improve audit of server ket management
This commit is contained in:
parent
b9127ef973
commit
2c1a4adbdd
@ -1,74 +0,0 @@
|
||||
diff -up openssh-5.6p1/log.h.wIm openssh-5.6p1/log.h
|
||||
--- openssh-5.6p1/log.h.wIm 2008-06-13 02:22:54.000000000 +0200
|
||||
+++ openssh-5.6p1/log.h 2011-01-11 10:35:32.000000000 +0100
|
||||
@@ -63,6 +63,7 @@ void verbose(const char *, ...) __at
|
||||
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
+void debug_wIm(const char *);
|
||||
|
||||
void do_log(LogLevel, const char *, va_list);
|
||||
void cleanup_exit(int) __attribute__((noreturn));
|
||||
diff -up openssh-5.6p1/Makefile.in.wIm openssh-5.6p1/Makefile.in
|
||||
--- openssh-5.6p1/Makefile.in.wIm 2010-05-12 08:51:39.000000000 +0200
|
||||
+++ openssh-5.6p1/Makefile.in 2011-01-11 10:35:32.000000000 +0100
|
||||
@@ -69,7 +69,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
|
||||
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
||||
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
|
||||
- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
|
||||
+ readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \
|
||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||
kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
|
||||
diff -up openssh-5.6p1/sshd.c.wIm openssh-5.6p1/sshd.c
|
||||
--- openssh-5.6p1/sshd.c.wIm 2010-04-16 07:56:22.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd.c 2011-01-11 10:35:32.000000000 +0100
|
||||
@@ -139,6 +139,9 @@ int deny_severity;
|
||||
|
||||
extern char *__progname;
|
||||
|
||||
+/* trace of fork processes */
|
||||
+extern int whereIam;
|
||||
+
|
||||
/* Server configuration options. */
|
||||
ServerOptions options;
|
||||
|
||||
@@ -652,6 +655,7 @@ privsep_preauth(Authctxt *authctxt)
|
||||
} else {
|
||||
/* child */
|
||||
|
||||
+ whereIam = 1;
|
||||
close(pmonitor->m_sendfd);
|
||||
|
||||
/* Demote the child */
|
||||
@@ -693,6 +697,7 @@ privsep_postauth(Authctxt *authctxt)
|
||||
exit(0);
|
||||
}
|
||||
|
||||
+ whereIam = 2;
|
||||
close(pmonitor->m_sendfd);
|
||||
|
||||
/* Demote the private keys to public keys. */
|
||||
@@ -1299,6 +1304,8 @@ main(int ac, char **av)
|
||||
Key *key;
|
||||
Authctxt *authctxt;
|
||||
|
||||
+ whereIam = 0;
|
||||
+
|
||||
#ifdef HAVE_SECUREWARE
|
||||
(void)set_auth_parameters(ac, av);
|
||||
#endif
|
||||
diff -up openssh-5.6p1/whereIam.c.wIm openssh-5.6p1/whereIam.c
|
||||
--- openssh-5.6p1/whereIam.c.wIm 2011-01-11 10:35:32.000000000 +0100
|
||||
+++ openssh-5.6p1/whereIam.c 2011-01-11 10:35:32.000000000 +0100
|
||||
@@ -0,0 +1,9 @@
|
||||
+
|
||||
+int whereIam = -1;
|
||||
+
|
||||
+void debug_wIm(const char *txt)
|
||||
+{
|
||||
+ debug("%s: %s wIm = %d, euid=%d", txt, __func__, whereIam, geteuid());
|
||||
+}
|
||||
+
|
||||
+
|
@ -45,7 +45,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
|
||||
+ "root denied",
|
||||
+ "success",
|
||||
+ "none",
|
||||
+ "paasword",
|
||||
+ "pasword",
|
||||
+ "chalenge-response",
|
||||
+ "pubkey",
|
||||
+ "hostbased",
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
|
||||
--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-bsm.c 2011-02-09 21:51:19.000000000 +0100
|
||||
--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-17 15:09:38.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-bsm.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event)
|
||||
debug("%s: unhandled event %d", __func__, event);
|
||||
}
|
||||
@ -19,18 +19,18 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
|
||||
+}
|
||||
#endif /* BSM */
|
||||
diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
|
||||
--- openssh-5.8p1/audit.c.audit3 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.c 2011-02-09 21:51:19.000000000 +0100
|
||||
--- openssh-5.8p1/audit.c.audit3 2011-02-17 15:09:38.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.c 2011-02-17 15:10:27.000000000 +0100
|
||||
@@ -36,6 +36,8 @@
|
||||
#include "key.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
+#include "ssh-gss.h"
|
||||
+#include "monitor_wrap.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
/*
|
||||
* Care must be taken when using this since it WILL NOT be initialized when
|
||||
@@ -138,6 +140,18 @@ audit_key(int type, int *rv, const Key *
|
||||
@@ -139,6 +141,18 @@ audit_key(int type, int *rv, const Key *
|
||||
xfree(fp);
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
|
||||
# ifndef CUSTOM_SSH_AUDIT_EVENTS
|
||||
/*
|
||||
* Null implementations of audit functions.
