diff --git a/openssh-5.8p1-audit0.patch b/openssh-5.8p1-audit0.patch new file mode 100644 index 0000000..e69de29 diff --git a/openssh-5.8p1-audit0a.patch b/openssh-5.8p1-audit0a.patch new file mode 100644 index 0000000..9a0f37c --- /dev/null +++ b/openssh-5.8p1-audit0a.patch @@ -0,0 +1,17 @@ +Don't audit SSH_INVALID_USER twice. + +PRIVSEP(getpwnamallow()) a few lines above already did this. + +diff -ur openssh/auth2.c openssh-5.8p1/auth2.c +--- openssh/auth2.c 2011-03-02 02:32:52.383773622 +0100 ++++ openssh-5.8p1/auth2.c 2011-03-02 03:32:34.585110911 +0100 +@@ -250,9 +250,6 @@ + } else { + logit("input_userauth_request: invalid user %s", user); + authctxt->pw = fakepw(); +-#ifdef SSH_AUDIT_EVENTS +- PRIVSEP(audit_event(SSH_INVALID_USER)); +-#endif + } + #ifdef USE_PAM + if (options.use_pam) diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch index e69de29..850f51b 100644 --- a/openssh-5.8p1-audit1a.patch +++ b/openssh-5.8p1-audit1a.patch @@ -0,0 +1,429 @@ +diff -up openssh-5.8p1/audit-bsm.c.audit1a openssh-5.8p1/audit-bsm.c +--- openssh-5.8p1/audit-bsm.c.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-03-02 09:37:14.000000000 +0100 +@@ -298,19 +298,26 @@ audit_connection_from(const char *host, + #endif + } + +-void ++int + audit_run_command(const char *command) + { + /* not implemented */ ++ return 0; + } + + void +-audit_end_command(const char *command) ++audit_end_command(int handle, const char *command) + { + /* not implemented */ + } + + void ++audit_count_session_open(void) ++{ ++ /* not necessary */ ++} ++ ++void + audit_session_open(struct logininfo *li) + { + /* not implemented */ +diff -up openssh-5.8p1/audit.c.audit1a openssh-5.8p1/audit.c +--- openssh-5.8p1/audit.c.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-03-02 09:37:14.000000000 +0100 +@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event) + } + + /* ++ * Called when a child process has called, or will soon call, ++ * audit_session_open. ++ */ ++void ++audit_count_session_open(void) ++{ ++ debug("audit count session open euid %d user %s", geteuid(), ++ audit_username()); ++} ++ ++/* + * Called when a user session is started. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * +@@ -174,22 +185,25 @@ audit_session_close(struct logininfo *li + /* + * This will be called when a user runs a non-interactive command. Note that + * it may be called multiple times for a single connection since SSH2 allows +- * multiple sessions within a single connection. ++ * multiple sessions within a single connection. Returns a "handle" for ++ * audit_end_command. + */ +-void ++int + audit_run_command(const char *command) + { + debug("audit run command euid %d user %s command '%.200s'", geteuid(), + audit_username(), command); ++ return 0; + } + + /* + * This will be called when the non-interactive command finishes. Note that + * it may be called multiple times for a single connection since SSH2 allows +- * multiple sessions within a single connection. ++ * multiple sessions within a single connection. "handle" should come from ++ * the corresponding audit_run_command. + */ + void +-audit_end_command(const char *command) ++audit_end_command(int handle, const char *command) + { + debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(), + audit_username(), command); +diff -up openssh-5.8p1/audit.h.audit1a openssh-5.8p1/audit.h +--- openssh-5.8p1/audit.h.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-03-02 09:37:14.000000000 +0100 +@@ -49,10 +49,11 @@ typedef enum ssh_audit_event_type ssh_au + + void audit_connection_from(const char *, int); + void audit_event(ssh_audit_event_t); ++void audit_count_session_open(void); + void audit_session_open(struct logininfo *); + void audit_session_close(struct logininfo *); +-void audit_run_command(const char *); +-void audit_end_command(const char *); ++int audit_run_command(const char *); ++void audit_end_command(int, const char *); + ssh_audit_event_t audit_classify_auth(const char *); + + #endif /* _SSH_AUDIT_H */ +diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-03-02 09:37:14.000000000 +0100 +@@ -140,7 +140,7 @@ audit_connection_from(const char *host, + /* not implemented */ + } + +-void ++int + audit_run_command(const char *command) + { + if (!user_login_count++) +@@ -148,10 +148,11 @@ audit_run_command(const char *command) + NULL, "ssh", 1, AUDIT_USER_LOGIN); + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_START); ++ return 0; + } + + void +-audit_end_command(const char *command) ++audit_end_command(int handle, const char *command) + { + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_END); +@@ -161,6 +162,12 @@ audit_end_command(const char *command) + } + + void ++audit_count_session_open(void) ++{ ++ user_login_count++; ++} ++ ++void + audit_session_open(struct logininfo *li) + { + if (!user_login_count++) +diff -up openssh-5.8p1/monitor.c.audit1a openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-02 09:37:14.000000000 +0100 +@@ -1291,6 +1291,12 @@ mm_session_close(Session *s) + debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); + session_pty_cleanup2(s); + } ++#ifdef SSH_AUDIT_EVENTS ++ if (s->command != NULL) { ++ debug3("%s: command %d", __func__, s->command_handle); ++ session_end_command2(s); ++ } ++#endif + session_unused(s->self); + } + +@@ -1613,25 +1619,44 @@ mm_answer_audit_command(int socket, Buff + { + u_int len; + char *cmd; ++ Session *s; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); ++ + /* sanity check