improve audit of server ket management

2011-02-17 17:54:23 +01:00 · 2011-02-17 17:54:23 +01:00 · 2c1a4adbdd
commit 2c1a4adbdd
parent b9127ef973
6 changed files with 190 additions and 192 deletions
--- a/openssh-5.6p1-wIm.patch
+++ b/openssh-5.6p1-wIm.patch
@ -1,74 +0,0 @@
-diff -up openssh-5.6p1/log.h.wIm openssh-5.6p1/log.h
--- openssh-5.6p1/log.h.wIm	2008-06-13 02:22:54.000000000 +0200
-+++ openssh-5.6p1/log.h	2011-01-11 10:35:32.000000000 +0100
-@@ -63,6 +63,7 @@ void     verbose(const char *, ...) __at
- void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
- void     debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
- void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
-+void	 debug_wIm(const char *);
- 
- void	 do_log(LogLevel, const char *, va_list);
- void	 cleanup_exit(int) __attribute__((noreturn));
-diff -up openssh-5.6p1/Makefile.in.wIm openssh-5.6p1/Makefile.in
--- openssh-5.6p1/Makefile.in.wIm	2010-05-12 08:51:39.000000000 +0200
-+++ openssh-5.6p1/Makefile.in	2011-01-11 10:35:32.000000000 +0100
-@@ -69,7 +69,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
- 	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
- 	compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
- 	log.o match.o md-sha256.o moduli.o nchan.o packet.o \
-	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
-+	readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \
- 	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
- 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
- 	kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
-diff -up openssh-5.6p1/sshd.c.wIm openssh-5.6p1/sshd.c
--- openssh-5.6p1/sshd.c.wIm	2010-04-16 07:56:22.000000000 +0200
-+++ openssh-5.6p1/sshd.c	2011-01-11 10:35:32.000000000 +0100
-@@ -139,6 +139,9 @@ int deny_severity;
- 
- extern char *__progname;
- 
-+/* trace of fork processes */
-+extern int whereIam;
-+
- /* Server configuration options. */
- ServerOptions options;
- 
-@@ -652,6 +655,7 @@ privsep_preauth(Authctxt *authctxt)
- 	} else {
- 		/* child */
- 
-+		whereIam = 1;
- 		close(pmonitor->m_sendfd);
- 
- 		/* Demote the child */
-@@ -693,6 +697,7 @@ privsep_postauth(Authctxt *authctxt)
- 		exit(0);
- 	}
- 
-+	whereIam = 2;
- 	close(pmonitor->m_sendfd);
- 
- 	/* Demote the private keys to public keys. */
-@@ -1299,6 +1304,8 @@ main(int ac, char **av)
- 	Key *key;
- 	Authctxt *authctxt;
- 
-+	whereIam = 0;
-+
- #ifdef HAVE_SECUREWARE
- 	(void)set_auth_parameters(ac, av);
- #endif
-diff -up openssh-5.6p1/whereIam.c.wIm openssh-5.6p1/whereIam.c
--- openssh-5.6p1/whereIam.c.wIm	2011-01-11 10:35:32.000000000 +0100
-+++ openssh-5.6p1/whereIam.c	2011-01-11 10:35:32.000000000 +0100
-@@ -0,0 +1,9 @@
-+
-+int whereIam = -1;
-+
-+void debug_wIm(const char *txt)
-+{
-+	debug("%s: %s wIm = %d, euid=%d", txt, __func__, whereIam, geteuid());
-+}
-+
-+
--- a/openssh-5.8p1-audit1.patch
+++ b/openssh-5.8p1-audit1.patch
@ -45,7 +45,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
 +		"root denied",
 +		"success",
 +		"none",
-+		"paasword",
+		"pasword",
 +		"chalenge-response",
 +		"pubkey",
 +		"hostbased",
--- a/openssh-5.8p1-audit3.patch
+++ b/openssh-5.8p1-audit3.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit3	2011-02-09 21:51:19.000000000 +0100
-+++ openssh-5.8p1/audit-bsm.c	2011-02-09 21:51:19.000000000 +0100
+--- openssh-5.8p1/audit-bsm.c.audit3	2011-02-17 15:09:38.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c	2011-02-17 15:09:38.000000000 +0100
@@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event)
 		debug("%s: unhandled event %d", __func__, event);
 	}
@ -19,18 +19,18 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
 +}
 #endif /* BSM */
 diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit3	2011-02-09 21:51:19.000000000 +0100
-+++ openssh-5.8p1/audit.c	2011-02-09 21:51:19.000000000 +0100
+--- openssh-5.8p1/audit.c.audit3	2011-02-17 15:09:38.000000000 +0100
+++ openssh-5.8p1/audit.c	2011-02-17 15:10:27.000000000 +0100
@@ -36,6 +36,8 @@
 #include "key.h"
 #include "hostfile.h"
 #include "auth.h"
 +#include "ssh-gss.h"
 +#include "monitor_wrap.h"
+ #include "xmalloc.h"
 