|
||||
@@ -221,5 +235,24 @@ audit_keyusage(int host_user, const char
|
||||
@@ -222,5 +236,24 @@ audit_keyusage(int host_user, const char
|
||||
debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d",
|
||||
host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv);
|
||||
}
|
||||
@ -75,8 +75,8 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
|
||||
--- openssh-5.8p1/audit.h.audit3 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.h 2011-02-09 21:51:19.000000000 +0100
|
||||
--- openssh-5.8p1/audit.h.audit3 2011-02-17 15:09:38.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.h 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -56,5 +56,9 @@ void audit_run_command(const char *);
|
||||
ssh_audit_event_t audit_classify_auth(const char *);
|
||||
int audit_keyusage(int, const char *, unsigned, char *, int);
|
||||
@ -88,8 +88,8 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
||||
--- openssh-5.8p1/audit-linux.c.audit3 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-linux.c 2011-02-09 21:51:19.000000000 +0100
|
||||
--- openssh-5.8p1/audit-linux.c.audit3 2011-02-17 15:09:38.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-linux.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -36,6 +36,8 @@
|
||||
#include "log.h"
|
||||
#include "audit.h"
|
||||
@ -99,7 +99,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
||||
|
||||
#define AUDIT_LOG_SIZE 128
|
||||
|
||||
@@ -156,4 +158,54 @@ audit_event(ssh_audit_event_t event)
|
||||
@@ -223,4 +225,54 @@ audit_event(ssh_audit_event_t event)
|
||||
}
|
||||
}
|
||||
|
||||
@ -109,17 +109,17 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
||||
+#ifdef AUDIT_CRYPTO_SESSION
|
||||
+ char buf[AUDIT_LOG_SIZE];
|
||||
+ const static char *name[] = { "cipher", "mac", "comp" };
|
||||
+ int audit_fd, audit_ok;
|
||||
+ int audit_fd;
|
||||
+
|
||||
+ snprintf(buf, sizeof(buf), "unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d",
|
||||
+ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d",
|
||||
+ name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()),
|
||||
+ get_local_port());
|
||||
+ audit_fd = audit_open();
|
||||
+ if (audit_fd < 0)
|
||||
+ /* no problem, the next instruction will be fatal() */
|
||||
+ return;
|
||||
+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL,
|
||||
+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 0);
|
||||
+ audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
|
||||
+ buf, NULL, get_remote_ipaddr(), NULL, 0);
|
||||
+ audit_close(audit_fd);
|
||||
+#endif
|
||||
+}
|
||||
@ -133,7 +133,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
||||
+ const static char *direction[] = { "from-server", "from-client", "both" };
|
||||
+ Cipher *cipher = cipher_by_name(enc);
|
||||
+
|
||||
+ snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d",
|
||||
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d",
|
||||
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
|
||||
+ get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
|
||||
+ audit_fd = audit_open();
|
||||
@ -144,8 +144,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
||||
+ else
|
||||
+ fatal("cannot open audit"); /* Must prevent login */
|
||||
+ }
|
||||
+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL,
|
||||
+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1);
|
||||
+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
|
||||
+ buf, NULL, get_remote_ipaddr(), NULL, 1);
|
||||
+ audit_close(audit_fd);
|
||||
+ /* do not abort if the error is EPERM and sshd is run as non root user */
|
||||
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
|
||||
@ -155,8 +155,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
|
||||
+
|
||||
#endif /* USE_LINUX_AUDIT */
|
||||
diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
|
||||
--- openssh-5.8p1/auditstub.c.audit3 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/auditstub.c 2011-02-09 21:51:19.000000000 +0100
|
||||
--- openssh-5.8p1/auditstub.c.audit3 2011-02-17 15:09:38.000000000 +0100
|
||||
+++ openssh-5.8p1/auditstub.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -0,0 +1,39 @@
|
||||
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
|
||||
+
|
||||
@ -199,7 +199,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
|
||||
+
|
||||
diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
|
||||
--- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100
