From 2c1a4adbdd8e87cbf0790ca3a3effbd73064e069 Mon Sep 17 00:00:00 2001 From: Jan F Date: Thu, 17 Feb 2011 17:54:23 +0100 Subject: [PATCH] improve audit of server ket management --- openssh-5.6p1-wIm.patch | 74 ----------------- openssh-5.8p1-audit1.patch | 2 +- openssh-5.8p1-audit3.patch | 62 +++++++------- openssh-5.8p1-audit4.patch | 69 ++++++++-------- openssh-5.8p1-audit5.patch | 162 +++++++++++++++++++++++++------------ openssh.spec | 13 ++- 6 files changed, 190 insertions(+), 192 deletions(-) delete mode 100644 openssh-5.6p1-wIm.patch diff --git a/openssh-5.6p1-wIm.patch b/openssh-5.6p1-wIm.patch deleted file mode 100644 index 2347f3d..0000000 --- a/openssh-5.6p1-wIm.patch +++ /dev/null @@ -1,74 +0,0 @@ -diff -up openssh-5.6p1/log.h.wIm openssh-5.6p1/log.h ---- openssh-5.6p1/log.h.wIm 2008-06-13 02:22:54.000000000 +0200 -+++ openssh-5.6p1/log.h 2011-01-11 10:35:32.000000000 +0100 -@@ -63,6 +63,7 @@ void verbose(const char *, ...) __at - void debug(const char *, ...) __attribute__((format(printf, 1, 2))); - void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); - void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); -+void debug_wIm(const char *); - - void do_log(LogLevel, const char *, va_list); - void cleanup_exit(int) __attribute__((noreturn)); -diff -up openssh-5.6p1/Makefile.in.wIm openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.wIm 2010-05-12 08:51:39.000000000 +0200 -+++ openssh-5.6p1/Makefile.in 2011-01-11 10:35:32.000000000 +0100 -@@ -69,7 +69,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b - cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ - compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ - log.o match.o md-sha256.o moduli.o nchan.o packet.o \ -- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ -+ readpass.o rsa.o ttymodes.o whereIam.o xmalloc.o addrmatch.o \ - atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ - monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ - kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \ -diff -up openssh-5.6p1/sshd.c.wIm openssh-5.6p1/sshd.c ---- openssh-5.6p1/sshd.c.wIm 2010-04-16 07:56:22.000000000 +0200 -+++ openssh-5.6p1/sshd.c 2011-01-11 10:35:32.000000000 +0100 -@@ -139,6 +139,9 @@ int deny_severity; - - extern char *__progname; - -+/* trace of fork processes */ -+extern int whereIam; -+ - /* Server configuration options. */ - ServerOptions options; - -@@ -652,6 +655,7 @@ privsep_preauth(Authctxt *authctxt) - } else { - /* child */ - -+ whereIam = 1; - close(pmonitor->m_sendfd); - - /* Demote the child */ -@@ -693,6 +697,7 @@ privsep_postauth(Authctxt *authctxt) - exit(0); - } - -+ whereIam = 2; - close(pmonitor->m_sendfd); - - /* Demote the private keys to public keys. */ -@@ -1299,6 +1304,8 @@ main(int ac, char **av) - Key *key; - Authctxt *authctxt; - -+ whereIam = 0; -+ - #ifdef HAVE_SECUREWARE - (void)set_auth_parameters(ac, av); - #endif -diff -up openssh-5.6p1/whereIam.c.wIm openssh-5.6p1/whereIam.c ---- openssh-5.6p1/whereIam.c.wIm 2011-01-11 10:35:32.000000000 +0100 -+++ openssh-5.6p1/whereIam.c 2011-01-11 10:35:32.000000000 +0100 -@@ -0,0 +1,9 @@ -+ -+int whereIam = -1; -+ -+void debug_wIm(const char *txt) -+{ -+ debug("%s: %s wIm = %d, euid=%d", txt, __func__, whereIam, geteuid()); -+} -+ -+ diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch index aba531e..51e4fae 100644 --- a/openssh-5.8p1-audit1.patch +++ b/openssh-5.8p1-audit1.patch @@ -45,7 +45,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c + "root denied", + "success", + "none", -+ "paasword", ++ "pasword", + "chalenge-response", + "pubkey", + "hostbased", diff --git a/openssh-5.8p1-audit3.patch b/openssh-5.8p1-audit3.patch index 1c7f1a4..66427be 100644 --- a/openssh-5.8p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit3 2011-02-09 21:51:19.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-09 21:51:19.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-17 15:09:38.000000000 +0100 @@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } @@ -19,18 +19,18 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit3 2011-02-09 21:51:19.