 /*
-  * Care must be taken when using this since it WILL NOT be initialized when
-@@ -138,6 +140,18 @@ audit_key(int type, int *rv, const Key *
+@@ -139,6 +141,18 @@ audit_key(int type, int *rv, const Key *
 	xfree(fp);
 }
 
@ -49,7 +49,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
 # ifndef CUSTOM_SSH_AUDIT_EVENTS
 /*
  * Null implementations of audit functions.
-@@ -221,5 +235,24 @@ audit_keyusage(int host_user, const char
+@@ -222,5 +236,24 @@ audit_keyusage(int host_user, const char
 	debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", 
 		host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv);
 }
@ -75,8 +75,8 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit3	2011-02-09 21:51:19.000000000 +0100
-+++ openssh-5.8p1/audit.h	2011-02-09 21:51:19.000000000 +0100
+--- openssh-5.8p1/audit.h.audit3	2011-02-17 15:09:38.000000000 +0100
+++ openssh-5.8p1/audit.h	2011-02-17 15:09:38.000000000 +0100
@@ -56,5 +56,9 @@ void	audit_run_command(const char *);
 ssh_audit_event_t audit_classify_auth(const char *);
 int	audit_keyusage(int, const char *, unsigned, char *, int);
@ -88,8 +88,8 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
 
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit3	2011-02-09 21:51:19.000000000 +0100
-+++ openssh-5.8p1/audit-linux.c	2011-02-09 21:51:19.000000000 +0100
+--- openssh-5.8p1/audit-linux.c.audit3	2011-02-17 15:09:38.000000000 +0100
+++ openssh-5.8p1/audit-linux.c	2011-02-17 15:09:38.000000000 +0100
@@ -36,6 +36,8 @@
 #include "log.h"
 #include "audit.h"
@ -99,7 +99,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
 
 #define AUDIT_LOG_SIZE 128
 
-@@ -156,4 +158,54 @@ audit_event(ssh_audit_event_t event)
+@@ -223,4 +225,54 @@ audit_event(ssh_audit_event_t event)
 	}
 }
 
