr = tilde_expand_filename(arg, getuid());
|
||||||
|
/* increase optional counter */
|
||||||
|
- if (intptr != NULL)
|
||||||
|
- *intptr = *intptr + 1;
|
||||||
|
+ /* DEAD CODE intptr is still NULL ;)
|
||||||
|
+ if (intptr != NULL)
|
||||||
|
+ *intptr = *intptr + 1; */
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
|
diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
|
||||||
--- openssh-5.9p1/serverloop.c.coverity 2011-05-20 11:02:50.000000000 +0200
|
--- openssh-5.9p1/serverloop.c.coverity 2011-05-20 11:02:50.000000000 +0200
|
||||||
+++ openssh-5.9p1/serverloop.c 2011-09-13 08:26:12.968645756 +0200
|
+++ openssh-5.9p1/serverloop.c 2011-09-14 08:09:48.793586380 +0200
|
||||||
@@ -147,13 +147,13 @@ notify_setup(void)
|
@@ -147,13 +147,13 @@ notify_setup(void)
|
||||||
static void
|
static void
|
||||||
notify_parent(void)
|
notify_parent(void)
|
||||||
@ -298,7 +356,7 @@ diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
|
|||||||
tun = forced_tun_device;
|
tun = forced_tun_device;
|
||||||
diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
|
diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
|
||||||
--- openssh-5.9p1/sftp-client.c.coverity 2010-12-04 23:02:48.000000000 +0100
|
--- openssh-5.9p1/sftp-client.c.coverity 2010-12-04 23:02:48.000000000 +0100
|
||||||
+++ openssh-5.9p1/sftp-client.c 2011-09-13 08:26:13.083520760 +0200
|
+++ openssh-5.9p1/sftp-client.c 2011-09-14 08:09:48.910470343 +0200
|
||||||
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
|
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -523,7 +581,7 @@ diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
|
|||||||
size_t len = strlen(p1) + strlen(p2) + 2;
|
size_t len = strlen(p1) + strlen(p2) + 2;
|
||||||
diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
|
diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
|
||||||
--- openssh-5.9p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
|
--- openssh-5.9p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
|
||||||
+++ openssh-5.9p1/sftp-client.h 2011-09-13 08:26:13.181525164 +0200
|
+++ openssh-5.9p1/sftp-client.h 2011-09-14 08:09:49.021583940 +0200
|
||||||
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
|
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
|
||||||
u_int sftp_proto_version(struct sftp_conn *);
|
u_int sftp_proto_version(struct sftp_conn *);
|
||||||
|
|
||||||
@ -623,7 +681,7 @@ diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
|
|||||||
#endif
|
#endif
|
||||||
diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
|
diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
|
||||||
--- openssh-5.9p1/sftp.c.coverity 2010-12-04 23:02:48.000000000 +0100
|
--- openssh-5.9p1/sftp.c.coverity 2010-12-04 23:02:48.000000000 +0100
|
||||||
+++ openssh-5.9p1/sftp.c 2011-09-13 08:26:13.311521187 +0200
|
+++ openssh-5.9p1/sftp.c 2011-09-14 08:09:49.468493585 +0200
|
||||||
@@ -206,7 +206,7 @@ killchild(int signo)
|
@@ -206,7 +206,7 @@ killchild(int signo)
|
||||||
{
|
{
|
||||||
if (sshpid > 1) {
|
if (sshpid > 1) {
|
||||||
@ -738,7 +796,7 @@ diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
|
|||||||
char s_used[FMT_SCALED_STRSIZE];
|
char s_used[FMT_SCALED_STRSIZE];
|
||||||
diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
|
diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
|
||||||
--- openssh-5.9p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200
|
--- openssh-5.9p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200
|
||||||
+++ openssh-5.9p1/ssh-agent.c 2011-09-13 08:26:13.416521025 +0200
|
+++ openssh-5.9p1/ssh-agent.c 2011-09-14 08:09:49.572460295 +0200
|
||||||
@@ -1147,8 +1147,8 @@ main(int ac, char **av)