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-09 21:51:19.000000000 +0100 +--- openssh-5.8p1/audit.c.audit3 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-17 15:10:27.000000000 +0100 @@ -36,6 +36,8 @@ #include "key.h" #include "hostfile.h" #include "auth.h" +#include "ssh-gss.h" +#include "monitor_wrap.h" + #include "xmalloc.h" /* - * Care must be taken when using this since it WILL NOT be initialized when -@@ -138,6 +140,18 @@ audit_key(int type, int *rv, const Key * +@@ -139,6 +141,18 @@ audit_key(int type, int *rv, const Key * xfree(fp); } @@ -49,7 +49,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -221,5 +235,24 @@ audit_keyusage(int host_user, const char +@@ -222,5 +236,24 @@ audit_keyusage(int host_user, const char debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv); } @@ -75,8 +75,8 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit3 2011-02-09 21:51:19.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-09 21:51:19.000000000 +0100 +--- openssh-5.8p1/audit.h.audit3 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-17 15:09:38.000000000 +0100 @@ -56,5 +56,9 @@ void audit_run_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); int audit_keyusage(int, const char *, unsigned, char *, int); @@ -88,8 +88,8 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit3 2011-02-09 21:51:19.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-09 21:51:19.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit3 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-17 15:09:38.000000000 +0100 @@ -36,6 +36,8 @@ #include "log.h" #include "audit.h" @@ -99,7 +99,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c #define AUDIT_LOG_SIZE 128 -@@ -156,4 +158,54 @@ audit_event(ssh_audit_event_t event) +@@ -223,4 +225,54 @@ audit_event(ssh_audit_event_t event) } } @@ -109,17 +109,17 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c +#ifdef AUDIT_CRYPTO_SESSION + char buf[AUDIT_LOG_SIZE]; + const static char *name[] = { "cipher", "mac", "comp" }; -+ int audit_fd, audit_ok; ++ int audit_fd; + -+ snprintf(buf, sizeof(buf), "unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d", ++ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d", + name[what], get_remote_port(), get_local_ipaddr(packet_get_connection_in()), + get_local_port()); + audit_fd = audit_open(); + if (audit_fd < 0) + /* no problem, the next instruction will be fatal() */ + return; -+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL, -+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 0); ++ audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION, ++ buf, NULL, get_remote_ipaddr(), NULL, 0); + audit_close(audit_fd); +#endif +} @@ -133,7 +133,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + const static char *direction[] = { "from-server", "from-client", "both" }; + Cipher *cipher = cipher_by_name(enc); + -+ snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d", ++ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d", + direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, + get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); + audit_fd = audit_open(); @@ -144,8 +144,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + else + fatal("cannot open audit"); /* Must prevent login */ + } -+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL, -+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1); ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION, ++ buf, NULL, get_remote_ipaddr(), NULL, 1); + audit_close(audit_fd); + /* do not abort if the error is EPERM and sshd is run as non root user */ + if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) @@ -155,8 +155,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit3 2011-02-09 21:51:19.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-09 21:51:19.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit3 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-17 15:09:38.000000000 +0100 @@ -0,0 +1,39 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -199,7 +199,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c + diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-17 15:09:38.000000000 +0100 @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); @@ -219,7 +219,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-17 15:09:38.000000000 +0100 @@ -61,7 +61,16 @@ typedef struct Cipher Cipher; typedef struct CipherContext CipherContext; @@ -240,7 +240,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h EVP_CIPHER_CTX evp; diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.c 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-17 15:09:38.000000000 +0100 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "monitor.h" @@ -305,7 +305,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-09 21:53:15.