@ -109,17 +109,17 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
 +#ifdef AUDIT_CRYPTO_SESSION
 +	char buf[AUDIT_LOG_SIZE];
 +	const static char *name[] = { "cipher", "mac", "comp" };
-+	int audit_fd, audit_ok;
+	int audit_fd;
 +
-+	snprintf(buf, sizeof(buf), "unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d",
+	snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d",
 +		name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()),
 +		get_local_port());
 +	audit_fd = audit_open();
 +	if (audit_fd < 0)
 +		/* no problem, the next instruction will be fatal() */
 +		return;
-+	audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL,
-+			buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 0);
+	audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
+			buf, NULL, get_remote_ipaddr(), NULL, 0);
 +	audit_close(audit_fd);
 +#endif
 +}
@ -133,7 +133,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
 +	const static char *direction[] = { "from-server", "from-client", "both" };
 +	Cipher *cipher = cipher_by_name(enc);
 +
-+	snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d",
+	snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d",
 +		direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
 +		get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
 +	audit_fd = audit_open();
@ -144,8 +144,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
 +		else                                                                                                                                       
 +			fatal("cannot open audit"); /* Must prevent login */
 +	}
-+	audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL,
-+			buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1);
+	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
+			buf, NULL, get_remote_ipaddr(), NULL, 1);
 +	audit_close(audit_fd);
 +	/* do not abort if the error is EPERM and sshd is run as non root user */
 +	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
@ -155,8 +155,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
 +
 #endif /* USE_LINUX_AUDIT */
 diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
--- openssh-5.8p1/auditstub.c.audit3	2011-02-09 21:51:19.000000000 +0100
-+++ openssh-5.8p1/auditstub.c	2011-02-09 21:51:19.000000000 +0100
+--- openssh-5.8p1/auditstub.c.audit3	2011-02-17 15:09:38.000000000 +0100
+++ openssh-5.8p1/auditstub.c	2011-02-17 15:09:38.000000000 +0100
@@ -0,0 +1,39 @@
 +/* $Id: auditstub.c,v 1.1 jfch Exp $ */
 +
@ -199,7 +199,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
 +
 diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
 --- openssh-5.8p1/cipher.c.audit3	2011-02-09 15:24:23.000000000 +0100
-+++ openssh-5.8p1/cipher.c	2011-02-09 21:51:19.000000000 +0100
+++ openssh-5.8p1/cipher.c	2011-02-17 15:09:38.000000000 +0100
@@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX 
 extern const EVP_CIPHER *evp_aes_128_ctr(void);
 extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
@ -219,7 +219,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
 	{ "3des",		SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
 diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
 --- openssh-5.8p1/cipher.h.audit3	2009-01-28 06:38:41.000000000 +0100
-+++ openssh-5.8p1/cipher.h	2011-02-09 21:51:19.000000000 +0100
+++ openssh-5.8p1/cipher.h	2011-02-17 15:09:38.000000000 +0100
@@ -61,7 +61,16 @@
 typedef struct Cipher Cipher;
 typedef struct CipherContext CipherContext;
@ -240,7 +240,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
 	EVP_CIPHER_CTX evp;
 diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
 --- openssh-5.8p1/kex.c.audit3	2010-09-24 14:11:14.000000000 +0200
-+++ openssh-5.8p1/kex.c	2011-02-09 21:51:19.000000000 +0100
+++ openssh-5.8p1/kex.c	2011-02-17 15:09:38.000000000 +0100
@@ -49,6 +49,7 @@
 #include "dispatch.h"
 #include "monitor.h"
@ -305,7 +305,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
 	choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
 diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
 --- openssh-5.8p1/Makefile.in.audit3	2011-02-04 01:42:13.000000000 +0100
-+++ openssh-5.8p1/Makefile.in	2011-02-09 21:53:15.000000000 +0100
+++ openssh-5.8p1/Makefile.in	2011-02-17 15:09:38.000000000 +0100
@@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
 	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
@ -316,8 +316,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
 diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit3	2011-02-09 21:51:19.000000000 +0100
-+++ openssh-5.8p1/monitor.c	2011-02-09 21:51:19.000000000 +0100
+--- openssh-5.8p1/monitor.c.audit3	2011-02-17 15:09:38.000000000 +0100
+++ openssh-5.8p1/monitor.c	2011-02-17 15:09:38.000000000 +0100
@@ -89,6 +89,7 @@
 #include "ssh2.h"
 #include "jpake.h"
@ -414,7 +414,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
 +#endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
 --- openssh-5.8p1/monitor.h.audit3	2008-11-05 06:20:46.000000000 +0100
-+++ openssh-5.8p1/monitor.h	2011-02-09 21:51:19.000000000 +0100
+++ openssh-5.8p1/monitor.h	2011-02-17 15:09:38.000000000 +0100
@@ -66,6 +66,8 @@ enum monitor_reqtype {
 	MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
 	MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
@ -426,7 +426,7 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
 struct mm_master;
 diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
 --- openssh-5.8p1/monitor_wrap.c.audit3	2010-08-31 14:41:14.000000000 +0200
-+++ openssh-5.8p1/monitor_wrap.c	2011-02-09 21:51:19.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c	2011-02-17 15:09:38.000000000 +0100
@@ -1412,3 +1412,38 @@ mm_jpake_check_confirm(const BIGNUM *k,
 	return success;
 }
@ -468,7 +468,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
 +#endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h
 --- openssh-5.8p1/monitor_wrap.h.audit3	2009-03-05 14:58:22.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.h	2011-02-09 21:51:19.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h	2011-02-17 15:09:38.000000000 +0100
@@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *);
 #include "audit.h"
 void mm_audit_event(ssh_audit_event_t);
@ -480,7 +480,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h
 struct Session;
 diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c
 --- openssh-5.8p1/sshd.c.audit3	2011-01-11 07:20:31.000000000 +0100
-+++ openssh-5.8p1/sshd.c	2011-02-09 21:51:19.000000000 +0100
+++ openssh-5.8p1/sshd.c	2011-02-17 15:09:38.000000000 +0100
@@ -118,6 +118,7 @@
 #endif
 #include "monitor_wrap.h"
--- a/openssh-5.8p1-audit4.patch
+++ b/openssh-5.8p1-audit4.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/audit-bsm.c	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/audit-bsm.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c	2011-02-17 10:34:25.000000000 +0100
@@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char
 {
 	/* not implemented */
@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
 +}
 #endif /* BSM */
 diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/audit.c	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/audit.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/audit.c	2011-02-17 10:34:25.000000000 +0100
@@ -152,6 +152,12 @@ audit_kex(int ctos, char *enc, char *mac
 	PRIVSEP(audit_kex_body(ctos, enc, mac, comp));
 }
@ -43,8 +43,8 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/audit.h	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/audit.h.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/audit.h	2011-02-17 10:34:25.000000000 +0100
@@ -60,5 +60,7 @@ void	audit_unsupported(int);
 void	audit_kex(int, char *, char *, char *);
 void	audit_unsupported_body(int);
@ -54,9 +54,9 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
 