|
||||
+++ openssh-5.8p1/cipher.c 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/cipher.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
|
||||
extern const EVP_CIPHER *evp_aes_128_ctr(void);
|
||||
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||
@ -219,7 +219,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
|
||||
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
|
||||
diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
|
||||
--- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
|
||||
+++ openssh-5.8p1/cipher.h 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/cipher.h 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -61,7 +61,16 @@
|
||||
typedef struct Cipher Cipher;
|
||||
typedef struct CipherContext CipherContext;
|
||||
@ -240,7 +240,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
|
||||
EVP_CIPHER_CTX evp;
|
||||
diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
|
||||
--- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
|
||||
+++ openssh-5.8p1/kex.c 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/kex.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -49,6 +49,7 @@
|
||||
#include "dispatch.h"
|
||||
#include "monitor.h"
|
||||
@ -305,7 +305,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
|
||||
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||
diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
|
||||
--- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100
|
||||
+++ openssh-5.8p1/Makefile.in 2011-02-09 21:53:15.000000000 +0100
|
||||
+++ openssh-5.8p1/Makefile.in 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
||||
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
|
||||
@ -316,8 +316,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
|
||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
||||
diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
|
||||
--- openssh-5.8p1/monitor.c.audit3 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.c 2011-02-09 21:51:19.000000000 +0100
|
||||
--- openssh-5.8p1/monitor.c.audit3 2011-02-17 15:09:38.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -89,6 +89,7 @@
|
||||
#include "ssh2.h"
|
||||
#include "jpake.h"
|
||||
@ -414,7 +414,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
|
||||
+#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
|
||||
--- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.h 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.h 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -66,6 +66,8 @@ enum monitor_reqtype {
|
||||
MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
|
||||
MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
|
||||
@ -426,7 +426,7 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
|
||||
struct mm_master;
|
||||
diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
|
||||
--- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200
|
||||
+++ openssh-5.8p1/monitor_wrap.c 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -1412,3 +1412,38 @@ mm_jpake_check_confirm(const BIGNUM *k,
|
||||
return success;
|
||||
}
|
||||
@ -468,7 +468,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
|
||||
+#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h
|
||||
--- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.h 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.h 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *);
|
||||
#include "audit.h"
|
||||
void mm_audit_event(ssh_audit_event_t);
|
||||
@ -480,7 +480,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h
|
||||
struct Session;
|
||||
diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c
|
||||
--- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.c 2011-02-09 21:51:19.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.c 2011-02-17 15:09:38.000000000 +0100
|
||||
@@ -118,6 +118,7 @@
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
|
||||
--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-bsm.c 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-bsm.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char
|
||||
{
|
||||
/* not implemented */
|
||||
@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
|
||||
+}
|
||||
#endif /* BSM */
|
||||
diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
|
||||
--- openssh-5.8p1/audit.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.c 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/audit.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -152,6 +152,12 @@ audit_kex(int ctos, char *enc, char *mac