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-17 15:09:38.000000000 +0100 @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ @@ -316,8 +316,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit3 2011-02-09 21:51:19.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-09 21:51:19.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit3 2011-02-17 15:09:38.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-17 15:09:38.000000000 +0100 @@ -89,6 +89,7 @@ #include "ssh2.h" #include "jpake.h" @@ -414,7 +414,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h --- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-17 15:09:38.000000000 +0100 @@ -66,6 +66,8 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, @@ -426,7 +426,7 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c --- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-17 15:09:38.000000000 +0100 @@ -1412,3 +1412,38 @@ mm_jpake_check_confirm(const BIGNUM *k, return success; } @@ -468,7 +468,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h --- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-17 15:09:38.000000000 +0100 @@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *); #include "audit.h" void mm_audit_event(ssh_audit_event_t); @@ -480,7 +480,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c --- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-09 21:51:19.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-17 15:09:38.000000000 +0100 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index 1e03de4..f4d77f2 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-17 10:34:25.000000000 +0100 @@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ @@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/audit.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-17 10:34:25.000000000 +0100 @@ -152,6 +152,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); } @@ -43,8 +43,8 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/audit.h.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-17 10:34:25.000000000 +0100 @@ -60,5 +60,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); @@ -54,9 +54,9 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-09 22:24:22.000000000 +0100 -@@ -179,13 +179,14 @@ audit_unsupported_body(int what) +--- openssh-5.8p1/audit-linux.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-17 10:34:25.000000000 +0100 +@@ -246,13 +246,14 @@ audit_unsupported_body(int what) #endif } @@ -71,8 +71,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c - const static char *direction[] = { "from-server", "from-client", "both" }; Cipher *cipher = cipher_by_name(enc); - snprintf(buf, sizeof(buf), "start direction=%s cipher=%s, ksize=%d rport=%d laddr=%s lport=%d", -@@ -208,4 +209,26 @@ audit_kex_body(int ctos, char *enc, char + snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d", +@@ -275,4 +276,29 @@ audit_kex_body(int ctos, char *enc, char #endif } @@ -82,7 +82,10 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + -+ snprintf(buf, sizeof(buf), "destroy kind=session direction=%s", direction[ctos]); ++ snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d", ++ direction[ctos], get_remote_port(), ++ get_local_ipaddr(packet_get_connection_in()), ++ get_local_port()); + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno != EINVAL && errno != EPROTONOSUPPORT && @@ -90,8 +93,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + error("cannot open audit"); + return; + } -+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL, -+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1); ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, ++ buf, NULL, get_remote_ipaddr(), NULL, 1); + audit_close(audit_fd); + /* do not abort if the error is EPERM and sshd is run as non root user */ + if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) @@ -100,8 +103,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-17 10:34:25.000000000 +0100 @@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac { } @@ -111,8 +114,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +{ +} diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c ---- openssh-5.8p1/kex.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/kex.c 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/kex.