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/audit-linux.c	2011-02-09 22:24:22.000000000 +0100
-@@ -179,13 +179,14 @@ audit_unsupported_body(int what)
+--- openssh-5.8p1/audit-linux.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/audit-linux.c	2011-02-17 10:34:25.000000000 +0100
+@@ -246,13 +246,14 @@ audit_unsupported_body(int what)
 #endif
 }
 
@ -71,8 +71,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
 -	const static char *direction[] = { "from-server", "from-client", "both" };
 	Cipher *cipher = cipher_by_name(enc);
 
- 	snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d",
-@@ -208,4 +209,26 @@ audit_kex_body(int ctos, char *enc, char
+ 	snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d",
+@@ -275,4 +276,29 @@ audit_kex_body(int ctos, char *enc, char
 #endif
 }
 
@ -82,7 +82,10 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
 +	char buf[AUDIT_LOG_SIZE];
 +	int audit_fd, audit_ok;
 +
-+	snprintf(buf, sizeof(buf), "destroy kind=session direction=%s", direction[ctos]);
+	snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d",
+		 direction[ctos], get_remote_port(),
+		 get_local_ipaddr(packet_get_connection_in()),
+		 get_local_port());
 +	audit_fd = audit_open();
 +	if (audit_fd < 0) {
 +		if (errno != EINVAL && errno != EPROTONOSUPPORT &&
@ -90,8 +93,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
 +			error("cannot open audit");
 +		return;
 +	}
-+	audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL,
-+			buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1);
+	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
+			buf, NULL, get_remote_ipaddr(), NULL, 1);
 +	audit_close(audit_fd);
 +	/* do not abort if the error is EPERM and sshd is run as non root user */
 +	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
@ -100,8 +103,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
 +
 #endif /* USE_LINUX_AUDIT */
 diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
--- openssh-5.8p1/auditstub.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/auditstub.c	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/auditstub.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/auditstub.c	2011-02-17 10:34:25.000000000 +0100
@@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac
 {
 }
@ -111,8 +114,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
 +{
 +}
 diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
--- openssh-5.8p1/kex.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/kex.c	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/kex.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/kex.c	2011-02-17 10:34:25.000000000 +0100
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
 	fprintf(stderr, "\n");
 }
@ -150,7 +153,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
 +
 diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
 --- openssh-5.8p1/kex.h.audit4	2010-09-24 14:11:14.000000000 +0200
-+++ openssh-5.8p1/kex.h	2011-02-09 22:24:22.000000000 +0100
+++ openssh-5.8p1/kex.h	2011-02-17 10:34:25.000000000 +0100
@@ -156,6 +156,8 @@ void	 kexgex_server(Kex *);
 void	 kexecdh_client(Kex *);
 void	 kexecdh_server(Kex *);
@ -162,7 +165,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
     BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
 diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
 --- openssh-5.8p1/mac.c.audit4	2008-06-13 02:58:50.000000000 +0200
-+++ openssh-5.8p1/mac.c	2011-02-09 22:24:22.000000000 +0100
+++ openssh-5.8p1/mac.c	2011-02-17 10:34:25.000000000 +0100
@@ -162,6 +162,20 @@ mac_clear(Mac *mac)
 	mac->umac_ctx = NULL;
 }
@ -186,15 +189,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
 int
 diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h
 --- openssh-5.8p1/mac.h.audit4	2007-06-11 06:01:42.000000000 +0200
-+++ openssh-5.8p1/mac.h	2011-02-09 22:24:22.000000000 +0100
+++ openssh-5.8p1/mac.h	2011-02-17 10:34:25.000000000 +0100
@@ -28,3 +28,4 @@ int	 mac_setup(Mac *, char *);
 int	 mac_init(Mac *);
 u_char	*mac_compute(Mac *, u_int32_t, u_char *, int);
 void	 mac_clear(Mac *);
 +void	 mac_destroy(Mac *);
 diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/monitor.c	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/monitor.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/monitor.c	2011-02-17 10:34:25.000000000 +0100
@@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *)
 int mm_answer_audit_command(int, Buffer *);
 int mm_answer_audit_unsupported_body(int, Buffer *);
@ -255,8 +258,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/monitor.h	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/monitor.h.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/monitor.h	2011-02-17 10:34:25.000000000 +0100
@@ -68,6 +68,7 @@ enum monitor_reqtype {
 	MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
 	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
@ -266,8 +269,8 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
 