|
||||
PRIVSEP(audit_kex_body(ctos, enc, mac, comp));
|
||||
}
|
||||
@ -43,8 +43,8 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
|
||||
--- openssh-5.8p1/audit.h.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.h 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/audit.h.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.h 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -60,5 +60,7 @@ void audit_unsupported(int);
|
||||
void audit_kex(int, char *, char *, char *);
|
||||
void audit_unsupported_body(int);
|
||||
@ -54,9 +54,9 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
||||
--- openssh-5.8p1/audit-linux.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-linux.c 2011-02-09 22:24:22.000000000 +0100
|
||||
@@ -179,13 +179,14 @@ audit_unsupported_body(int what)
|
||||
--- openssh-5.8p1/audit-linux.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-linux.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -246,13 +246,14 @@ audit_unsupported_body(int what)
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -71,8 +71,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
||||
- const static char *direction[] = { "from-server", "from-client", "both" };
|
||||
Cipher *cipher = cipher_by_name(enc);
|
||||
|
||||
snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d",
|
||||
@@ -208,4 +209,26 @@ audit_kex_body(int ctos, char *enc, char
|
||||
snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d",
|
||||
@@ -275,4 +276,29 @@ audit_kex_body(int ctos, char *enc, char
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -82,7 +82,10 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
||||
+ char buf[AUDIT_LOG_SIZE];
|
||||
+ int audit_fd, audit_ok;
|
||||
+
|
||||
+ snprintf(buf, sizeof(buf), "destroy kind=session direction=%s", direction[ctos]);
|
||||
+ snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d",
|
||||
+ direction[ctos], get_remote_port(),
|
||||
+ get_local_ipaddr(packet_get_connection_in()),
|
||||
+ get_local_port());
|
||||
+ audit_fd = audit_open();
|
||||
+ if (audit_fd < 0) {
|
||||
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
|
||||
@ -90,8 +93,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
||||
+ error("cannot open audit");
|
||||
+ return;
|
||||
+ }
|
||||
+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL,
|
||||
+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1);
|
||||
+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
|
||||
+ buf, NULL, get_remote_ipaddr(), NULL, 1);
|
||||
+ audit_close(audit_fd);
|
||||
+ /* do not abort if the error is EPERM and sshd is run as non root user */
|
||||
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
|
||||
@ -100,8 +103,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
|
||||
+
|
||||
#endif /* USE_LINUX_AUDIT */
|
||||
diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
|
||||
--- openssh-5.8p1/auditstub.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/auditstub.c 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/auditstub.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/auditstub.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac
|
||||
{
|
||||
}
|
||||
@ -111,8 +114,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
|
||||
+{
|
||||
+}
|
||||
diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
|
||||
--- openssh-5.8p1/kex.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/kex.c 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/kex.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/kex.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
@ -150,7 +153,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
|
||||
+
|
||||
diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
|
||||
--- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
|
||||
+++ openssh-5.8p1/kex.h 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/kex.h 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -156,6 +156,8 @@ void kexgex_server(Kex *);
|
||||
void kexecdh_client(Kex *);
|
||||
void kexecdh_server(Kex *);
|
||||
@ -162,7 +165,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
|
||||
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
|
||||
diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
|
||||
--- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200
|