command, if so how? */ +- audit_run_command(cmd); +- xfree(cmd); ++ s = session_new(); ++ if (s == NULL) ++ fatal("%s: error allocating a session", __func__); ++ s->command = cmd; ++ s->command_handle = audit_run_command(cmd); ++ ++ buffer_clear(m); ++ buffer_put_int(m, s->self); ++ ++ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m); ++ + return (0); + } + + int + mm_answer_audit_end_command(int socket, Buffer *m) + { ++ int handle; + u_int len; + char *cmd; ++ Session *s; + + debug3("%s entering", __func__); ++ handle = buffer_get_int(m); + cmd = buffer_get_string(m, &len); +- /* sanity check command, if so how? */ +- audit_end_command(cmd); ++ ++ s = session_by_id(handle); ++ if (s == NULL || s->ttyfd != -1 || s->command == NULL || ++ strcmp(s->command, cmd) != 0) ++ fatal("%s: invalid handle", __func__); ++ mm_session_close(s); ++ + xfree(cmd); + return (0); + } +diff -up openssh-5.8p1/monitor.h.audit1a openssh-5.8p1/monitor.h +--- openssh-5.8p1/monitor.h.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-03-02 09:37:15.000000000 +0100 +@@ -60,7 +60,7 @@ enum monitor_reqtype { + MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, + MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND, +- MONITOR_REQ_AUDIT_END_COMMAND, ++ MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND, + MONITOR_REQ_TERM, + MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1, + MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, +diff -up openssh-5.8p1/monitor_wrap.c.audit1a openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-03-02 09:37:15.000000000 +0100 +@@ -1150,10 +1150,11 @@ mm_audit_event(ssh_audit_event_t event) + buffer_free(&m); + } + +-void ++int + mm_audit_run_command(const char *command) + { + Buffer m; ++ int handle; + + debug3("%s entering command %s", __func__, command); + +@@ -1161,17 +1162,23 @@ mm_audit_run_command(const char *command + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m); ++ ++ handle = buffer_get_int(&m); + buffer_free(&m); ++ ++ return (handle); + } + + void +-mm_audit_end_command(const char *command) ++mm_audit_end_command(int handle, const char *command) + { + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); ++ buffer_put_int(&m, handle); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m); +diff -up openssh-5.8p1/monitor_wrap.h.audit1a openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit1a 2011-03-02 09:41:17.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-03-02 09:44:35.000000000 +0100 +@@ -73,8 +73,8 @@ void mm_sshpam_free_ctx(void *); + #ifdef SSH_AUDIT_EVENTS + #include "audit.h" + void mm_audit_event(ssh_audit_event_t); +-void mm_audit_run_command(const char *); +-void mm_audit_end_command(const char *); ++int mm_audit_run_command(const char *); ++void mm_audit_end_command(int, const char *); + #endif + + struct Session; +diff -up openssh-5.8p1/session.c.audit1a openssh-5.8p1/session.c +--- openssh-5.8p1/session.c.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-03-02 09:37:15.000000000 +0100 +@@ -738,6 +738,14 @@ do_exec_pty(Session *s, const char *comm + /* Parent. Close the slave side of the pseudo tty. */ + close(ttyfd); + ++#ifndef HAVE_OSF_SIA ++ /* do_login in the child did not affect state in this process, ++ compensate. From an architectural standpoint, this is extremely ++ ugly. */ ++ if (!(options.use_login && command == NULL)) ++ audit_count_session_open(); ++#endif ++ + /* Enter interactive session. */ + s->ptymaster = ptymaster; + packet_set_interactive(1, +@@ -809,17 +817,19 @@ do_exec(Session *s, const char *command) + } + + #ifdef SSH_AUDIT_EVENTS +- if (command != NULL) { +- PRIVSEP(audit_run_command(command)); ++ if (s->command != NULL || s->command_handle != -1) ++ fatal("do_exec: command already set"); ++ if (command != NULL) + s->command = xstrdup(command); +- } else if (s->ttyfd == -1) { ++ else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; +- PRIVSEP(audit_run_command(shell)); + s->command = xstrdup(shell); + } ++ if (s->command != NULL) ++ s->command_handle = PRIVSEP(audit_run_command(s->command)); + #endif + if (s->ttyfd != -1) + ret = do_exec_pty(s, command); +@@ -1843,6 +1853,7 @@ session_unused(int id) + sessions[id].ttyfd = -1; + sessions[id].ptymaster = -1; + sessions[id].x11_chanids = NULL; ++ sessions[id].command_handle = -1; + sessions[id].next_unused = sessions_first_unused; + sessions_first_unused = id; + } +@@ -1925,6 +1936,19 @@ session_open(Authctxt *authctxt, int cha + } + + Session * ++session_by_id(int id) ++{ ++ if (id >= 0 && id < sessions_nalloc) { ++ Session *s = &sessions[id]; ++ if (s->used) ++ return s; ++ } ++ debug("session_by_id: unknown id %d", id); ++ session_dump(); ++ return NULL; ++} ++ ++Session * + session_by_tty(char *tty) + { + int i; +@@ -2450,6 +2474,30 @@ session_exit_message(Session *s, int sta + chan_write_failed(c); + } + ++#ifdef SSH_AUDIT_EVENTS ++void ++session_end_command2(Session *s) ++{ ++ if (s->command != NULL) { ++ audit_end_command(s->command_handle, s->command); ++ xfree(s->command); ++ s->command = NULL; ++ s->command_handle = -1; ++ } ++} ++ ++static void ++session_end_command(Session *s) ++{ ++ if (s->command != NULL) { ++ PRIVSEP(audit_end_command(s->command_handle, s->command)); ++ xfree(s->command); ++ s->command = NULL; ++ s->command_handle = -1; ++ } ++} ++#endif ++ + void + session_close(Session *s) + { +@@ -2459,10 +2507,8 @@ session_close(Session *s) + if (s->ttyfd != -1) + session_pty_cleanup(s); + #ifdef