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-17 10:34:25.000000000 +0100 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -150,7 +153,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c + diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.h 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-02-17 10:34:25.000000000 +0100 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -162,7 +165,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.8p1/mac.c 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-17 10:34:25.000000000 +0100 @@ -162,6 +162,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -186,15 +189,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c int diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.8p1/mac.h 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/mac.h 2011-02-17 10:34:25.000000000 +0100 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-17 10:34:25.000000000 +0100 @@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *) int mm_answer_audit_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); @@ -255,8 +258,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-17 10:34:25.000000000 +0100 @@ -68,6 +68,7 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -266,8 +269,8 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-17 10:34:25.000000000 +0100 @@ -1446,4 +1446,17 @@ mm_audit_kex_body(int ctos, char *cipher buffer_free(&m); @@ -287,8 +290,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-17 10:34:25.000000000 +0100 @@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t); void mm_audit_run_command(const char *); void mm_audit_unsupported_body(int); @@ -299,7 +302,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 -+++ openssh-5.8p1/packet.c 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/packet.c 2011-02-17 10:34:25.000000000 +0100 @@ -497,6 +497,7 @@ packet_close(void) } cipher_cleanup(&active_state->send_context); @@ -394,7 +397,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 -+++ openssh-5.8p1/packet.h 2011-02-09 22:24:22.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-02-17 10:34:25.000000000 +0100 @@ -125,4 +125,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); @@ -402,8 +405,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h +void packet_destroy_all(void); #endif /* PACKET_H */ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4 2011-02-09 22:24:22.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-09 22:24:22.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit4 2011-02-17 10:34:25.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-17 10:34:25.000000000 +0100 @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) return (0); } diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index 17f9cfd..f2ed6ef 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -1,20 +1,20 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5 2011-02-09 22:33:51.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-09 22:33:52.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-17 10:36:14.000000000 +0100 @@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos) { /* not implemented */ } + +void -+audit_destroy_sensitive_data(void) ++audit_destroy_sensitive_data(const char *fp) +{ + /* not implemented */ +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5 2011-02-09 22:33:51.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-09 22:33:52.000000000 +0100 +--- openssh-5.8p1/audit.c.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-17 10:36:14.000000000 +0100 @@ -268,5 +268,14 @@ audit_session_key_free_body(int ctos) { debug("audit session key discard euid %d direction %d", geteuid(), ctos); @@ -24,36 +24,36 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c + * This will be called on destroy private part of the server key + */ +void -+audit_destroy_sensitive_data(void) ++audit_destroy_sensitive_data(const char *fp) +{ -+ debug("audit destroy sensitive data euid %d", geteuid()); ++ debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp); +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5 2011-02-09 22:33:51.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-09 22:33:52.000000000 +0100 +--- openssh-5.8p1/audit.h.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-17 10:36:14.000000000 +0100 @@ -62,5 +62,6 @@ void audit_unsupported_body(int); void audit_kex_body(int, char *, char *, char *); void audit_session_key_free(int ctos); void audit_session_key_free_body(int ctos); -+void audit_destroy_sensitive_data(void); ++void audit_destroy_sensitive_data(const char *); #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5 2011-02-09 22:33:51.