||||
+++ openssh-5.8p1/mac.c 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/mac.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -162,6 +162,20 @@ mac_clear(Mac *mac)
|
||||
mac->umac_ctx = NULL;
|
||||
}
|
||||
@ -186,15 +189,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
|
||||
int
|
||||
diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h
|
||||
--- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
|
||||
+++ openssh-5.8p1/mac.h 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/mac.h 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
|
||||
int mac_init(Mac *);
|
||||
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
||||
void mac_clear(Mac *);
|
||||
+void mac_destroy(Mac *);
|
||||
diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
|
||||
--- openssh-5.8p1/monitor.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.c 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/monitor.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *)
|
||||
int mm_answer_audit_command(int, Buffer *);
|
||||
int mm_answer_audit_unsupported_body(int, Buffer *);
|
||||
@ -255,8 +258,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
|
||||
--- openssh-5.8p1/monitor.h.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.h 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/monitor.h.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.h 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -68,6 +68,7 @@ enum monitor_reqtype {
|
||||
MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
|
||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||
@ -266,8 +269,8 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
|
||||
|
||||
struct mm_master;
|
||||
diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
|
||||
--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.c 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -1446,4 +1446,17 @@ mm_audit_kex_body(int ctos, char *cipher
|
||||
|
||||
buffer_free(&m);
|
||||
@ -287,8 +290,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
|
||||
--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.h 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.h 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t);
|
||||
void mm_audit_run_command(const char *);
|
||||
void mm_audit_unsupported_body(int);
|
||||
@ -299,7 +302,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
|
||||
struct Session;
|
||||
diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
|
||||
--- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100
|
||||
+++ openssh-5.8p1/packet.c 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/packet.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -497,6 +497,7 @@ packet_close(void)
|
||||
}
|
||||
cipher_cleanup(&active_state->send_context);
|
||||
@ -394,7 +397,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
|
||||
+
|
||||
diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
|
||||
--- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100
|
||||
+++ openssh-5.8p1/packet.h 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/packet.h 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -125,4 +125,5 @@ void packet_restore_state(void);
|
||||
void *packet_get_input(void);
|
||||
void *packet_get_output(void);
|
||||
@ -402,8 +405,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
|
||||
+void packet_destroy_all(void);
|
||||
#endif /* PACKET_H */
|
||||
diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
|
||||
--- openssh-5.8p1/sshd.c.audit4 2011-02-09 22:24:22.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.c 2011-02-09 22:24:22.000000000 +0100
|
||||
--- openssh-5.8p1/sshd.c.audit4 2011-02-17 10:34:25.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.c 2011-02-17 10:34:25.000000000 +0100
|
||||
@@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt)
|
||||
return (0);
|
||||
}
|
||||
|
@ -1,20 +1,20 @@
|
||||
diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
|
||||
--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-09 22:33:51.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-bsm.c 2011-02-09 22:33:52.000000000 +0100
|
||||
--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-bsm.c 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos)
|
||||
{
|
||||
/* not implemented */
|
||||
}
|
||||
+
|
||||
+void
|
||||
+audit_destroy_sensitive_data(void)
|
||||
+audit_destroy_sensitive_data(const char *fp)