|
@@ -1147,8 +1147,8 @@ main(int ac, char **av)
|
||||||
sanitise_stdfd();
|
sanitise_stdfd();
|
||||||
|
|
||||||
@ -752,8 +810,20 @@ diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
|
|||||||
/* Disable ptrace on Linux without sgid bit */
|
/* Disable ptrace on Linux without sgid bit */
|
||||||
diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
|
diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
|
||||||
--- openssh-5.9p1/sshd.c.coverity 2011-06-23 11:45:51.000000000 +0200
|
--- openssh-5.9p1/sshd.c.coverity 2011-06-23 11:45:51.000000000 +0200
|
||||||
+++ openssh-5.9p1/sshd.c 2011-09-13 08:26:13.565519531 +0200
|
+++ openssh-5.9p1/sshd.c 2011-09-14 08:09:49.687509968 +0200
|
||||||
@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
|
@@ -676,8 +676,10 @@ privsep_preauth(Authctxt *authctxt)
|
||||||
|
if (getuid() == 0 || geteuid() == 0)
|
||||||
|
privsep_preauth_child();
|
||||||
|
setproctitle("%s", "[net]");
|
||||||
|
- if (box != NULL)
|
||||||
|
+ if (box != NULL) {
|
||||||
|
ssh_sandbox_child(box);
|
||||||
|
+ xfree(box);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -1302,6 +1304,9 @@ server_accept_loop(int *sock_in, int *so
|
||||||
if (num_listen_socks < 0)
|
if (num_listen_socks < 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -763,7 +833,7 @@ diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1774,7 +1777,7 @@ main(int ac, char **av)
|
@@ -1774,7 +1779,7 @@ main(int ac, char **av)
|
||||||
|
|
||||||
/* Chdir to the root directory so that the current disk can be
|
/* Chdir to the root directory so that the current disk can be
|
||||||
unmounted if desired. */
|
unmounted if desired. */
|
||||||
|
@ -26,7 +26,7 @@ diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac
|
|||||||
AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
|
AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
|
||||||
SANDBOX_STYLE="darwin"
|
SANDBOX_STYLE="darwin"
|
||||||
AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
|
AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
|
||||||
+elif test "x$sandbox_arg" = "xselinux" \\
|
+elif test "x$sandbox_arg" = "xselinux" || \
|
||||||
+ test "x$WITH_SELINUX" = "x1"; then
|
+ test "x$WITH_SELINUX" = "x1"; then
|
||||||
+ SANDBOX_STYLE="selinux"
|
+ SANDBOX_STYLE="selinux"
|
||||||
+ AC_DEFINE([SANDBOX_SELINUX], [1], [Sandbox using selinux(8)])
|
+ AC_DEFINE([SANDBOX_SELINUX], [1], [Sandbox using selinux(8)])
|
||||||
@ -105,7 +105,7 @@ diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openb
|
|||||||
diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c
|
diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c
|
||||||
--- openssh-5.9p1/sandbox-selinux.c.sesandbox 2011-09-13 16:01:08.715520826 +0200
|
--- openssh-5.9p1/sandbox-selinux.c.sesandbox 2011-09-13 16:01:08.715520826 +0200
|
||||||
+++ openssh-5.9p1/sandbox-selinux.c 2011-09-13 16:20:02.463511312 +0200
|
+++ openssh-5.9p1/sandbox-selinux.c 2011-09-13 16:20:02.463511312 +0200
|
||||||
@@ -0,0 +1,120 @@
|
@@ -0,0 +1,121 @@
|
||||||
+/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */
|
+/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */
|
||||||
+
|
+
|
||||||
+/*
|
+/*
|
||||||
@ -148,11 +148,12 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux
|
|||||||
+#include <stdlib.h>
|
+#include <stdlib.h>
|
||||||
+#include <string.h>
|
+#include <string.h>
|
||||||
+#include <unistd.h>
|
+#include <unistd.h>
|
||||||
|
+#include <sys/resource.h>
|
||||||
+
|
+
|
||||||
+#include "log.h"
|
+#include "log.h"
|
||||||
+#include "ssh-sandbox.h"
|
+#include "ssh-sandbox.h"
|
||||||
+#include "xmalloc.h"
|
+#include "xmalloc.h"
|
||||||