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-09 22:33:52.000000000 +0100 -@@ -231,4 +231,26 @@ audit_session_key_free_body(int ctos) +--- openssh-5.8p1/audit-linux.c.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-17 10:36:14.000000000 +0100 +@@ -301,4 +301,26 @@ audit_session_key_free_body(int ctos) error("cannot write into audit"); } +void -+audit_destroy_sensitive_data(void) ++audit_destroy_sensitive_data(const char *fp) +{ + char buf[AUDIT_LOG_SIZE]; + int audit_fd, audit_ok; + -+ snprintf(buf, sizeof(buf), "destroy kind=server direction=?"); ++ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp); + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno != EINVAL && errno != EPROTONOSUPPORT && @@ -61,8 +61,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c + error("cannot open audit"); + return; + } -+ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL, -+ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1); ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, ++ buf, NULL, get_remote_ipaddr(), NULL, 1); + audit_close(audit_fd); + /* do not abort if the error is EPERM and sshd is run as non root user */ + if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) @@ -71,8 +71,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5 2011-02-09 22:33:52.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-09 22:33:52.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-17 10:36:14.000000000 +0100 @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); @@ -113,7 +113,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2272,4 +2277,15 @@ mm_answer_audit_session_key_free_body(in +@@ -2272,4 +2277,20 @@ mm_answer_audit_session_key_free_body(in mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); return 0; } @@ -121,7 +121,12 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +int +mm_answer_audit_server_key_free(int sock, Buffer *m) +{ -+ audit_destroy_sensitive_data(); ++ int len; ++ char *fp; ++ ++ fp = buffer_get_string(m, &len); ++ ++ audit_destroy_sensitive_data(fp); + + buffer_clear(m); + @@ -130,8 +135,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit5 2011-02-09 22:33:52.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-09 22:33:52.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-17 10:36:14.000000000 +0100 @@ -69,6 +69,7 @@ enum monitor_reqtype { MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, @@ -141,19 +146,21 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-09 22:33:52.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-09 22:33:52.000000000 +0100 -@@ -1459,4 +1459,16 @@ mm_audit_session_key_free_body(int ctos) +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-17 10:36:14.000000000 +0100 +@@ -1459,4 +1459,18 @@ mm_audit_session_key_free_body(int ctos) &m); buffer_free(&m); } + +void -+mm_audit_destroy_sensitive_data(void) ++mm_audit_destroy_sensitive_data(const char *fp) +{ + Buffer m; + + buffer_init(&m); ++ buffer_put_cstring(&m, fp); ++ + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, + &m); @@ -161,55 +168,108 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-09 22:33:52.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-09 22:33:52.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-17 10:36:14.000000000 +0100 @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *); void mm_audit_session_key_free_body(int); -+void mm_audit_server_key_free_body(void); ++void mm_audit_destroy_sensitive_data(const char *); #endif struct Session; diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c --- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-09 22:33:52.000000000 +0100 -@@ -1615,6 +1615,7 @@ do_child(Session *s, const char *command ++++ openssh-5.8p1/session.c 2011-02-17 10:36:14.000000000 +0100 +@@ -132,7 +132,7 @@ extern int log_stderr; + extern int debug_flag; + extern u_int utmp_len; + extern int startup_pipe; +-extern void destroy_sensitive_data(void); ++extern void destroy_sensitive_data(int); + extern Buffer loginmsg; + + /* original command from peer. */ +@@ -1614,7 +1614,7 @@ do_child(Session *s, const char *command + int r = 0; /* remove hostkey from the child's memory */ - destroy_sensitive_data(); -+ PRIVSEP(audit_destroy_sensitive_data()); +- destroy_sensitive_data(); ++ destroy_sensitive_data(1); /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5 2011-02-09 22:33:52.