another audit improovements

openssh-5.8p1-audit1a.patch

@@ -0,0 +1,15 @@
+diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c
+--- openssh-5.8p1/audit-linux.c.audit1a	2011-02-22 14:42:30.000000000 +0100
++++ openssh-5.8p1/audit-linux.c	2011-02-22 14:47:03.000000000 +0100
+@@ -199,6 +199,11 @@ audit_event(ssh_audit_event_t event)
+ 		break;
+ 
+ 	case SSH_CONNECTION_CLOSE:
++		if (user_login_count)
++			linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
++			    NULL, "ssh", 1, AUDIT_USER_LOGOUT);
++		break;
++
+ 	case SSH_CONNECTION_ABANDON:
+ 	case SSH_INVALID_USER:
+ 		linux_audit_user_logxxx(-1, audit_username(), NULL,

openssh-5.8p1-audit2.patch

@@ -1,6 +1,6 @@
 diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
 --- openssh-5.8p1/audit-bsm.c.audit2	2011-01-17 11:15:29.000000000 +0100
-+++ openssh-5.8p1/audit-bsm.c	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/audit-bsm.c	2011-02-22 14:04:27.000000000 +0100
 @@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li
  	/* not implemented */
  }
@@ -16,7 +16,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
  {
 diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
 --- openssh-5.8p1/audit.c.audit2	2011-01-17 11:15:30.000000000 +0100
-+++ openssh-5.8p1/audit.c	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/audit.c	2011-02-22 14:04:27.000000000 +0100
 @@ -36,6 +36,7 @@
  #include "key.h"
  #include "hostfile.h"
@@ -68,7 +68,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
  #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
 --- openssh-5.8p1/audit.h.audit2	2011-01-17 11:15:30.000000000 +0100
-+++ openssh-5.8p1/audit.h	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/audit.h	2011-02-22 14:04:27.000000000 +0100
 @@ -28,6 +28,7 @@
  # define _SSH_AUDIT_H
  
@@ -86,8 +86,8 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
  
  #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
---- openssh-5.8p1/audit-linux.c.audit2	2011-02-21 20:04:37.000000000 +0100
+--- openssh-5.8p1/audit-linux.c.audit2	2011-02-22 14:04:27.000000000 +0100
-+++ openssh-5.8p1/audit-linux.c	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/audit-linux.c	2011-02-22 14:05:28.000000000 +0100
 @@ -41,6 +41,8 @@
  #include "servconf.h"
  #include "canohost.h"
@@ -137,7 +137,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
  /* Below is the sshd audit API code */
 diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
 --- openssh-5.8p1/auth2-hostbased.c.audit2	2010-08-05 05:04:50.000000000 +0200
-+++ openssh-5.8p1/auth2-hostbased.c	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/auth2-hostbased.c	2011-02-22 14:04:27.000000000 +0100
 @@ -136,6 +136,18 @@ done:
  	return authenticated;
  }
@@ -159,7 +159,7 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
  hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
 diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
 --- openssh-5.8p1/auth2-pubkey.c.audit2	2010-12-01 01:50:14.000000000 +0100
-+++ openssh-5.8p1/auth2-pubkey.c	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/auth2-pubkey.c	2011-02-22 14:04:27.000000000 +0100
 @@ -177,6 +177,18 @@ done:
  	return authenticated;
  }
@@ -181,7 +181,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
  {
 diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
 --- openssh-5.8p1/auth.h.audit2	2010-05-10 03:58:03.000000000 +0200
-+++ openssh-5.8p1/auth.h	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/auth.h	2011-02-22 14:04:27.000000000 +0100
 @@ -170,6 +170,7 @@ void	abandon_challenge_response(Authctxt
  char	*authorized_keys_file(struct passwd *);
  char	*authorized_keys_file2(struct passwd *);
@@ -200,7 +200,7 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
  void	 auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
 diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
 --- openssh-5.8p1/auth-rsa.c.audit2	2010-12-04 23:01:47.000000000 +0100
-+++ openssh-5.8p1/auth-rsa.c	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/auth-rsa.c	2011-02-22 14:04:27.000000000 +0100
 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU
  {
  	u_char buf[32], mdbuf[16];
@@ -239,7 +239,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
  /*
 diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c
 --- openssh-5.8p1/monitor.c.audit2	2010-09-10 03:23:34.000000000 +0200
-+++ openssh-5.8p1/monitor.c	2011-02-21 20:04:37.000000000 +0100
++++ openssh-5.8p1/monitor.c	2011-02-22 14:04:27.000000000 +0100
 @@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m)
  	if (!valid_data)
  		fatal("%s: bad signature data blob", __func__);