+#include "openbsd-comnpat/port-linux.h"
|
+#include "openbsd-compat/port-linux.h"
|
||||||
+
|
+
|
||||||
+/* selinux based sandbox */
|
+/* selinux based sandbox */
|
||||||
+
|
+
|
||||||
|
78
openssh-5.9p1-wIm.patch
Normal file
78
openssh-5.9p1-wIm.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
diff -up openssh-5.9p1/Makefile.in.wIm openssh-5.9p1/Makefile.in
|
||||||
|
--- openssh-5.9p1/Makefile.in.wIm 2011-08-05 22:15:18.000000000 +0200
|
||||||
|
+++ openssh-5.9p1/Makefile.in 2011-09-12 16:24:18.643674014 +0200
|
||||||
|
@@ -66,7 +66,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||||
|
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
|
||||||
|
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
||||||
|
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
|
||||||
|
- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
|
||||||
|
+ readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \
|
||||||
|
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||||
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
||||||
|
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
||||||
|
diff -up openssh-5.9p1/log.h.wIm openssh-5.9p1/log.h
|
||||||
|
--- openssh-5.9p1/log.h.wIm 2011-06-20 06:42:23.000000000 +0200
|
||||||
|
+++ openssh-5.9p1/log.h 2011-09-12 16:34:52.984674326 +0200
|
||||||
|
@@ -65,6 +65,8 @@ void verbose(const char *, ...) __at
|
||||||
|
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||||
|
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||||
|
+void _debug_wIm_body(const char *, int, const char *, const char *, int);
|
||||||
|
+#define debug_wIm(a,b) _debug_wIm_body(a,b,__func__,__FILE__,__LINE__)
|
||||||
|
|
||||||
|
|
||||||
|
void set_log_handler(log_handler_fn *, void *);
|
||||||
|
diff -up openssh-5.9p1/sshd.c.wIm openssh-5.9p1/sshd.c
|
||||||
|
--- openssh-5.9p1/sshd.c.wIm 2011-06-23 11:45:51.000000000 +0200
|
||||||
|
+++ openssh-5.9p1/sshd.c 2011-09-12 16:38:35.787816490 +0200
|
||||||
|
@@ -140,6 +140,9 @@ int deny_severity;
|
||||||
|
|
||||||
|
extern char *__progname;
|
||||||
|
|
||||||
|
+/* trace of fork processes */
|
||||||
|
+extern int whereIam;
|
||||||
|
+
|
||||||
|
/* Server configuration options. */
|
||||||
|
ServerOptions options;
|
||||||
|
|
||||||
|
@@ -666,6 +669,7 @@ privsep_preauth(Authctxt *authctxt)
|
||||||
|
return 1;
|
||||||
|
} else {
|
||||||
|
/* child */
|
||||||
|
+ whereIam = 1;
|
||||||
|
close(pmonitor->m_sendfd);
|
||||||
|
close(pmonitor->m_log_recvfd);
|
||||||
|
|
||||||
|
@@ -715,6 +719,7 @@ privsep_postauth(Authctxt *authctxt)
|
||||||
|
|
||||||
|
/* child */
|
||||||
|
|
||||||
|
+ whereIam = 2;
|
||||||
|
close(pmonitor->m_sendfd);
|
||||||
|
pmonitor->m_sendfd = -1;
|
||||||
|
|
||||||
|
@@ -1325,6 +1330,8 @@ main(int ac, char **av)
|
||||||
|
Key *key;
|
||||||
|
Authctxt *authctxt;
|
||||||
|
|
||||||
|
+ whereIam = 0;
|
||||||
|
+
|
||||||
|
#ifdef HAVE_SECUREWARE
|
||||||
|
(void)set_auth_parameters(ac, av);
|
||||||
|
#endif
|
||||||
|
diff -up openssh-5.9p1/whereIam.c.wIm openssh-5.9p1/whereIam.c
|
||||||
|
--- openssh-5.9p1/whereIam.c.wIm 2011-09-12 16:24:18.722674167 +0200
|
||||||
|
+++ openssh-5.9p1/whereIam.c 2011-09-12 16:24:18.724674418 +0200
|
||||||
|
@@ -0,0 +1,12 @@
|
||||||
|
+
|
||||||
|
+int whereIam = -1;
|
||||||
|
+
|
||||||
|
+void _debug_wIm_body(const char *txt, int val, const char *func, const char *file, int line)
|
||||||
|
+{
|
||||||
|
+ if (txt)
|
||||||
|
+ debug("%s=%d, %s(%s:%d) wIm = %d, uid=%d, euid=%d", txt, val, func, file, line, whereIam, getuid(), geteuid());
|
||||||
|
+ else
|
||||||
|
+ debug("%s(%s:%d) wIm = %d, uid=%d, euid=%d", func, file, line, whereIam, getuid(), geteuid());