|
||||
+{
|
||||
+ /* not implemented */
|
||||
+}
|
||||
#endif /* BSM */
|
||||
diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
|
||||
--- openssh-5.8p1/audit.c.audit5 2011-02-09 22:33:51.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.c 2011-02-09 22:33:52.000000000 +0100
|
||||
--- openssh-5.8p1/audit.c.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.c 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos)
|
||||
{
|
||||
debug("audit session key discard euid %d direction %d", geteuid(), ctos);
|
||||
@ -24,36 +24,36 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
|
||||
+ * This will be called on destroy private part of the server key
|
||||
+ */
|
||||
+void
|
||||
+audit_destroy_sensitive_data(void)
|
||||
+audit_destroy_sensitive_data(const char *fp)
|
||||
+{
|
||||
+ debug("audit destroy sensitive data euid %d", geteuid());
|
||||
+ debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp);
|
||||
+}
|
||||
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
|
||||
--- openssh-5.8p1/audit.h.audit5 2011-02-09 22:33:51.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.h 2011-02-09 22:33:52.000000000 +0100
|
||||
--- openssh-5.8p1/audit.h.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/audit.h 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -62,5 +62,6 @@ void audit_unsupported_body(int);
|
||||
void audit_kex_body(int, char *, char *, char *);
|
||||
void audit_session_key_free(int ctos);
|
||||
void audit_session_key_free_body(int ctos);
|
||||
+void audit_destroy_sensitive_data(void);
|
||||
+void audit_destroy_sensitive_data(const char *);
|
||||
|
||||
#endif /* _SSH_AUDIT_H */
|
||||
diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
||||
--- openssh-5.8p1/audit-linux.c.audit5 2011-02-09 22:33:51.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-linux.c 2011-02-09 22:33:52.000000000 +0100
|
||||
@@ -231,4 +231,26 @@ audit_session_key_free_body(int ctos)
|
||||
--- openssh-5.8p1/audit-linux.c.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/audit-linux.c 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -301,4 +301,26 @@ audit_session_key_free_body(int ctos)
|
||||
error("cannot write into audit");
|
||||
}
|
||||
|
||||
+void
|
||||
+audit_destroy_sensitive_data(void)
|
||||
+audit_destroy_sensitive_data(const char *fp)
|
||||
+{
|
||||
+ char buf[AUDIT_LOG_SIZE];
|
||||
+ int audit_fd, audit_ok;
|
||||
+
|
||||
+ snprintf(buf, sizeof(buf), "destroy kind=server direction=?");
|
||||
+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp);
|
||||
+ audit_fd = audit_open();
|
||||
+ if (audit_fd < 0) {
|
||||
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
|
||||
@ -61,8 +61,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
||||
+ error("cannot open audit");
|
||||
+ return;
|
||||
+ }
|
||||
+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL,
|
||||
+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1);
|
||||
+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
|
||||
+ buf, NULL, get_remote_ipaddr(), NULL, 1);
|
||||
+ audit_close(audit_fd);
|
||||
+ /* do not abort if the error is EPERM and sshd is run as non root user */
|
||||
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
|
||||
@ -71,8 +71,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
|
||||
+
|
||||
#endif /* USE_LINUX_AUDIT */
|
||||
diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
|
||||
--- openssh-5.8p1/monitor.c.audit5 2011-02-09 22:33:52.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.c 2011-02-09 22:33:52.000000000 +0100
|
||||
--- openssh-5.8p1/monitor.c.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.c 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer
|
||||
int mm_answer_audit_unsupported_body(int, Buffer *);
|
||||
int mm_answer_audit_kex_body(int, Buffer *);
|
||||
@ -113,7 +113,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
|
||||
#endif
|
||||
{0, 0, NULL}
|
||||
};
|
||||
@@ -2272,4 +2277,15 @@ mm_answer_audit_session_key_free_body(in
|
||||
@@ -2272,4 +2277,20 @@ mm_answer_audit_session_key_free_body(in
|
||||
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
|
||||
return 0;
|
||||
}
|
||||
@ -121,7 +121,12 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
|
||||
+int
|
||||
+mm_answer_audit_server_key_free(int sock, Buffer *m)
|
||||
+{
|
||||
+ audit_destroy_sensitive_data();
|
||||
+ int len;
|
||||
+ char *fp;
|
||||
+
|
||||