 struct mm_master;
 diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.c	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/monitor_wrap.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c	2011-02-17 10:34:25.000000000 +0100
@@ -1446,4 +1446,17 @@ mm_audit_kex_body(int ctos, char *cipher
 
 	buffer_free(&m);
@ -287,8 +290,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.h	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/monitor_wrap.h.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h	2011-02-17 10:34:25.000000000 +0100
@@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t);
 void mm_audit_run_command(const char *);
 void mm_audit_unsupported_body(int);
@ -299,7 +302,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
 struct Session;
 diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
 --- openssh-5.8p1/packet.c.audit4	2010-11-24 00:46:37.000000000 +0100
-+++ openssh-5.8p1/packet.c	2011-02-09 22:24:22.000000000 +0100
+++ openssh-5.8p1/packet.c	2011-02-17 10:34:25.000000000 +0100
@@ -497,6 +497,7 @@ packet_close(void)
 	}
 	cipher_cleanup(&active_state->send_context);
@ -394,7 +397,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
 +
 diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
 --- openssh-5.8p1/packet.h.audit4	2010-11-20 05:19:38.000000000 +0100
-+++ openssh-5.8p1/packet.h	2011-02-09 22:24:22.000000000 +0100
+++ openssh-5.8p1/packet.h	2011-02-17 10:34:25.000000000 +0100
@@ -125,4 +125,5 @@ void	 packet_restore_state(void);
 void	*packet_get_input(void);
 void	*packet_get_output(void);
@ -402,8 +405,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
 +void	 packet_destroy_all(void);
 #endif				/* PACKET_H */
 diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit4	2011-02-09 22:24:22.000000000 +0100
-+++ openssh-5.8p1/sshd.c	2011-02-09 22:24:22.000000000 +0100
+--- openssh-5.8p1/sshd.c.audit4	2011-02-17 10:34:25.000000000 +0100
+++ openssh-5.8p1/sshd.c	2011-02-17 10:34:25.000000000 +0100
@@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt)
 	return (0);
 }
--- a/openssh-5.8p1-audit5.patch
+++ b/openssh-5.8p1-audit5.patch
@ -1,20 +1,20 @@
 diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit5	2011-02-09 22:33:51.000000000 +0100
-+++ openssh-5.8p1/audit-bsm.c	2011-02-09 22:33:52.000000000 +0100
+--- openssh-5.8p1/audit-bsm.c.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c	2011-02-17 10:36:14.000000000 +0100
@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos)
 {
 	/* not implemented */
 }
 +
 +void
-+audit_destroy_sensitive_data(void)
+audit_destroy_sensitive_data(const char *fp)
 +{
 +	/* not implemented */
 +}
 #endif /* BSM */
 diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit5	2011-02-09 22:33:51.000000000 +0100
-+++ openssh-5.8p1/audit.c	2011-02-09 22:33:52.000000000 +0100
+--- openssh-5.8p1/audit.c.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/audit.c	2011-02-17 10:36:14.000000000 +0100
@@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos)
 {
 	debug("audit session key discard euid %d direction %d", geteuid(), ctos);
@ -24,36 +24,36 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
 + * This will be called on destroy private part of the server key
 + */
 +void
-+audit_destroy_sensitive_data(void)
+audit_destroy_sensitive_data(const char *fp)
 +{
-+	debug("audit destroy sensitive data euid %d", geteuid());
+	debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp);
 +}
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit5	2011-02-09 22:33:51.000000000 +0100
-+++ openssh-5.8p1/audit.h	2011-02-09 22:33:52.000000000 +0100
+--- openssh-5.8p1/audit.h.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/audit.h	2011-02-17 10:36:14.000000000 +0100
@@ -62,5 +62,6 @@ void	audit_unsupported_body(int);
 void	audit_kex_body(int, char *, char *, char *);
 void	audit_session_key_free(int ctos);
 void	audit_session_key_free_body(int ctos);
-+void	audit_destroy_sensitive_data(void);
+void	audit_destroy_sensitive_data(const char *);
 