SSH_AUDIT_EVENTS +- if (s->command) { +- PRIVSEP(audit_end_command(s->command)); +- xfree(s->command); +- } ++ if (s->command) ++ session_end_command(s); + #endif + if (s->term) + xfree(s->term); +@@ -2683,6 +2729,15 @@ do_authenticated2(Authctxt *authctxt) + server_loop2(authctxt); + } + ++static void ++do_cleanup_one_session(Session *s) ++{ ++ session_pty_cleanup2(s); ++#ifdef SSH_AUDIT_EVENTS ++ session_end_command2(s); ++#endif ++} ++ + void + do_cleanup(Authctxt *authctxt) + { +@@ -2731,5 +2786,5 @@ do_cleanup(Authctxt *authctxt) + * or if running in monitor. + */ + if (!use_privsep || mm_is_monitor()) +- session_destroy_all(session_pty_cleanup2); ++ session_destroy_all(do_cleanup_one_session); + } +diff -up openssh-5.8p1/session.h.audit1a openssh-5.8p1/session.h +--- openssh-5.8p1/session.h.audit1a 2011-03-02 09:37:14.000000000 +0100 ++++ openssh-5.8p1/session.h 2011-03-02 09:37:15.000000000 +0100 +@@ -63,6 +63,7 @@ struct Session { + + /* exec */ + #ifdef SSH_AUDIT_EVENTS ++ int command_handle; + char *command; + #endif + }; +@@ -77,8 +78,10 @@ void session_close_by_pid(pid_t, int); + void session_close_by_channel(int, void *); + void session_destroy_all(void (*)(Session *)); + void session_pty_cleanup2(Session *); ++void session_end_command2(Session *); + + Session *session_new(void); ++Session *session_by_id(int); + Session *session_by_tty(char *); + void session_close(Session *); + void do_setusercontext(struct passwd *); diff --git a/openssh-5.8p1-audit2.patch b/openssh-5.8p1-audit2.patch index 437034f..8568daa 100644 --- a/openssh-5.8p1-audit2.patch +++ b/openssh-5.8p1-audit2.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-24 09:38:06.000000000 +0100 -@@ -322,6 +322,12 @@ audit_session_close(struct logininfo *li +--- openssh-5.8p1/audit-bsm.c.audit2 2011-03-02 08:23:54.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-03-02 08:23:54.000000000 +0100 +@@ -329,6 +329,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -15,8 +15,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c audit_event(ssh_audit_event_t event) { diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-24 09:46:00.000000000 +0100 +--- openssh-5.8p1/audit.c.audit2 2011-03-02 08:23:54.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-03-02 08:23:55.000000000 +0100 @@ -36,6 +36,7 @@ #include "key.h" #include "hostfile.h" @@ -48,7 +48,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -195,5 +212,17 @@ audit_end_command(const char *command) +@@ -209,5 +226,17 @@ audit_end_command(int handle, const char audit_username(), command); } @@ -67,8 +67,8 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-24 09:38:06.000000000 +0100 +--- openssh-5.8p1/audit.h.audit2 2011-03-02 08:23:54.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-03-02 08:25:02.000000000 +0100 @@ -28,6 +28,7 @@ # define _SSH_AUDIT_H @@ -77,17 +77,17 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, -@@ -54,5 +55,7 @@ void audit_session_close(struct logininf - void audit_run_command(const char *); - void audit_end_command(const char *); +@@ -55,5 +56,7 @@ void audit_session_close(struct logininf + int audit_run_command(const char *); + void audit_end_command(int, const char *); ssh_audit_event_t audit_classify_auth(const char *); +int audit_keyusage(int, const char *, unsigned, char *, int); +void audit_key(int, int *, const Key *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-24 09:47:31.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit2 2011-03-02 08:23:54.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-03-02 08:23:55.000000000 +0100 @@ -41,6 +41,8 @@ #include "servconf.h" #include "canohost.h" @@ -136,8 +136,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c /* Below is the sshd audit API code */ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c ---- openssh-5.8p1/auth2-hostbased.c.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/auth2-hostbased.c 2011-02-24 09:38:06.000000000 +0100 +--- openssh-5.8p1/auth2-hostbased.c.audit2 2011-03-02 08:23:53.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-03-02 08:23:55.000000000 +0100 @@ -136,6 +136,18 @@ done: return authenticated; } @@ -158,8 +158,8 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-24 09:38:06.000000000 +0100 +--- openssh-5.8p1/auth2-pubkey.c.audit2 2011-03-02 08:23:53.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-03-02 08:23:55.000000000 +0100 @@ -177,6 +177,18 @@ done: return authenticated; } @@ -181,7 +181,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c { diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 -+++ openssh-5.8p1/auth.h 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-03-02 08:23:55.000000000 +0100 @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); @@ -199,8 +199,8 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c ---- openssh-5.8p1/auth-rsa.c.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-24 09:48:39.000000000 +0100 +--- openssh-5.8p1/auth-rsa.c.audit2 2011-03-02 08:23:53.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-03-02 08:23:55.000000000 +0100 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU { u_char buf[32], mdbuf[16]; @@ -238,8 +238,8 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c /* diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit2 2011-02-24 09:38:06.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-24 09:38:06.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit2 2011-03-02 08:23:54.