+ fp = buffer_get_string(m, &len);
|
||||
+
|
||||
+ audit_destroy_sensitive_data(fp);
|
||||
+
|
||||
+ buffer_clear(m);
|
||||
+
|
||||
@ -130,8 +135,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
|
||||
--- openssh-5.8p1/monitor.h.audit5 2011-02-09 22:33:52.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.h 2011-02-09 22:33:52.000000000 +0100
|
||||
--- openssh-5.8p1/monitor.h.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor.h 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -69,6 +69,7 @@ enum monitor_reqtype {
|
||||
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
|
||||
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
|
||||
@ -141,19 +146,21 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
|
||||
|
||||
struct mm_master;
|
||||
diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
|
||||
--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-09 22:33:52.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.c 2011-02-09 22:33:52.000000000 +0100
|
||||
@@ -1459,4 +1459,16 @@ mm_audit_session_key_free_body(int ctos)
|
||||
--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.c 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -1459,4 +1459,18 @@ mm_audit_session_key_free_body(int ctos)
|
||||
&m);
|
||||
buffer_free(&m);
|
||||
}
|
||||
+
|
||||
+void
|
||||
+mm_audit_destroy_sensitive_data(void)
|
||||
+mm_audit_destroy_sensitive_data(const char *fp)
|
||||
+{
|
||||
+ Buffer m;
|
||||
+
|
||||
+ buffer_init(&m);
|
||||
+ buffer_put_cstring(&m, fp);
|
||||
+
|
||||
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
|
||||
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE,
|
||||
+ &m);
|
||||
@ -161,55 +168,108 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
|
||||
+}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
|
||||
--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-09 22:33:52.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.h 2011-02-09 22:33:52.000000000 +0100
|
||||
--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/monitor_wrap.h 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *);
|
||||
void mm_audit_unsupported_body(int);
|
||||
void mm_audit_kex_body(int, char *, char *, char *);
|
||||
void mm_audit_session_key_free_body(int);
|
||||
+void mm_audit_server_key_free_body(void);
|
||||
+void mm_audit_destroy_sensitive_data(const char *);
|
||||
#endif
|
||||
|
||||
struct Session;
|
||||
diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
|
||||
--- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100
|
||||
+++ openssh-5.8p1/session.c 2011-02-09 22:33:52.000000000 +0100
|
||||
@@ -1615,6 +1615,7 @@ do_child(Session *s, const char *command
|
||||
+++ openssh-5.8p1/session.c 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -132,7 +132,7 @@ extern int log_stderr;
|
||||
extern int debug_flag;
|
||||
extern u_int utmp_len;
|
||||
extern int startup_pipe;
|
||||
-extern void destroy_sensitive_data(void);
|
||||
+extern void destroy_sensitive_data(int);
|
||||
extern Buffer loginmsg;
|
||||
|
||||
/* original command from peer. */
|
||||
@@ -1614,7 +1614,7 @@ do_child(Session *s, const char *command
|
||||
int r = 0;
|
||||
|
||||
/* remove hostkey from the child's memory */
|
||||
destroy_sensitive_data();
|
||||
+ PRIVSEP(audit_destroy_sensitive_data());
|
||||
- destroy_sensitive_data();
|
||||
+ destroy_sensitive_data(1);
|
||||
|
||||
/* Force a password change */
|
||||
if (s->authctxt->force_pwchange) {
|
||||
diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
|
||||
--- openssh-5.8p1/sshd.c.audit5 2011-02-09 22:33:52.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.c 2011-02-09 22:33:52.000000000 +0100
|
||||
@@ -579,6 +579,7 @@ demote_sensitive_data(void)
|
||||
--- openssh-5.8p1/sshd.c.audit5 2011-02-17 10:36:14.000000000 +0100
|
||||
+++ openssh-5.8p1/sshd.c 2011-02-17 10:36:14.000000000 +0100
|
||||
@@ -253,7 +253,7 @@ Buffer loginmsg;
|
||||
struct passwd *privsep_pw = NULL;
|
||||
|
||||
/* Prototypes for various functions defined later in this file. */
|
||||
-void destroy_sensitive_data(void);
|
||||
+void destroy_sensitive_data(int);
|
||||
void demote_sensitive_data(void);
|
||||
|
||||
static void do_ssh1_kex(void);
|
||||
@@ -534,7 +534,7 @@ sshd_exchange_identification(int sock_in
|
||||
|
||||
/* Destroy the host and server keys. They will no longer be needed. */
|
||||
void
|
||||
-destroy_sensitive_data(void)
|
||||