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit5	2011-02-09 22:33:51.000000000 +0100
-+++ openssh-5.8p1/audit-linux.c	2011-02-09 22:33:52.000000000 +0100
-@@ -231,4 +231,26 @@ audit_session_key_free_body(int ctos)
+--- openssh-5.8p1/audit-linux.c.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/audit-linux.c	2011-02-17 10:36:14.000000000 +0100
+@@ -301,4 +301,26 @@ audit_session_key_free_body(int ctos)
 		error("cannot write into audit");
 }
 
 +void
-+audit_destroy_sensitive_data(void)
+audit_destroy_sensitive_data(const char *fp)
 +{
 +	char buf[AUDIT_LOG_SIZE];
 +	int audit_fd, audit_ok;
 +
-+	snprintf(buf, sizeof(buf), "destroy kind=server direction=?");
+	snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp);
 +	audit_fd = audit_open();
 +	if (audit_fd < 0) {
 +		if (errno != EINVAL && errno != EPROTONOSUPPORT &&
@ -61,8 +61,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
 +			error("cannot open audit");
 +		return;
 +	}
-+	audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL,
-+			buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1);
+	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
+			buf, NULL, get_remote_ipaddr(), NULL, 1);
 +	audit_close(audit_fd);
 +	/* do not abort if the error is EPERM and sshd is run as non root user */
 +	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
@ -71,8 +71,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
 +
 #endif /* USE_LINUX_AUDIT */
 diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit5	2011-02-09 22:33:52.000000000 +0100
-+++ openssh-5.8p1/monitor.c	2011-02-09 22:33:52.000000000 +0100
+--- openssh-5.8p1/monitor.c.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/monitor.c	2011-02-17 10:36:14.000000000 +0100
@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer 
 int mm_answer_audit_unsupported_body(int, Buffer *);
 int mm_answer_audit_kex_body(int, Buffer *);
@ -113,7 +113,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -2272,4 +2277,15 @@ mm_answer_audit_session_key_free_body(in
+@@ -2272,4 +2277,20 @@ mm_answer_audit_session_key_free_body(in
 	mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
 	return 0;
 }
@ -121,7 +121,12 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
 +int
 +mm_answer_audit_server_key_free(int sock, Buffer *m)
 +{
-+	audit_destroy_sensitive_data();
+	int len;
+	char *fp;
+
+	fp = buffer_get_string(m, &len);
+
+	audit_destroy_sensitive_data(fp);
 +
 +	buffer_clear(m);
 +
@ -130,8 +135,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit5	2011-02-09 22:33:52.000000000 +0100
-+++ openssh-5.8p1/monitor.h	2011-02-09 22:33:52.000000000 +0100
+--- openssh-5.8p1/monitor.h.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/monitor.h	2011-02-17 10:36:14.000000000 +0100
@@ -69,6 +69,7 @@ enum monitor_reqtype {
 	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
 	MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
@ -141,19 +146,21 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
 