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-02 08:23:55.000000000 +0100 @@ -1238,7 +1238,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); diff --git a/openssh-5.8p1-audit2a.patch b/openssh-5.8p1-audit2a.patch index e69de29..4a7ce0a 100644 --- a/openssh-5.8p1-audit2a.patch +++ b/openssh-5.8p1-audit2a.patch @@ -0,0 +1,153 @@ +diff -up openssh-5.8p1/auth2-hostbased.c.audit2a openssh-5.8p1/auth2-hostbased.c +--- openssh-5.8p1/auth2-hostbased.c.audit2a 2011-03-02 08:26:16.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-03-02 08:26:17.000000000 +0100 +@@ -119,7 +119,7 @@ userauth_hostbased(Authctxt *authctxt) + /* test for allowed key and correct signature */ + authenticated = 0; + if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && +- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), ++ PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) + authenticated = 1; + +@@ -137,7 +137,7 @@ done: + } + + int +-hostkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) ++hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) + { + int rv; + +diff -up openssh-5.8p1/auth2-pubkey.c.audit2a openssh-5.8p1/auth2-pubkey.c +--- openssh-5.8p1/auth2-pubkey.c.audit2a 2011-03-02 08:26:16.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-03-02 08:26:17.000000000 +0100 +@@ -140,7 +140,7 @@ userauth_pubkey(Authctxt *authctxt) + /* test for correct signature */ + authenticated = 0; + if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && +- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), ++ PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) + authenticated = 1; + buffer_free(&b); +@@ -178,7 +178,7 @@ done: + } + + int +-pubkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) ++user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) + { + int rv; + +diff -up openssh-5.8p1/auth.h.audit2a openssh-5.8p1/auth.h +--- openssh-5.8p1/auth.h.audit2a 2011-03-02 08:26:16.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-03-02 08:26:17.000000000 +0100 +@@ -170,7 +170,7 @@ void abandon_challenge_response(Authctxt + char *authorized_keys_file(struct passwd *); + char *authorized_keys_file2(struct passwd *); + char *authorized_principals_file(struct passwd *); +-int pubkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); ++int user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); + + FILE *auth_openkeyfile(const char *, struct passwd *, int); + FILE *auth_openprincipals(const char *, struct passwd *, int); +@@ -186,7 +186,7 @@ Key *get_hostkey_public_by_type(int); + Key *get_hostkey_private_by_type(int); + int get_hostkey_index(Key *); + int ssh1_session_key(BIGNUM *); +-int hostkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); ++int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); + + /* debug messages during authentication */ + void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); +diff -up openssh-5.8p1/monitor.c.audit2a openssh-5.8p1/monitor.c +--- openssh-5.8p1/monitor.c.audit2a 2011-03-02 08:26:17.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-02 08:26:17.000000000 +0100 +@@ -1208,9 +1208,11 @@ mm_answer_keyverify(int sock, Buffer *m) + Key *key; + u_char *signature, *data, *blob; + u_int signaturelen, datalen, bloblen; ++ int type = 0; + int verified = 0; + int valid_data = 0; + ++ type = buffer_get_int(m); + blob = buffer_get_string(m, &bloblen); + signature = buffer_get_string(m, &signaturelen); + data = buffer_get_string(m, &datalen); +@@ -1218,6 +1220,8 @@ mm_answer_keyverify(int sock, Buffer *m) + if (hostbased_cuser == NULL || hostbased_chost == NULL || + !monitor_allowed_key(blob, bloblen)) + fatal("%s: bad key, not previously allowed", __func__); ++ if (type != key_blobtype) ++ fatal("%s: bad key type", __func__); + + key = key_from_blob(blob, bloblen); + if (key == NULL) +@@ -1240,10 +1244,10 @@ mm_answer_keyverify(int sock, Buffer *m) + + switch (key_blobtype) { + case MM_USERKEY: +- verified = pubkey_key_verify(key, signature, signaturelen, data, datalen); ++ verified = user_key_verify(key, signature, signaturelen, data, datalen); + break; + case MM_HOSTKEY: +- verified = hostkey_key_verify(key, signature, signaturelen, data, datalen); ++ verified = hostbased_key_verify(key, signature, signaturelen, data, datalen); + break; + default: + verified = 0; +diff -up openssh-5.8p1/monitor_wrap.c.audit2a openssh-5.8p1/monitor_wrap.c +--- openssh-5.8p1/monitor_wrap.c.audit2a 2011-03-02 08:26:16.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-03-02 08:26:17.000000000 +0100 +@@ -393,7 +393,7 @@ mm_key_allowed(enum mm_keytype type, cha + */ + + int +-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) + { + Buffer m; + u_char *blob; +@@ -407,6 +407,7 @@ mm_key_verify(Key *key, u_char *sig, u_i + return (0); + + buffer_init(&m); ++ buffer_put_int(&m, type); + buffer_put_string(&m, blob, len); + buffer_put_string(&m, sig, siglen); + buffer_put_string(&m, data, datalen); +@@ -424,6 +425,19 @@ mm_key_verify(Key *key, u_char *sig, u_i + return (verified); + } + ++int ++mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++{ ++ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen); ++} ++ ++int ++mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++{ ++ return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen); ++} ++ ++ + /* Export key state after authentication */ + Newkeys * + mm_newkeys_from_blob(u_char *blob, int blen) +diff -up openssh-5.8p1/monitor_wrap.h.audit2a openssh-5.8p1/monitor_wrap.h +--- openssh-5.8p1/monitor_wrap.h.audit2a 2011-03-02 08:26:16.