openssh-5.8p1-wIm.patch

@@ -1,17 +1,18 @@
 diff -up openssh-5.8p1/log.h.wIm openssh-5.8p1/log.h
 --- openssh-5.8p1/log.h.wIm	2008-06-13 02:22:54.000000000 +0200
-+++ openssh-5.8p1/log.h	2011-02-17 11:41:51.000000000 +0100
++++ openssh-5.8p1/log.h	2011-02-22 09:21:58.000000000 +0100
-@@ -63,6 +63,7 @@ void     verbose(const char *, ...) __at
+@@ -63,6 +63,8 @@ void     verbose(const char *, ...) __at
  void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
  void     debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
  void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
-+void	 debug_wIm(const char *);
++void	 _debug_wIm_body(const char *, const char *);
++#define	debug_wIm(a) _debug_wIm_body(a,__func__)
  
  void	 do_log(LogLevel, const char *, va_list);
  void	 cleanup_exit(int) __attribute__((noreturn));
 diff -up openssh-5.8p1/Makefile.in.wIm openssh-5.8p1/Makefile.in
 --- openssh-5.8p1/Makefile.in.wIm	2011-02-04 01:42:13.000000000 +0100
-+++ openssh-5.8p1/Makefile.in	2011-02-17 11:44:05.000000000 +0100
++++ openssh-5.8p1/Makefile.in	2011-02-22 09:20:18.000000000 +0100
 @@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
  	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
  	compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
@@ -23,7 +24,7 @@ diff -up openssh-5.8p1/Makefile.in.wIm openssh-5.8p1/Makefile.in
  	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
 diff -up openssh-5.8p1/sshd.c.wIm openssh-5.8p1/sshd.c
 --- openssh-5.8p1/sshd.c.wIm	2011-01-11 07:20:31.000000000 +0100
-+++ openssh-5.8p1/sshd.c	2011-02-17 11:41:51.000000000 +0100
++++ openssh-5.8p1/sshd.c	2011-02-22 09:20:18.000000000 +0100
 @@ -139,6 +139,9 @@ int deny_severity;
  
  extern char *__progname;
@@ -60,15 +61,15 @@ diff -up openssh-5.8p1/sshd.c.wIm openssh-5.8p1/sshd.c
  	(void)set_auth_parameters(ac, av);
  #endif
 diff -up openssh-5.8p1/whereIam.c.wIm openssh-5.8p1/whereIam.c
---- openssh-5.8p1/whereIam.c.wIm	2011-02-17 11:41:51.000000000 +0100
+--- openssh-5.8p1/whereIam.c.wIm	2011-02-22 09:20:18.000000000 +0100
-+++ openssh-5.8p1/whereIam.c	2011-02-17 11:41:51.000000000 +0100
++++ openssh-5.8p1/whereIam.c	2011-02-22 09:24:01.000000000 +0100
 @@ -0,0 +1,9 @@
 +
 +int whereIam = -1;
 +
-+void debug_wIm(const char *txt)
++void _debug_wIm_body(const char *txt, const char *func)
 +{
-+	debug("%s: %s wIm = %d, euid=%d", txt, __func__, whereIam, geteuid());
++	debug("%s: %s wIm = %d, uid=%d, euid=%d", txt, func, whereIam, getuid(), geteuid());
 +}
 +
 +

openssh.spec

@@ -71,7 +71,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.8p1
-%define openssh_rel 5
+%define openssh_rel 6
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 30
 
@@ -616,7 +616,7 @@ fi
 %endif
 
 %changelog
-* Mon Feb 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-5 + 0.9.2-30
+* Tue Feb 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-6 + 0.9.2-30
 - another audit improovements
 
 * Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30