 struct mm_master;
 diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit5	2011-02-09 22:33:52.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.c	2011-02-09 22:33:52.000000000 +0100
-@@ -1459,4 +1459,16 @@ mm_audit_session_key_free_body(int ctos)
+--- openssh-5.8p1/monitor_wrap.c.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c	2011-02-17 10:36:14.000000000 +0100
+@@ -1459,4 +1459,18 @@ mm_audit_session_key_free_body(int ctos)
 				  &m);
 	buffer_free(&m);
 }
 +
 +void
-+mm_audit_destroy_sensitive_data(void)
+mm_audit_destroy_sensitive_data(const char *fp)
 +{
 +	Buffer m;
 +
 +	buffer_init(&m);
+	buffer_put_cstring(&m, fp);
+
 +	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
 +	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE,
 +				  &m);
@ -161,55 +168,108 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
 +}
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit5	2011-02-09 22:33:52.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.h	2011-02-09 22:33:52.000000000 +0100
+--- openssh-5.8p1/monitor_wrap.h.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h	2011-02-17 10:36:14.000000000 +0100
@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *);
 void mm_audit_unsupported_body(int);
 void mm_audit_kex_body(int, char *, char *, char *);
 void mm_audit_session_key_free_body(int);
-+void mm_audit_server_key_free_body(void);
+void mm_audit_destroy_sensitive_data(const char *);
 #endif
 
 struct Session;
 diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
 --- openssh-5.8p1/session.c.audit5	2010-12-01 02:02:59.000000000 +0100
-+++ openssh-5.8p1/session.c	2011-02-09 22:33:52.000000000 +0100
-@@ -1615,6 +1615,7 @@ do_child(Session *s, const char *command
+++ openssh-5.8p1/session.c	2011-02-17 10:36:14.000000000 +0100
+@@ -132,7 +132,7 @@ extern int log_stderr;
+ extern int debug_flag;
+ extern u_int utmp_len;
+ extern int startup_pipe;
+-extern void destroy_sensitive_data(void);
+extern void destroy_sensitive_data(int);
+ extern Buffer loginmsg;
+ 
+ /* original command from peer. */
+@@ -1614,7 +1614,7 @@ do_child(Session *s, const char *command
+ 	int r = 0;
 
 	/* remove hostkey from the child's memory */
- 	destroy_sensitive_data();
-+	PRIVSEP(audit_destroy_sensitive_data());
+-	destroy_sensitive_data();
+	destroy_sensitive_data(1);
 
 	/* Force a password change */
 	if (s->authctxt->force_pwchange) {
 diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit5	2011-02-09 22:33:52.000000000 +0100
-+++ openssh-5.8p1/sshd.c	2011-02-09 22:33:52.000000000 +0100
-@@ -579,6 +579,7 @@ demote_sensitive_data(void)
+--- openssh-5.8p1/sshd.c.audit5	2011-02-17 10:36:14.000000000 +0100
+++ openssh-5.8p1/sshd.c	2011-02-17 10:36:14.000000000 +0100
+@@ -253,7 +253,7 @@ Buffer loginmsg;
+ struct passwd *privsep_pw = NULL;
+ 
+ /* Prototypes for various functions defined later in this file. */
+-void destroy_sensitive_data(void);
+void destroy_sensitive_data(int);
+ void demote_sensitive_data(void);
+ 
+ static void do_ssh1_kex(void);
+@@ -534,7 +534,7 @@ sshd_exchange_identification(int sock_in
+ 
+ /* Destroy the host and server keys.  They will no longer be needed. */
+ void
+-destroy_sensitive_data(void)
+destroy_sensitive_data(int privsep)
+ {
+ 	int i;
+ 
+@@ -544,8 +544,16 @@ destroy_sensitive_data(void)
+ 	}
+ 	for (i = 0; i < options.num_host_key_files; i++) {
+ 		if (sensitive_data.host_keys[i]) {
+			char *fp;
+
+			fp = key_fingerprint(sensitive_data.host_keys[i],
+					     FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ 			key_free(sensitive_data.host_keys[i]);
+ 			sensitive_data.host_keys[i] = NULL;
+			if (privsep)
+				PRIVSEP(audit_destroy_sensitive_data(fp));
+			else
+				audit_destroy_sensitive_data(fp);
+ 		}
+ 		if (sensitive_data.host_certificates[i]) {
+ 			key_free(sensitive_data.host_certificates[i]);
+@@ -571,11 +579,17 @@ demote_sensitive_data(void)
+ 
+ 	for (i = 0; i < options.num_host_key_files; i++) {
+ 		if (sensitive_data.host_keys[i]) {
+			char *fp;
+
+			fp = key_fingerprint(sensitive_data.host_keys[i],
+					     FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ 			tmp = key_demote(sensitive_data.host_keys[i]);
+ 			key_free(sensitive_data.host_keys[i]);
+ 			sensitive_data.host_keys[i] = tmp;
+ 			if (tmp->type == KEY_RSA1)
+ 				sensitive_data.ssh1_host_key = tmp;
+			audit_destroy_sensitive_data(fp);
+			xfree(fp);
 		}
 		/* Certs do not need demotion */
 	}
-+	audit_destroy_sensitive_data();
- 
- 	/* We do not clear ssh1_host key and cookie.  XXX - Okay Niels? */
- }
-@@ -2023,8 +2024,10 @@ main(int ac, char **av)
- 	if (use_privsep) {
+@@ -2024,7 +2038,7 @@ main(int ac, char **av)
 		privsep_postauth(authctxt);
 		/* the monitor process [priv] will not return */
-		if (!compat20)
-+		if (!compat20) {
- 			destroy_sensitive_data();
-+			audit_destroy_sensitive_data();
-+		}
+ 		if (!compat20)
+-			destroy_sensitive_data();
+			destroy_sensitive_data(0);
 	}
 