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-03-02 08:26:17.000000000 +0100 +@@ -48,7 +48,8 @@ int mm_key_allowed(enum mm_keytype, char + int mm_user_key_allowed(struct passwd *, Key *); + int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); + int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); +-int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); ++int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int); ++int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int); + int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); + int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); + BIGNUM *mm_auth_rsa_generate_challenge(Key *); diff --git a/openssh-5.8p1-audit3.patch b/openssh-5.8p1-audit3.patch index 1e6b6d6..8cd142d 100644 --- a/openssh-5.8p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-24 09:54:32.000000000 +0100 -@@ -389,4 +389,16 @@ audit_event(ssh_audit_event_t event) +--- openssh-5.8p1/audit-bsm.c.audit3 2011-03-02 10:04:35.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-03-02 10:04:36.000000000 +0100 +@@ -396,4 +396,16 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } } @@ -19,8 +19,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-24 09:56:03.000000000 +0100 +--- openssh-5.8p1/audit.c.audit3 2011-03-02 10:04:35.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-03-02 10:04:36.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -57,7 +57,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -224,5 +239,26 @@ audit_keyusage(int host_user, const char +@@ -238,5 +253,26 @@ audit_keyusage(int host_user, const char host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, key_fingerprint_prefix(), fp, rv); } @@ -85,9 +85,9 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-24 09:54:32.000000000 +0100 -@@ -57,5 +57,9 @@ void audit_end_command(const char *); +--- openssh-5.8p1/audit.h.audit3 2011-03-02 10:04:36.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-03-02 10:04:36.000000000 +0100 +@@ -58,5 +58,9 @@ void audit_end_command(int, const char ssh_audit_event_t audit_classify_auth(const char *); int audit_keyusage(int, const char *, unsigned, char *, int); void audit_key(int, int *, const Key *); @@ -98,8 +98,8 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-24 09:54:32.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit3 2011-03-02 10:04:36.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-03-02 10:04:36.000000000 +0100 @@ -40,6 +40,8 @@ #include "auth.h" #include "servconf.h" @@ -109,7 +109,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c #define AUDIT_LOG_SIZE 128 -@@ -262,4 +264,56 @@ audit_event(ssh_audit_event_t event) +@@ -269,4 +271,56 @@ audit_event(ssh_audit_event_t event) } } @@ -167,8 +167,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-24 09:54:32.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit3 2011-03-02 10:04:36.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-03-02 10:04:36.000000000 +0100 @@ -0,0 +1,39 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -211,7 +211,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c + diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-03-02 10:04:36.000000000 +0100 @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); @@ -231,7 +231,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-03-02 10:04:36.000000000 +0100 @@ -61,7 +61,16 @@ typedef struct Cipher Cipher; typedef struct CipherContext CipherContext; @@ -252,7 +252,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h EVP_CIPHER_CTX evp; diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.c 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-03-02 10:04:36.000000000 +0100 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "monitor.h" @@ -317,7 +317,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-03-02 10:04:37.000000000 +0100 @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ @@ -328,8 +328,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-24 09:54:32.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit3 2011-03-02 10:04:36.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-02 10:04:37.000000000 +0100 @@ -89,6 +89,7 @@ #include "ssh2.h" #include "jpake.h" @@ -383,7 +383,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2223,3 +2234,44 @@ mm_answer_jpake_check_confirm(int sock, +@@ -2252,3 +2263,44 @@ mm_answer_jpake_check_confirm(int sock, } #endif /* JPAKE */ @@ -429,8 +429,8 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c + +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-24 09:54:32.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit3 2011-03-02 10:04:35.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-03-02 10:04:37.000000000 +0100 @@ -67,6 +67,8 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, @@ -441,9 +441,9 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-24 09:54:32.000000000 +0100 -@@ -1426,3 +1426,41 @@ mm_jpake_check_confirm(const BIGNUM *k, +--- openssh-5.8p1/monitor_wrap.c.audit3 2011-03-02 10:04:36.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-03-02 10:04:37.000000000 +0100 +@@ -1447,3 +1447,41 @@ mm_jpake_check_confirm(const BIGNUM *k, return success; } #endif /* JPAKE */ @@ -486,20 +486,20 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +} +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit3 2011-02-24 09:54:32.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-24 09:54:32.000000000 +0100 -@@ -75,6 +75,8 @@ void mm_sshpam_free_ctx(void *); +--- openssh-5.8p1/monitor_wrap.h.audit3 2011-03-02 10:04:36.