+destroy_sensitive_data(int privsep)
|
||||
{
|
||||
int i;
|
||||
|
||||
@@ -544,8 +544,16 @@ destroy_sensitive_data(void)
|
||||
}
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
if (sensitive_data.host_keys[i]) {
|
||||
+ char *fp;
|
||||
+
|
||||
+ fp = key_fingerprint(sensitive_data.host_keys[i],
|
||||
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
|
||||
key_free(sensitive_data.host_keys[i]);
|
||||
sensitive_data.host_keys[i] = NULL;
|
||||
+ if (privsep)
|
||||
+ PRIVSEP(audit_destroy_sensitive_data(fp));
|
||||
+ else
|
||||
+ audit_destroy_sensitive_data(fp);
|
||||
}
|
||||
if (sensitive_data.host_certificates[i]) {
|
||||
key_free(sensitive_data.host_certificates[i]);
|
||||
@@ -571,11 +579,17 @@ demote_sensitive_data(void)
|
||||
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
if (sensitive_data.host_keys[i]) {
|
||||
+ char *fp;
|
||||
+
|
||||
+ fp = key_fingerprint(sensitive_data.host_keys[i],
|
||||
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
|
||||
tmp = key_demote(sensitive_data.host_keys[i]);
|
||||
key_free(sensitive_data.host_keys[i]);
|
||||
sensitive_data.host_keys[i] = tmp;
|
||||
if (tmp->type == KEY_RSA1)
|
||||
sensitive_data.ssh1_host_key = tmp;
|
||||
+ audit_destroy_sensitive_data(fp);
|
||||
+ xfree(fp);
|
||||
}
|
||||
/* Certs do not need demotion */
|
||||
}
|
||||
+ audit_destroy_sensitive_data();
|
||||
|
||||
/* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */
|
||||
}
|
||||
@@ -2023,8 +2024,10 @@ main(int ac, char **av)
|
||||
if (use_privsep) {
|
||||
@@ -2024,7 +2038,7 @@ main(int ac, char **av)
|
||||
privsep_postauth(authctxt);
|
||||
/* the monitor process [priv] will not return */
|
||||
- if (!compat20)
|
||||
+ if (!compat20) {
|
||||
destroy_sensitive_data();
|
||||
+ audit_destroy_sensitive_data();
|
||||
+ }
|
||||
if (!compat20)
|
||||
- destroy_sensitive_data();
|
||||
+ destroy_sensitive_data(0);
|
||||
}
|
||||
|
||||
packet_set_timeout(options.client_alive_interval,
|
||||
@@ -2265,6 +2268,7 @@ do_ssh1_kex(void)
|
||||
@@ -2264,7 +2278,7 @@ do_ssh1_kex(void)
|
||||
session_id[i] = session_key[i] ^ session_key[i + 16];
|
||||
}
|
||||
/* Destroy the private and public keys. No longer. */
|
||||
destroy_sensitive_data();
|
||||
+ audit_destroy_sensitive_data();
|
||||
- destroy_sensitive_data();
|
||||
+ destroy_sensitive_data(0);
|
||||
|
||||
if (use_privsep)
|
||||
mm_ssh1_session_id(session_id);
|
||||
|
13
openssh.spec
13
openssh.spec
@ -71,7 +71,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%define openssh_ver 5.8p1
|
||||
%define openssh_rel 3
|
||||
%define openssh_rel 4
|
||||
%define pam_ssh_agent_ver 0.9.2
|
||||
%define pam_ssh_agent_rel 30
|
||||
|
||||
@ -93,14 +93,16 @@ Source3: sshd.init
|
||||
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
|
||||
Source5: pam_ssh_agent-rmheaders
|
||||
|
||||
Patch100: openssh-5.6p1-wIm.patch
|
||||
Patch100: openssh-5.8p1-wIm.patch
|
||||
Patch0: openssh-5.6p1-redhat.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
||||
Patch1: openssh-5.8p1-audit1.patch
|
||||
Patch2: openssh-5.8p1-audit2.patch
|
||||
Patch102: openssh-5.8p1-audit2a.patch
|
||||
Patch3: openssh-5.8p1-audit3.patch
|
||||
Patch4: openssh-5.8p1-audit4.patch
|
||||
Patch5: openssh-5.8p1-audit5.patch
|
||||
Patch105: openssh-5.8p1-audit5a.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
|
||||
Patch9: openssh-5.8p1-vendor.patch
|
||||
# --- pam_ssh-agent ---
|
||||
@ -286,9 +288,11 @@ The module is most useful for su and sudo service stacks.
|
||||
%patch0 -p1 -b .redhat
|
||||
%patch1 -p1 -b .audit1
|
||||
%patch2 -p1 -b .audit2
|
||||
%patch102 -p1 -b .audit2a
|
||||
%patch3 -p1 -b .audit3
|
||||
%patch4 -p1 -b .audit4
|
||||
%patch5 -p1 -b .audit5
|
||||
%patch105 -p1 -b .audit5a
|
||||
%patch9 -p1 -b .vendor
|
||||
%if %{pam_ssh_agent}
|
||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
@ -299,7 +303,9 @@ rm -f $(cat %{SOURCE5})
|
||||
popd
|
||||
%endif
|
||||
%patch20 -p1 -b .akc
|
||||
%if %{ldap}
|
||||
%patch21 -p1 -b .ldap
|
||||
%endif
|
||||
%if %{WITH_SELINUX}
|
||||
#SELinux
|
||||
%patch22 -p1 -b .selinux
|
||||
@ -604,6 +610,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30
|
||||
- improve audit of server ket management
|
||||
|
||||
* Wed Feb 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-3 + 0.9.2-30
|
||||
- improve audit of logins and auths
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user