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-09 22:33:52.000000000 +0100 -@@ -579,6 +579,7 @@ demote_sensitive_data(void) +--- openssh-5.8p1/sshd.c.audit5 2011-02-17 10:36:14.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-17 10:36:14.000000000 +0100 +@@ -253,7 +253,7 @@ Buffer loginmsg; + struct passwd *privsep_pw = NULL; + + /* Prototypes for various functions defined later in this file. */ +-void destroy_sensitive_data(void); ++void destroy_sensitive_data(int); + void demote_sensitive_data(void); + + static void do_ssh1_kex(void); +@@ -534,7 +534,7 @@ sshd_exchange_identification(int sock_in + + /* Destroy the host and server keys. They will no longer be needed. */ + void +-destroy_sensitive_data(void) ++destroy_sensitive_data(int privsep) + { + int i; + +@@ -544,8 +544,16 @@ destroy_sensitive_data(void) + } + for (i = 0; i < options.num_host_key_files; i++) { + if (sensitive_data.host_keys[i]) { ++ char *fp; ++ ++ fp = key_fingerprint(sensitive_data.host_keys[i], ++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); + key_free(sensitive_data.host_keys[i]); + sensitive_data.host_keys[i] = NULL; ++ if (privsep) ++ PRIVSEP(audit_destroy_sensitive_data(fp)); ++ else ++ audit_destroy_sensitive_data(fp); + } + if (sensitive_data.host_certificates[i]) { + key_free(sensitive_data.host_certificates[i]); +@@ -571,11 +579,17 @@ demote_sensitive_data(void) + + for (i = 0; i < options.num_host_key_files; i++) { + if (sensitive_data.host_keys[i]) { ++ char *fp; ++ ++ fp = key_fingerprint(sensitive_data.host_keys[i], ++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); + tmp = key_demote(sensitive_data.host_keys[i]); + key_free(sensitive_data.host_keys[i]); + sensitive_data.host_keys[i] = tmp; + if (tmp->type == KEY_RSA1) + sensitive_data.ssh1_host_key = tmp; ++ audit_destroy_sensitive_data(fp); ++ xfree(fp); } /* Certs do not need demotion */ } -+ audit_destroy_sensitive_data(); - - /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ - } -@@ -2023,8 +2024,10 @@ main(int ac, char **av) - if (use_privsep) { +@@ -2024,7 +2038,7 @@ main(int ac, char **av) privsep_postauth(authctxt); /* the monitor process [priv] will not return */ -- if (!compat20) -+ if (!compat20) { - destroy_sensitive_data(); -+ audit_destroy_sensitive_data(); -+ } + if (!compat20) +- destroy_sensitive_data(); ++ destroy_sensitive_data(0); } packet_set_timeout(options.client_alive_interval, -@@ -2265,6 +2268,7 @@ do_ssh1_kex(void) +@@ -2264,7 +2278,7 @@ do_ssh1_kex(void) + session_id[i] = session_key[i] ^ session_key[i + 16]; } /* Destroy the private and public keys. No longer. */ - destroy_sensitive_data(); -+ audit_destroy_sensitive_data(); +- destroy_sensitive_data(); ++ destroy_sensitive_data(0); if (use_privsep) mm_ssh1_session_id(session_id); diff --git a/openssh.spec b/openssh.spec index be2b0b8..643d43f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 3 +%define openssh_rel 4 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -93,14 +93,16 @@ Source3: sshd.init Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2 Source5: pam_ssh_agent-rmheaders -Patch100: openssh-5.6p1-wIm.patch +Patch100: openssh-5.8p1-wIm.patch Patch0: openssh-5.6p1-redhat.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Patch1: openssh-5.8p1-audit1.patch Patch2: openssh-5.8p1-audit2.patch +Patch102: openssh-5.8p1-audit2a.patch Patch3: openssh-5.8p1-audit3.patch Patch4: openssh-5.8p1-audit4.patch Patch5: openssh-5.8p1-audit5.patch +Patch105: openssh-5.8p1-audit5a.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 Patch9: openssh-5.8p1-vendor.patch # --- pam_ssh-agent --- @@ -286,9 +288,11 @@ The module is most useful for su and sudo service stacks. %patch0 -p1 -b .redhat %patch1 -p1 -b .audit1 %patch2 -p1 -b .audit2 +%patch102 -p1 -b .audit2a %patch3 -p1 -b .audit3 %patch4 -p1 -b .audit4 %patch5 -p1 -b .audit5 +%patch105 -p1 -b .audit5a %patch9 -p1 -b .vendor %if %{pam_ssh_agent} pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -299,7 +303,9 @@ rm -f $(cat %{SOURCE5}) popd %endif %patch20 -p1 -b .akc +%if %{ldap} %patch21 -p1 -b .ldap +%endif %if %{WITH_SELINUX} #SELinux %patch22 -p1 -b .selinux @@ -604,6 +610,9 @@ fi %endif %changelog +* Thu Feb 17 2011 Jan F. Chadima - 5.8p1-4 + 0.9.2-30 +- improve audit of server ket management + * Wed Feb 16 2011 Jan F. Chadima - 5.8p1-3 + 0.9.2-30 - improve audit of logins and auths