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-03-02 10:05:36.000000000 +0100 +@@ -76,6 +76,8 @@ void mm_sshpam_free_ctx(void *); void mm_audit_event(ssh_audit_event_t); - void mm_audit_run_command(const char *); - void mm_audit_end_command(const char *); + int mm_audit_run_command(const char *); + void mm_audit_end_command(int, const char *); +void mm_audit_unsupported_body(int); +void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); #endif struct Session; diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-24 09:54:32.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit3 2011-03-02 10:04:35.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-03-02 10:04:37.000000000 +0100 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index 28fe5b8..abe30ae 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-28 23:07:12.000000000 +0100 -@@ -401,4 +401,10 @@ audit_kex_body(int ctos, char *enc, char +--- openssh-5.8p1/audit-bsm.c.audit4 2011-03-02 10:06:43.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-03-02 10:06:44.000000000 +0100 +@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ } @@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-28 23:07:12.000000000 +0100 +--- openssh-5.8p1/audit.c.audit4 2011-03-02 10:06:43.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-03-02 10:06:44.000000000 +0100 @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } @@ -28,7 +28,7 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -260,5 +266,15 @@ audit_kex_body(int ctos, char *enc, char +@@ -274,5 +280,15 @@ audit_kex_body(int ctos, char *enc, char (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, (unsigned)uid); } @@ -45,9 +45,9 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-28 23:07:12.000000000 +0100 -@@ -61,5 +61,7 @@ void audit_unsupported(int); +--- openssh-5.8p1/audit.h.audit4 2011-03-02 10:06:43.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-03-02 10:06:44.000000000 +0100 +@@ -62,5 +62,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); @@ -56,9 +56,9 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-28 23:07:12.000000000 +0100 -@@ -285,6 +285,8 @@ audit_unsupported_body(int what) +--- openssh-5.8p1/audit-linux.c.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-03-02 10:06:44.000000000 +0100 +@@ -292,6 +292,8 @@ audit_unsupported_body(int what) #endif } @@ -67,7 +67,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c void audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid) -@@ -292,7 +294,6 @@ audit_kex_body(int ctos, char *enc, char +@@ -299,7 +301,6 @@ audit_kex_body(int ctos, char *enc, char #ifdef AUDIT_CRYPTO_SESSION char buf[AUDIT_LOG_SIZE]; int audit_fd, audit_ok; @@ -75,7 +75,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c Cipher *cipher = cipher_by_name(enc); snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", -@@ -316,4 +317,30 @@ audit_kex_body(int ctos, char *enc, char +@@ -323,4 +324,30 @@ audit_kex_body(int ctos, char *enc, char #endif } @@ -107,8 +107,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-28 23:07:12.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-03-02 10:06:44.000000000 +0100 @@ -27,6 +27,8 @@ * Red Hat author: Jan F. Chadima */ @@ -132,8 +132,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +{ +} diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c ---- openssh-5.8p1/kex.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/kex.c 2011-02-28 23:07:12.000000000 +0100 +--- openssh-5.8p1/kex.c.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-03-02 10:06:44.000000000 +0100 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -171,7 +171,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c + diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.h 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-03-02 10:06:44.000000000 +0100 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -183,7 +183,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.8p1/mac.c 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-03-02 10:06:44.000000000 +0100 @@ -162,6 +162,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -207,15 +207,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c int diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.8p1/mac.h 2011-02-28 23:07:13.000000000 +0100 ++++ openssh-5.8p1/mac.h 2011-03-02 10:06:44.000000000 +0100 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-28 23:07:13.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-02 10:06:44.000000000 +0100 @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_end_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); @@ -256,7 +256,7 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -1783,11 +1788,13 @@ mm_get_keystate(struct monitor *pmonitor +@@ -1812,11 +1817,13 @@ mm_get_keystate(struct monitor *pmonitor blob = buffer_get_string(&m, &bloblen); current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); @@ -270,7 +270,7 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c xfree(blob); /* Now get sequence numbers for the packets */ -@@ -1833,6 +1840,16 @@ mm_get_keystate(struct monitor *pmonitor +@@ -1862,6 +1869,16 @@ mm_get_keystate(struct monitor *pmonitor } buffer_free(&m); @@ -287,7 +287,7 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c } -@@ -2274,4 +2291,22 @@ mm_answer_audit_kex_body(int sock, Buffe +@@ -2303,4 +2320,22 @@ mm_answer_audit_kex_body(int sock, Buffe return 0; } @@ -311,8 +311,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-28 23:07:13.