 	packet_set_timeout(options.client_alive_interval,
-@@ -2265,6 +2268,7 @@ do_ssh1_kex(void)
+@@ -2264,7 +2278,7 @@ do_ssh1_kex(void)
+ 			session_id[i] = session_key[i] ^ session_key[i + 16];
 	}
 	/* Destroy the private and public keys. No longer. */
- 	destroy_sensitive_data();
-+	audit_destroy_sensitive_data();
+-	destroy_sensitive_data();
+	destroy_sensitive_data(0);
 
 	if (use_privsep)
 		mm_ssh1_session_id(session_id);
--- a/openssh.spec
+++ b/openssh.spec
@ -71,7 +71,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.8p1
-%define openssh_rel 3
+%define openssh_rel 4
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 30

@ -93,14 +93,16 @@ Source3: sshd.init
 Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
 Source5: pam_ssh_agent-rmheaders

-Patch100: openssh-5.6p1-wIm.patch
+Patch100: openssh-5.8p1-wIm.patch
 Patch0: openssh-5.6p1-redhat.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1402
 Patch1: openssh-5.8p1-audit1.patch
 Patch2: openssh-5.8p1-audit2.patch
+Patch102: openssh-5.8p1-audit2a.patch
 Patch3: openssh-5.8p1-audit3.patch
 Patch4: openssh-5.8p1-audit4.patch
 Patch5: openssh-5.8p1-audit5.patch
+Patch105: openssh-5.8p1-audit5a.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1640
 Patch9: openssh-5.8p1-vendor.patch
 # --- pam_ssh-agent ---
@ -286,9 +288,11 @@ The module is most useful for su and sudo service stacks.
 %patch0 -p1 -b .redhat
 %patch1 -p1 -b .audit1
 %patch2 -p1 -b .audit2
+%patch102 -p1 -b .audit2a
 %patch3 -p1 -b .audit3
 %patch4 -p1 -b .audit4
 %patch5 -p1 -b .audit5
+%patch105 -p1 -b .audit5a
 %patch9 -p1 -b .vendor
 %if %{pam_ssh_agent}
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -299,7 +303,9 @@ rm -f $(cat %{SOURCE5})
 popd
 %endif
 %patch20 -p1 -b .akc
+%if %{ldap}
 %patch21 -p1 -b .ldap
+%endif
 %if %{WITH_SELINUX}
 #SELinux
 %patch22 -p1 -b .selinux
@ -604,6 +610,9 @@ fi
 %endif

 %changelog
+* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30
+- improve audit of server ket management
+
 * Wed Feb 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-3 + 0.9.2-30
 - improve audit of logins and auths