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
27
openssh.spec
27
openssh.spec
@ -34,10 +34,6 @@
|
|||||||
# Do we want LDAP support
|
# Do we want LDAP support
|
||||||
%define ldap 1
|
%define ldap 1
|
||||||
|
|
||||||
# Do we want NSS tokens support
|
|
||||||
# NSS support is broken from 5.4p1
|
|
||||||
%define nss 0
|
|
||||||
|
|
||||||
# Whether or not /sbin/nologin exists.
|
# Whether or not /sbin/nologin exists.
|
||||||
%define nologin 1
|
%define nologin 1
|
||||||
|
|
||||||
@ -79,7 +75,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%define openssh_ver 5.9p1
|
%define openssh_ver 5.9p1
|
||||||
%define openssh_rel 8
|
%define openssh_rel 9
|
||||||
%define pam_ssh_agent_ver 0.9.2
|
%define pam_ssh_agent_ver 0.9.2
|
||||||
%define pam_ssh_agent_rel 32
|
%define pam_ssh_agent_rel 32
|
||||||
|
|
||||||
@ -109,7 +105,7 @@ Source11: sshd.service
|
|||||||
Source13: sshd-keygen
|
Source13: sshd-keygen
|
||||||
|
|
||||||
# Internal debug
|
# Internal debug
|
||||||
Patch0: openssh-5.8p1-wIm.patch
|
Patch0: openssh-5.9p1-wIm.patch
|
||||||
|
|
||||||
#?
|
#?
|
||||||
Patch100: openssh-5.9p1-coverity.patch
|
Patch100: openssh-5.9p1-coverity.patch
|
||||||
@ -251,10 +247,6 @@ BuildRequires: krb5-devel
|
|||||||
BuildRequires: libedit-devel ncurses-devel
|
BuildRequires: libedit-devel ncurses-devel
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{nss}
|
|
||||||
BuildRequires: nss-devel
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{WITH_SELINUX}
|
%if %{WITH_SELINUX}
|
||||||
Requires: libselinux >= 1.27.7
|
Requires: libselinux >= 1.27.7
|
||||||
BuildRequires: libselinux-devel >= 1.27.7
|
BuildRequires: libselinux-devel >= 1.27.7
|
||||||
@ -505,9 +497,6 @@ fi
|
|||||||
--with-ssl-engine \
|
--with-ssl-engine \
|
||||||
--with-authorized-keys-command \
|
--with-authorized-keys-command \
|
||||||
--with-ipaddr-display \
|
--with-ipaddr-display \
|
||||||
%if %{nss}
|
|
||||||
--with-nss \
|
|
||||||
%endif
|
|
||||||
%if %{scard}
|
%if %{scard}
|
||||||
--with-smartcard \
|
--with-smartcard \
|
||||||
%endif
|
%endif
|
||||||
@ -520,7 +509,7 @@ fi
|
|||||||
--with-pam \
|
--with-pam \
|
||||||
%endif
|
%endif
|
||||||
%if %{WITH_SELINUX}
|
%if %{WITH_SELINUX}
|
||||||
--with-selinux --with-audit=linux --with-sandbox-style=selinux \
|
--with-selinux --with-audit=linux --with-sandbox=selinux \
|
||||||
%endif
|
%endif
|
||||||
%if %{kerberos5}
|
%if %{kerberos5}
|
||||||
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
|
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
|
||||||
@ -622,11 +611,6 @@ rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
|
|||||||
|
|
||||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
||||||
|
|
||||||
rm -f README.nss.nss-keys
|
|
||||||
%if ! %{nss}
|
|
||||||
rm -f README.nss
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{pam_ssh_agent}
|
%if %{pam_ssh_agent}
|
||||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
@ -789,6 +773,11 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-9 + 0.9.2-32
|
||||||
|
- coverity upgrade
|
||||||
|
- wipe off nonfunctional nss
|
||||||
|
- selinux sandbox tweaking
|
||||||
|
|
||||||
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
|
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
|
||||||
- coverity upgrade
|
- coverity upgrade
|
||||||
- experimental selinux sandbox
|
- experimental selinux sandbox
|
||||||
|
Loading…
Reference in New Issue
Block a user