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-03-02 10:06:45.000000000 +0100 @@ -69,6 +69,7 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -322,9 +322,9 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-28 23:07:13.000000000 +0100 -@@ -601,12 +601,14 @@ mm_send_keystate(struct monitor *monitor +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-03-02 10:06:45.000000000 +0100 +@@ -615,12 +615,14 @@ mm_send_keystate(struct monitor *monitor fatal("%s: conversion of newkeys failed", __func__); buffer_put_string(&m, blob, bloblen); @@ -339,7 +339,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c xfree(blob); packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); -@@ -1463,4 +1465,19 @@ mm_audit_kex_body(int ctos, char *cipher +@@ -1484,4 +1486,19 @@ mm_audit_kex_body(int ctos, char *cipher buffer_free(&m); } @@ -360,10 +360,10 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-28 23:07:13.000000000 +0100 -@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); - void mm_audit_end_command(const char *); +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-03-02 10:07:05.000000000 +0100 +@@ -78,6 +78,7 @@ int mm_audit_run_command(const char *); + void mm_audit_end_command(int, const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); +void mm_audit_session_key_free_body(int, pid_t, uid_t); @@ -372,7 +372,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 -+++ openssh-5.8p1/packet.c 2011-02-28 23:07:13.000000000 +0100 ++++ openssh-5.8p1/packet.c 2011-03-02 10:06:45.000000000 +0100 @@ -60,6 +60,7 @@ #include @@ -532,7 +532,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 -+++ openssh-5.8p1/packet.h 2011-02-28 23:07:13.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-03-02 10:06:45.000000000 +0100 @@ -125,4 +125,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); @@ -540,9 +540,9 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h +void packet_destroy_all(int, int); #endif /* PACKET_H */ diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.audit4 2011-02-28 23:07:11.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-28 23:07:13.000000000 +0100 -@@ -1617,6 +1617,9 @@ do_child(Session *s, const char *command +--- openssh-5.8p1/session.c.audit4 2011-03-02 10:06:43.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-03-02 10:06:45.000000000 +0100 +@@ -1627,6 +1627,9 @@ do_child(Session *s, const char *command /* remove hostkey from the child's memory */ destroy_sensitive_data(); @@ -553,8 +553,8 @@ diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4 2011-02-28 23:07:12.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-28 23:07:13.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit4 2011-03-02 10:06:44.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-03-02 10:06:45.000000000 +0100 @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) return (0); } diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index e18f275..6d0bee4 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -1,7 +1,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5 2011-02-28 23:17:12.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-28 23:17:13.000000000 +0100 -@@ -407,4 +407,22 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit-bsm.c.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-03-02 08:30:41.000000000 +0100 +@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi { /* not implemented */ } @@ -25,9 +25,9 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5 2011-02-28 23:17:12.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-28 23:17:13.000000000 +0100 -@@ -276,5 +276,24 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit.c.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-03-02 08:30:41.000000000 +0100 +@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi debug("audit session key discard euid %u direction %d from pid %ld uid %u", (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); } @@ -53,8 +53,8 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5 2011-02-28 23:17:12.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-28 23:17:13.000000000 +0100 +--- openssh-5.8p1/audit.h.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-03-02 08:31:15.000000000 +0100 @@ -48,6 +48,8 @@ enum ssh_audit_event_type { }; typedef enum ssh_audit_event_type ssh_audit_event_t; @@ -63,8 +63,8 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h + void audit_connection_from(const char *, int); void audit_event(ssh_audit_event_t); - void audit_session_open(struct logininfo *); -@@ -63,5 +65,7 @@ void audit_unsupported_body(int); + void audit_count_session_open(void); +@@ -64,5 +66,7 @@ void audit_unsupported_body(int); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void audit_session_key_free(int ctos); void audit_session_key_free_body(int ctos, pid_t, uid_t); @@ -73,9 +73,9 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5 2011-02-28 23:17:12.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-28 23:17:13.000000000 +0100 -@@ -343,4 +343,50 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit-linux.c.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-03-02 08:30:42.000000000 +0100 +@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi error("cannot write into audit"); } @@ -127,8 +127,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c +} #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c ---- openssh-5.8p1/key.c.audit5 2011-02-28 23:17:10.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-28 23:17:13.000000000 +0100 +--- openssh-5.8p1/key.c.audit5 2011-03-02 08:30:38.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-03-02 08:30:42.000000000 +0100 @@ -1797,6 +1797,30 @@ key_demote(const Key *k) } @@ -161,8 +161,8 @@ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c { if (k == NULL) diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h ---- openssh-5.8p1/key.h.audit5 2011-02-28 23:17:10.000000000 +0100 -+++ openssh-5.8p1/key.h 2011-02-28 23:17:13.000000000 +0100 +--- openssh-5.8p1/key.h.audit5 2011-03-02 08:30:38.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-03-02 08:30:42.000000000 +0100 @@ -109,6 +109,7 @@ Key *key_generate(int, u_int); Key *key_from_private(const Key *); int key_type_from_name(char *); @@ -172,8 +172,8 @@ diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h int key_to_certified(Key *, int); int key_drop_cert(Key *); diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5 2011-02-28 23:17:13.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-28 23:17:14.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-03-02 08:30:42.000000000 +0100 @@ -106,6 +106,8 @@ extern Buffer auth_debug; extern int auth_debug_init; extern Buffer loginmsg; @@ -223,7 +223,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -1597,6 +1604,8 @@ mm_answer_term(int sock, Buffer *req) +@@ -1607,6 +1614,8 @@ mm_answer_term(int sock, Buffer *req) sshpam_cleanup(); #endif @@ -232,7 +232,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c while (waitpid(pmonitor->m_pid, &status, 0) == -1) if (errno != EINTR) exit(1); -@@ -2309,4 +2318,24 @@ mm_answer_audit_session_key_free_body(in +@@ -2338,4 +2347,24 @@ mm_answer_audit_session_key_free_body(in mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); return 0; } @@ -258,8 +258,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit5 2011-02-28 23:17:13.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-28 23:17:14.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-03-02 08:30:42.000000000 +0100 @@ -70,6 +70,7 @@ enum monitor_reqtype { MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, @@ -269,9 +269,9 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-28 23:17:13.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-28 23:17:14.000000000 +0100 -@@ -1480,4 +1480,20 @@ mm_audit_session_key_free_body(int ctos, +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-03-02 08:30:42.000000000 +0100 +@@ -1501,4 +1501,20 @@ mm_audit_session_key_free_body(int ctos, &m); buffer_free(&m); } @@ -293,9 +293,9 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-28 23:17:13.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-28 23:17:14.000000000 +0100 -@@ -78,6 +78,7 @@ void mm_audit_end_command(const char *); +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-03-02 08:30:42.000000000 +0100 +@@ -79,6 +79,7 @@ void mm_audit_end_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void mm_audit_session_key_free_body(int, pid_t, uid_t); @@ -304,8 +304,8 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.audit5 2011-02-28 23:17:13.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-28 23:17:14.000000000 +0100 +--- openssh-5.8p1/session.c.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-03-02 08:30:42.000000000 +0100 @@ -132,7 +132,7 @@ extern int log_stderr; extern int debug_flag; extern u_int utmp_len; @@ -315,7 +315,7 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c extern Buffer loginmsg; /* original command from peer. */ -@@ -1616,7 +1616,7 @@ do_child(Session *s, const char *command +@@ -1626,7 +1626,7 @@ do_child(Session *s, const char *command int r = 0; /* remove hostkey from the child's memory */ @@ -325,8 +325,8 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c monitor over a single socket, with no synchronization. */ packet_destroy_all(0, 1); diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5 2011-02-28 23:17:13.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-28 23:17:14.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit5 2011-03-02 08:30:41.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-03-02 08:30:42.000000000 +0100 @@ -253,7 +253,7 @@ Buffer loginmsg; struct passwd *privsep_pw = NULL; diff --git a/openssh.spec b/openssh.spec index 109fb5e..c2e0d46 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 12 +%define openssh_rel 13 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -99,6 +99,8 @@ Patch0: openssh-5.6p1-redhat.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Patch100: openssh-5.8p1-fingerprint.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1402 +Patch8: openssh-5.8p1-audit0.patch +Patch108: openssh-5.8p1-audit0a.patch Patch1: openssh-5.8p1-audit1.patch Patch101: openssh-5.8p1-audit1a.patch Patch2: openssh-5.8p1-audit2.patch @@ -308,6 +310,8 @@ The module is most useful for su and sudo service stacks. ###%patch99 -p1 -b .wIm %patch0 -p1 -b .redhat %patch100 -p1 -b .fingerprint +%patch8 -p1 -b .audit0 +%patch108 -p1 -b .audit0a %patch1 -p1 -b .audit1 %patch101 -p1 -b .audit1a %patch2 -p1 -b .audit2 @@ -376,7 +380,6 @@ LDFLAGS="$LDFLAGS -pie -z relro -z now" export CFLAGS export LDFLAGS - %endif %if %{kerberos5} if test -r /etc/profile.d/krb5-devel.sh ; then @@ -645,6 +648,9 @@ fi %endif %changelog +* Thu Mar 3 2011 Jan F. Chadima - 5.8p1-13 + 0.9.2-30 +- improve audit of logins and auths + * Tue Mar 1 2011 Jan F. Chadima - 5.8p1-12 + 0.9.2-30 - improove ssk-keycat